McFilter

The Web as filtered (and hopefully enriched ;-) by Adrian McEwen

Less Comment Spam

The MT-Bayesian module has been doing a great job of stopping spam comments from getting onto my blog, but I still have to delete them. Although they aren’t displayed, they’re still counted in the four most recent comments on the main page and, until deleted, they oust real comments from the main page.

So, following this top tip from Mr. Sevitz, I’ve added a new question to the comments box, which must be answered (one way or the other…)

I’m assuming that the spammers aren’t going to bother working out how to get round it for me, and will just move onto the next blog on their list - the good old security through obscurity ploy. We’ll see how it goes.

Update: I’ve just tweaked the initial detection in mt-comments.cgi because some of the spammers use GET rather than POST, so my mt-comments.cgi has this at the start… <pre>
# $Id: mt-comments.cgi,v 1.34 2003/02/12 01:05:31 btrott Exp $
use strict;

#### AMc - Start of hack to reduce comment spam
use CGI qw(:standard);

if ( defined(param('text')) ) {
my $data = param('<insert new form parameter here>');
die unless( ($data) && defined($ENV{'HTTP_REFERER'}) );
}
#### End of hack

my($MT_DIR);
BEGIN {</pre>

Update #2: I suspect ‘bakecookie’ isn’t the best form field to use, as I’ve just got two more spam comments, but as both were POSTs I can’t see exactly what parameters were passed in. Now updated to use the presence of ‘text’ form field as an indicator of a submitted comment (seeing as comment spam isn’t much use without that field). We’ll see.

Update #3: Another few spams got through today (although 30-odd didn’t) as they’re parsing the comments form. Most of them at least have the honesty to pick “Yes” on the “Are you a spammer” question, presumably because it’s the first answer they find. I did think about disallowing comments from people who say they’re a spammer, but decided that the lack of a referrer URL was a better solution. I’ve updated the script above to include the referrer check. I still haven’t renamed mt-comments.cgi, but that’s just ‘cos it’ll require checking everywhere it’s referenced, so I’ve gone for the quicker fix. When the spammers start sending a referrer URL, I’ll take the trouble to do it.

Update #4: Elise has an excellent introduction to comment spam including further counter-measures.

16 August 2004

This page is part of Adrian McEwen's blog, McFilter. Explore more in the category pages or archives below.

Subscribe to updates with the RSS feed (what's an RSS feed?)