In an effort to curb the onslaught of comment spam, I renamed mt-comments.cgi, the file that is used for all comments. It’s not too hard to figure out the new name, but anything that makes it harder for someone to spam my blog that is easy for me to do is worth a try.
Elise Bauer put together an extensive set of instructions on how to avoid comment spam and renaming the cgi files that are often targeted by comment spammers was one of her suggestions.
I wrote the above two paragraphs a few weeks ago, and I just got hit with some of the most extensive comment spam I’ve ever encountered. Renaming the CGI didn’t help much after all. The first batch had about 250 comments and the other had 53. They both spoofed the IP address on every comment and delayed each comment to keep the comment throttling code from stopping them. They used the same domain so I was able to remove all the comments by adding it to the blacklist but it’s frustrating that they are fine-tuning their comment spamming techniques to get around the roadblocks I have in place.
It reminds me of a guy I heard about who has been writing fake checks for $2490. Why such an odd amount? Because banks only check signatures on checks over $2500. He knew how the system worked and got as much money as he could without putting himself at a higher risk of being caught and stopped. He’s made over $11,000 in the past few months.
We need to keep changing our strategies to foil those of the comment spammers. I prefer the idea of finding out where they live and filling their homes with fresh cow manure, but that’s just me.
What version of MT are you using? Definitely upgrade to 3.1 and then install the MT-Blacklist plugin. It’s a lifesaver, I promise.
I’m still using 2.661 because I have too many authors and blogs to use 3.1 for free, and I’m not willing to pay the money they’re asking for the product. I’m still considering a move to WordPress.
wow… I didn’t realize that you had more than one author dan! :o
I always wanted to get MT 2.6 but never really found it :-/
WordPress… yes I’m thinking of making a move aswell… (and I bet I will stop myself at last minute :P)
I don’t have more than one author on this blog, but I do on several other blogs I run, and I don’t want to be straddling two different versions. I’m either going all in or not at all.
Lately, the comment spam has just gotten downright annoying. Over the holiday weekend I found myself checking the site from time to time just to see if I’d been hit. I think I’ll start looking into the WordPress transfer.
I made a few changes to the Comments.pm file, and since then not a single comment spammer has managed to have a comment appear on my blog. Basically, I made it so that anyone who had previously posted an approved comment using a name, e-mail, and URL combination would be automatically approved, but all other comments had to be approved manually. This works for me since the vast majority of legit comments I receive are from people who have previously posted comments.
Eric: That’s a good idea, except I have some entries that tend to get a lot of comments from people who have never commented before. As long as I were to stay on top of it I guess it wouldn’t be too bad.