Easy Comment Spam Fix
October 24, 2004 | 
8 Comments
The other day I noticed that something had gone wrong with my comment form. I removed MT-Blacklist, which has been working well but not catching all the comment spam I get, and did a bit of diagnosis on my comment form.
I fixed it and while I was at it, I added a technique that Mike assured me would put an end to spam. Sure enough, he was right and I wanted to let y’all know. This fix has been around forever, but for some reason I never heard about it, figured I’d spread the word, just in case someone out there might be in the same boat.
It’s easy to do, all you need to do is ad a hidden variable to your comment form and a small bit of code to your MT-Comments.cgi file. The details can be found over at Burningbird.
Filed under: News
Comments
1. Nick Finck said:
This may be a little off topic, but I thought I would share. There are also a couple of techniques that can be used on FormMail which result in the same kind of thing. I have used them in the past and they seem to work pretty well to keep the spam out of your inbox.
Getting back to on-topic. I am curious as to why no one has created some kind of MovableType know issues and quick fixes site or database. It would be nice to have one site to go to where you can just search through the archives to find fixes or work-arounds for known issues such as what you mentioned here.
Posted on October 24, 2004 07:29 PM | #
2. Ste Grainer said:
That’s a good quick hack to keep out the spambots, but it won’t do any good for human spammers who use your form. That technique also wouldn’t be too difficult for spammers to circumvent if it becomes widespread. The key to its effectiveness is to make sure that every site uses a different name and value for the hidden form field - something that I think could be better emphasized on the original page. (I think most people will probably skim the article and just copy/paste the exact code unless they understand the basic premise behind it.)
Posted on October 25, 2004 07:34 AM | #
3. Dave P said:
I was thinking along the same line as Ste here…
All you’d have to do to defeat this, even in some sort of automatic way is simply read source and copy the “hidden” field into the submission engine.
Of course, you’d have to keep a list of which vars are used on which sites, but spammers seem to be a determined bunch.
Not that this won’t save you any heartache right now, but I wouldn’t expect it last for very long.
Posted on October 25, 2004 09:36 AM | #
4. Vinnie Garcia said:
I can safely say that this doesn’t work as well as you think. It will stop automated spammers for a little while but someone determined enough will still get spam on. Before you had a stock car. Now you have a car with The Club; it will keep people out that want to steal a car, but not people who want to steal your car. When I ran MT I did the same hidden form field fix and it stopped comment spam for about two weeks; after that I got more than ever. Now I just moderate every comment that comes my way. It sucks that I have to do that since it delays the flow of conversation, but it’s the only way that I’m assured of keeping my site spam-free.
Posted on October 26, 2004 06:22 AM | #
5. Keith said:
Vinnie – It does work as well as I say it does. Just not by itself. When I’ve got MT-Blacklist installed I had to go in and get rid of about 10 moderated comments a day. No I don’t have to do that. This catches the bulk of the spam and MT-Blacklist catches the rest.
As well I didn’t use the default variable, I made up one of my own. I plan on changing that every few weeks or so. That should keep ‘em guessing.
Posted on October 26, 2004 09:47 AM | #
6. Vinnie Garcia said:
That’s a pretty good plan then. I didn’t use the default variable either but they still got to me. Your solution might help stem the tide some more.Posted on October 26, 2004 04:53 PM | #
7. Martine la banlieusarde said:
An even simplier way of preventing comment spam (which, to my knowledge, is an automated process that starts by finding sites having the mt-comments.cgi file, and using it automatically without the spammer even visiting the site) is to change mt-comments.cgi to whatever-pleases-you.cgi and also change mt-config to reflect the new name.
Ta-da! No spam on my site for more than 3 months with this simple hack. :-)
Posted on October 29, 2004 05:04 AM | #
8. giełda samochodowa said:
Hi, I had also SPAM problem and I installed mt-blacklist! It�€™s a great comment-spam-filter? I use it for weeks and am perfectly happy with it.
Posted on August 21, 2005 10:21 PM | #
Comments are now closed