OK, I've been blogspammed. I've now had three comments added to my blog which advertised spectacular medical opportunities. I know the IP address of each (e.g. 62.99.209.54), but I haven't yet done the spelunking required to find out if its coming from a business or (more likely) from a compromised PC somewhere.
The obvious fix would be to fix the "add comment" module of MT to require interactive validation to enter a comment. (E.g. type back a code displayed as a JPEG.) I'm going to investigate what's online at Blogspam and I'll report back.
Posted by geoff2 at April 6, 2004 09:16 PMA guy called James Seng has an update for MT that does what I want. However it depends on the installation of a particular Perl module and associated library, so I'm going to check in with the guys at Logjamming to see if it's doable.
Posted by: Geoff at April 6, 2004 10:03 PMNot surprisingly it turns out that the IP addresses are "unassigned". Source spoofing... if only ISPs filtered on source address.
Posted by: Geoff at April 7, 2004 12:19 AMI stumbled across one of the mechanisms suggested at http://www.blogspam.org/solutions.html by accident - rename your comment script. For better editing performance I reconfigured my blog to use mod_perl, which had the side-effect of renaming the comment script. As a result I don't get any bot-generated comment spam any more - although I do still get the occasional moron-generated one ;-) I know the MT development folks are working on this - see http://www.sixapart.com/log/2003/10/comment_spam.shtml. It seems that for the 3.0 release they're going down the path of requiring registration to post comments (see http://www.movabletype.org/news/2004_03.shtml#000912), which I'm not personally too fond of.
Posted by: Alan Burlison at April 7, 2004 01:47 AMI use MT-Blacklist for my comment spam. It's a pretty good solution for the time being. It works as a plugin to MT and installation/administration is easy.
http://www.jayallen.org/projects/mt-blacklist/
Supposedly, this sort of blacklist functionality is going to be in MT 3.0. Or maybe a better way of dealing with it? I'm waiting with bated breath.
Posted by: RageEar at April 7, 2004 09:11 AM