Blog Housekeeping and Comment Spam
Update, May 13, 2009: For some reason this 4 year old post is still one of the most popular on my site. I switched to WordPress years ago, so the information below about Movable Type is no longer relevant. For spam protection in WordPress, I’ve found WP-reCAPTCHA (for comment spam), my own Deko Boko plugin (for contact form spam) and the Bad Behavior plugin to be an effective combination.
I just upgraded to Movable Type 3.15 due to a major email security flaw.
A few folks noticed last week that I added TypeKey registration as a requirement for posting comments. I did this because I was getting hundreds of spam comments daily (even though I have comment moderation turned on, I still had the chore of deleting them every day).
Pat W turned me on to some ways to counter spam comments without having to resort to the heavy-handedness of TypeKey. So I’ve removed the TypeKey registration requirement, and I’ve implemented what I think will prove to be an effective spam deterrent, but I’m not going to say what it is, lest the spammers are reading!
At least one spammer actually does pay attention to my blog. I know because he actually sent me a nasty email and posted a bunch of lewd stuff in my Big Country poll after I activated the TypeKey registration requirement (he didn’t identify himself as a comment spammer, but I could tell who it was because he used the same fake email account name that he used in his comment spam). How dare I deny him a place to post his spam!
What an ass. “How dare you keep me from stealing space on your blog to advertise porn and gambling!” Sheesh.
Just a heads-up to a fellow Movable Type user: comment spam is no longer your only problem. A vulnerability has been found that allows spammers to use your mt-comments.cgi script to send e-mail spam to whomever they please. See this post I made on the subject for more information and a fix: http://www.adammessinger.com/2005/01/24/mt-spam-zombie
I like systems that send you a mail with a link you have to hit to activate your post…
oh well. guess that isn’t what you used after all. 🙂