« Assumptions and queries | Main | Father's Day plus assorted miscellany »

Comment spam update

| 1 Comment

I've been meaning to mention for a couple weeks that I seem to have found a good solution, for now at least, for comment spam in this journal.

The solution turns out to consist of two parts:

  • Most importantly, I changed the name of Movable Type's comment script. I had thought about doing this early on, but became convinced that it wouldn't help, because it's very easy for a comment-spam-bot to figure out the name of the comment script and use it. But it turns out that about 90% of the comment-spam-bots out there don't bother doing that. They see that I'm using MT, they try the standard comment script name, and when that doesn't work they move on. This one change has reduced my comment spam that isn't caught by MT's filters by at least 90%. I'm now getting about 150 spam comments (that are marked as spam by the filters) a day; at peak, a few weeks back, I think I was getting literally ten times that number.
  • For the spam comments that do make it past the filter (which at the moment are almost entirely cryptic messages that insert a five-digit number into a normal English sentence; I'm guessing it's a text-messaging thing), my new system for moderating comments on entries more than two weeks old has an almost perfect record. Which is to say, I don't think more than a handful of spam comments that have gotten through my filter have been posted on entries less than two weeks old. So by moderating older entries, I can let unpublished spam comments accumulate until I had time to delete 'em.

The result of all this is that I spend a lot less time cleaning up after spammers, and get a lot less frustrated by the ones I do have to clean up after.

Unfortunately, I'm not sure how long this will last. When I first changed the comment-script name, spam volume dropped to about one piece of spam an hour. Now it's back up to averaging about six an hour; still a lot less than it used to be, but a fairly big increase over the low-volume mark. So it's possible that over time, more spambots will get clever about figuring out the script name.

(Every time I think about this stuff, I think about how much harder it would be to block comment spam if the spammers were cleverer. Given a basic spambot implementation, I could very easily make it produce spam that would be much harder to block and much harder for even a human to instantly recognize as spam. I'm not going to post my ideas here, on the off chance that a spammer wanders through, but they're pretty straightforward ideas; I imagine that spammers will come up with them sooner or later.)

Anyway, for the time being, I'm a lot happier about the spam situation than I was a few weeks ago.

It also helps that Dan and Vardibidian and Mary Anne all took me up on my offer to turn off commenting capabilities on older entries in their journals, which has cut comment spam (of the sort that gets through my filters, anyway) to near zero on their journals as well.

Yay for successful anti-spam measures!

1 Comment

Have you tried the Akismet plugin? It's the one that comes with WordPress, and they're porting it to other apps. It works REALLY well in WP; I imagine the MT version equally wonderful.