August 2, 2007

Blog Spam

I've been hit with a lot of spam on my blog recently (about 3/hour).

I tried a few things, like changing the name of the script that posts comments, but it only worked for a few hours.

I read this article in search of a better solution.

I followed a link for a CAPTCHA approach, but it took me to a list of Movable Type plug-ins instead of directly to the CAPTCHA plug-in.

In searching through the list of plug-ins, I found Comment Challenge. I decided to give it a try. It was easy to setup and it looks like it will do what I need. Now when you post a comment, the comment won't go anywhere until you type in a phrase at the bottom.

I'm curious if this works for everybody. I haven't gotten any spam in the last hour, so it seems to be working. I also haven't gotten any real comments, so it might be a bit overzealous. 

I want to know if it stops real people from posting. So give it a shot! Post a comment!


Comments (11)

John Roquemore:

Hey nice shot of spam!! ;-)

Wouldn't it be better to randomize the comment challenge phrase? If it's the same every time (I'm posting this comment to test it), couldn't someone make a script to either fill in the same phrase automatically, or scan for something between the words Type and below, copy and paste?

You are right...this system is easy to bypass once you know the phrase.

I'm using security through obscurity. Spammers are going after the standard movable type install...it is not worth their time to go after a few guys like me that require them to modify their spambot scripts.

So far so good...4 hours and no spam. I won't worry about it until I start getting spam again.


So your saying that posting your blog url and email address had a negative effect?


Plus, no one would ever guess "not spam". How about making it "this IS spam"? Should confuse a few people, spammers and legitimate posters alike.


I'd say it is an annoyance more than a "negative effect"...and it looks like this easy fix got rid of the issue (6.5 hours without any spam now).

My blog is the #1 hit on google for David Lenihan.

That means it is easy for people to find my blog.

It also means it is easy for spammers to find me.

I don't have any regrets...and if I have a problem, I could always switch to a password protected version...don't see that happening, though.


You give spambots too much credit. They don't actually read your blog! They just run a script that 99% of the time will successfully post a comment. I now am in the 1%/too much trouble category.



You give ME too much credit.

Wow. It seems my comments didn't make it through. Keep getting a time out from your site.

So 24 hours later and not a single spam message (I was averaging about 60+ a day). It looks like this is working well...except for spammers and kelvin.

Hmmmm....something you want to tell us kelvin. I'll take your lack of a reply to mean my spam filter got you again!

Send me email at blog@davidlenihan.com if your comments aren't showing up here.


You are the first person I've heard having problems. Can you post a few more times to see if time heals all? Not sure what I can do on my end to fix it!

This may be more of an issue with my new internet provider, or perhaps something that has gummed up my system (for the last two days, every time I click a link inside Outlook, whether it be RSS feed or HTML email, I get a "cannot find file" alert. Of course, the link is valid, and does indeed open inside Mozilla, so I don't know why Outlook suddenly has heartburn over this.)

Since I did get at least one comment through, there's no need to worry. Now if you could just loan me $20,000 so I could help out this nice fellow in Nigeria...

