Comment spam is getting to be a big problem around here, although I’m probably still on the low-to-moderate end of the scale in terms of how much spam I get on the site.
I already use MT-Blacklist, which works very well, but spammers stay a couple steps ahead of it, so it can’t catch everything. I need futher protection.
I’m going to slowly roll out a few changes around here, in an effort to keep it down. Most of these changes are borrowed from an entry on Elise Bauer’s excellent Learning Movable Type blog. In no particular order, here are the changes I’m planning (these are adapted from Elise’s entry, so visit the link above to read more):
1. Close old comments. I’ll probably do this first. I’ve been going back through archived entries, slowly, and checking links, adding titles (to old, title-less Blogger entries that I imported into MT), and categorizing posts anyway, so it’s trivial to close off old posts to commenting as I go. Also, Elise links to an MT plugin that’ll do the work automatically, so when I get closer to present-day entries, I’ll probably do that.
2. Don’t use popup comments. Apparently, it’s easier for spammers to hack a commenting feature if you use those little popup boxes for comments. What will happen after the change is that when you click the comments link on an entry, you’ll go to the individual archive page for that entry, where you can leave a comment. (for example)
3. Force preview before allowing comment submissions. This will make commenters preview their words before posting. I’m undecided on this one. Yeah, it’s an extra hurdle for the bad guys, but it’s also an extra hurdle for the good guys. In the same way that I won’t take away anyone’s right to say “Viagra” on my comments just because some spammers misuse the word, I’m reluctant to make it even a little harder to post here just to thwart spammers.
4. Implement TypeKey authentication for comments. This will make people register with TypeKey before they can comment here. Again, I’m undecided. On the one hand, registration is another hoop to jump through before someone can comment, and there’s no guarantee that spammers aren’t gaming TypeKey anyway. On the other hand, having a TypeKey ID actually makes it easier to post on a variety of blogs that support TypeKey. You log in to your TypeKey account, and TypeKey-supported blogs will recognize you automatically, saving you from entering your personal information for every blog you comment on. I would actually enjoy this advantage of TypeKey, so it might be worth implementing here. However, TypeKey requires MT 3.x, which I’ve not yet installed.
So there you have it. Expect to see old comments closed off starting this week. Other changes will take more time to implement.