Fighting comment spam

Comment spam is getting to be a big problem around here, although I’m probably still on the low-to-moderate end of the scale in terms of how much spam I get on the site.

I already use MT-Blacklist, which works very well, but spammers stay a couple steps ahead of it, so it can’t catch everything. I need futher protection.

I’m going to slowly roll out a few changes around here, in an effort to keep it down. Most of these changes are borrowed from an entry on Elise Bauer’s excellent Learning Movable Type blog. In no particular order, here are the changes I’m planning (these are adapted from Elise’s entry, so visit the link above to read more):

1. Close old comments. I’ll probably do this first. I’ve been going back through archived entries, slowly, and checking links, adding titles (to old, title-less Blogger entries that I imported into MT), and categorizing posts anyway, so it’s trivial to close off old posts to commenting as I go. Also, Elise links to an MT plugin that’ll do the work automatically, so when I get closer to present-day entries, I’ll probably do that.

2. Don’t use popup comments. Apparently, it’s easier for spammers to hack a commenting feature if you use those little popup boxes for comments. What will happen after the change is that when you click the comments link on an entry, you’ll go to the individual archive page for that entry, where you can leave a comment. (for example)

3. Force preview before allowing comment submissions. This will make commenters preview their words before posting. I’m undecided on this one. Yeah, it’s an extra hurdle for the bad guys, but it’s also an extra hurdle for the good guys. In the same way that I won’t take away anyone’s right to say “Viagra” on my comments just because some spammers misuse the word, I’m reluctant to make it even a little harder to post here just to thwart spammers.

4. Implement TypeKey authentication for comments. This will make people register with TypeKey before they can comment here. Again, I’m undecided. On the one hand, registration is another hoop to jump through before someone can comment, and there’s no guarantee that spammers aren’t gaming TypeKey anyway. On the other hand, having a TypeKey ID actually makes it easier to post on a variety of blogs that support TypeKey. You log in to your TypeKey account, and TypeKey-supported blogs will recognize you automatically, saving you from entering your personal information for every blog you comment on. I would actually enjoy this advantage of TypeKey, so it might be worth implementing here. However, TypeKey requires MT 3.x, which I’ve not yet installed.

So there you have it. Expect to see old comments closed off starting this week. Other changes will take more time to implement.


2 thoughts on “Fighting comment spam

  1. Interesting. i shut down comments for a month and it has been better since i turned them back on.

    Merry set me up for MT Blacklist a while back, but i didn’t do anything yet, or figure out if i need to do anything. You know.

  2. Oddly enough I’ve had a blog for over 3-4 years now, and have never had comment spam. But, the second I set sciencegrrl up with a blog on my site, she got slammed. I still haven’t gotten comment spam on my blog.

Comments are closed.