My tiny blog (less than 50 hits a day, and most of those are just looking for info on decrypting DVD css) started getting comment spam within the last month or so. Installed MT-Blacklist, and the spam has trickled to a very minor annoyance. I threw a few dollars Jay Allen's way, but apparently MovableType came to their senses, and hired Jay. So that's cool.
I'm sure the econ professor I should have had, aka Brad DeLong, gets a lot more traffic, but seems like MT-Blacklist is working for him as well...
Brad DeLong's Semi-Daily Journal: A Weblog: Major Combat Operations Against Comment Spam Are Completed--Not!Two comments. First, Jay Allen's MT Blacklist is an amazing program. Everyone who uses Movable Type and suffers from comment spam should install it.
From the comments at Brad DeLong's MT-Blacklist post.
Brad DeLong's Semi-Daily Journal: A Weblog: Major Combat Operations Against Comment Spam Are Completed--Not!- Jay Allen.
“I'll go further and state that the real responsibility lies with Movable Type, which, for all its other fine qualities, has had very little thought put into comment management.”
I agree! And it's one thing I intend to fix as Product Manager. In all fairness though, Six Apart has put a hell of a lot of work into a seriously powerful and exstensible API framework with which a plugin author could do anything they want including making a killer anti-spam plugin (*ahem* :-).
If you think about it for a second, making a program extensible by the world of developers is far more important than any handful of features a company could put in. If you were a small startup with limited resources, it's probably the smartest thing you could do.
“For example, as others have alluded to, it ought to be impossible to post a comment without first doing a preview of it - the importance of this is that it puts an end to blind IP spoofing, as a fake IP address will be unable to respond to the server's message.”
Both comments and trackbacks should require two-way communication. Today they do not.
“Another example of MT's failings is that it has neither inbuilt CAPTCHA facilities nor a default capacity to close older posts to comments, meaning that anyone who's been blogging long enough will be vulnerable to having his or her archives splattered with all sorts of filth.”
I consider both things harmful. The CAPTCHA is an accessibility nightmare of which sadly I played a hand in creating[1]. Closing comments, as I alluded to before, creates stagnation in the web and prevents the correction of obsolete and potentially harmful information.
“The only spam control mechanism MT does provide by default is IP banning, but this is stupid in the extreme, not just because most people are behind dynamic IP addresses, but because IP addresses are so easy to fake”
I couldn't agree more[2], especially without requiring two-way communication for user submissions.
(Brad, why can't I link? Also, your comment throttle must be set at an hour, because I still got throttled despite typing this long post. :-)
[1] - http://www.jayallen.org/comment_spam/2004/06/a_small_sabbatical#comment-7845
[2] - http://www.jayallen.org/comment_spam/2004/05/mtb_20_and_ip_banning