So I upgraded Movable Type about two months ago, and for the most part, I think the version I’m using right now is great. However, it quickly became clear that my preferred spam fighting solution, CCode, was not working correctly, and indeed, it was messing up all of the fancy new authentication methods that MT was implementing. So I had to remove that and update the comment form code to reflect the new functionality. That seemed to go swimmingly, but due to a combination of factors, I’ve discovered a veritable plethora of spam comments pouring into my system.
The way it was set up was that anonymous comments end up being stored in “pending” status, meaning that I need to approve it before it shows up on the site. The tricky part there is that the default way MT displays comments when I log in doesn’t register “pending” comments, so I never noticed that the spambots were quickly rediscovering my blog and having their way with my comment system.
Now, this isn’t and hasn’t ever been a particularly popular blog, so it’s not uncommon to see a lack of comments. That being said, I began to get a bit suspicious after over a month with no comments. So I took a closer look and found 11,000 pending comments in the system. The grand majority of these were placed in the past couple of weeks, and looking at the comments shows an interesting progression from the time I upgraded to the present. At first, only a couple of comments were submitted per day, then a few more, then a dozen, then a few dozen, then hundreds, and recently it’s been in the thousands. So a few hours ago, I turned off anonymous comments, which effectively muted the spam, but which I suppose also presents more of a hurdle towards casual or new readers.
The great thing about CCode was that it was completely transparent to everyone but the spammers. It stopped spam cold, but visitors to my site didn’t have to do anything differently (except that their browser had to be javascript enabled, which is hardly a big hurdle for, well, just about anyone) and I didn’t have to wade through thousands of spam submissions. It would be really nice if the developer who originally wrote CCode (or someone else) would update it to work with MT5, but it doesn’t look like it’s been updated since 2007, so I’m guessing that won’t happen anytime soon.
All of which is to say that if you submitted a comment in the past month or two, it may be deleted in the great purge I’m about to implement here. Sorry about that. Also, you may see some funkiness happening with the comment forms below. If you have a Google or Yahoo account (among a few others), you should be able to use that to comment for now. I’m trying to figure out a way to reinstate anonymous commenting without resorting to CAPTCHAs or other intrusive methods, but it will most likely be slow going.
In any case, I’ll leave you with my favorite piece of spam from this latest attack:
I tried to publish a comment previously, but it has not shown up. I think your spam filter may be broken?
This would be hysterical if it wasn’t so annoying…