Update - I’ve gotten 8 more of these non blacklistable comment spams since I made this post. Apparently my little random letter doohickey didn’t do the trick. I think I need to go ahead and upgrade to MT 3.2. In the mean time, I’ll be deleting comments. Argh.

I’ve been having a lot of comment spam slipping past MTBlacklist lately and the bummer is that most of it is non-blacklistable. If you have a blog, you’ve probably seen a lot of it too. Comments like this:

Interesting site, and very organized too. Good work. About a year ago I started: http://matrixsynth.com/blog/index.php/2005/09/06/ exclusively_analogue_sequencer_on_the_ba_1 , hours drive from where

and this:

It’s been a long time since I so enjoyed reading posts in the net. Two thumbs up! Naked truth: http://www.andrewsblog.net/?p=40 , Extensive methods for this

These comments usually have a generic sounding and random name like Christopher Freeman, Thomas Davis, or Jacob Chapman. The email address is always a random first name at msn, gmail, or yahoo. And the link is always to a real blog entry at a real blog, like Marco’s Mint Review. I’m not sure if this is some backwards way of linking to sites that link to sites of linkspammers to increase google rank, or if they’re just trying to piss off people like me who are using off-the-shelf spam prevention measures. Either way, I’m pissed off.

I wanted to come up with a custom, but easy to setup/change spam blocking solution that didn’t require my visitors to go through some drawn-out authorization or a separate comment preview. My original idea was to have visitors type a random word. I figured somebody had to have already done this, so I Googled around and found this post. Their solution was simple. Look for the code in (mt cgi folder)/lib/MT/App/Comments.pm that validates whether the text field is populated and add another if statement that checks to see if a new text box contains the secret letter. That filled most of my requirements, but I wanted to have a question whose answer wasn’t hard coded on to the comments.pm file, and I wanted a question wasn’t static. I added a little php to my individual archive pages to generate a random letter:

$spoon = mt_rand(0, 25);
$alphabetSoup = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomLetter = $alphabetSoup[$spoon];

I then added two new inputs to my comment form. One was the textbox for the user to enter a letter, and one was a hidden field, both with a value populated with $randomLetter. I know, I know…this isn’t so secure, but if it stops all comment spam for a week, I’ll be happy. When (if?) I do get comment spam again, I’ll be ready to change it again. Now that I’ve got this authentication built in, I can think of all kinds of fun ways to change it to throw off the commentspam engines. Until then…it’s late, Amy just finished her homework (Yes, she was working on homework till midnight on Sunday.), and I think we’re off to bed.