comments off for now

So I had planned to blog a bit 'for real' today but maybe that time is past: I spent most of my "alloted" blogging time (and then some) deleting spam comments. Twice in the last week d2r has been under what has to be described as a massive spam attack. A bot systematically going through every page (loading information with a Mozilla client ID so that it looks as if there was a read before posting a comment, and probably scanning the page for the comment ID) and then posting garbage to up the ranking of whatever crap of the day they're selling.

The way to stop it has been to simply remove, for now, the comment script as I look for a solution. I've found several, mostly directed towards mysql backends (which I don't use, maybe I should) but always when trying them something doesn't quite work. Also, I don't want to spend much time looking for a solution (probably switching to a faster server is part of that).

One thing I was thinking is that these scripts obviously have to rely on standard MT configurations to be effective. This means fields IDs, form name, things of that nature. Before, I could stop them by changing the name of the comment script, but they have (predictably, I might add) adapted to that by scanning the page before posting. But if the comment form uses names for the fields that are non-standard, as well as pointing to a different URL, I think the only way to post comments should be at the webpage itself, by a person that can recognize the form, since the elements that allow scripts to recognize them automatically wouldn't be there. I recoil at the idea of digging through the MT sources to find that, but maybe I'll do it. Certainly MT could come with a screen to configure the names for your setup, in that way every blog would have its own form names and format and it would be, I think, quite difficult to post comments automatically.

A simple concept, but I think it should work, no?

Categories: technology
Posted by diego on August 16 2004 at 8:57 PM

