Pick A Bar

February 14, 2005

Fighting Comment Spam Without MT-Blacklist

If you don't run your own blog, you probably haven't heard about comment spam yet. Well, some sleazy people have started bombarding blogs with fake comments including links to online casinos and illegal pharmacies. Why do they do it? Well, apart from having no souls they want Google Juice. Every link to their site, even fake blog comments, increases their ranking in google. I've been getting about 50 a day for the last few months. One day I got four hundred.

A new HTML attribute, "rel='nofollow'" has been released to take away the google juice that the spammers lust after. It may stop the flood somewhat, but it's unlikely to really stem it. Why? For the same reason that I get at least ten cialis enlargement spam emails a day...it's so cheap that it's worth it for the spammers even if it only works in one out of a hundred cases.

There is another great technique for stopping the spam on Movable Type powered blogs (like pickabar), the MT-Blacklist plugin, which prevents comments that include junk keywords like "texas holdem" using regular expressions and a text file with a list of verboten words. Unfortunately, the current builds of MT-Blacklist don't work on Movable Type installations running on windows. Those unix guys really hate backslashes in file names! ;)

Well, I was about to turn off comments, when I got inspired to whip out my Perl hacker hat. I've manually updated the comment perl script on pickabar.com to block any posts containing the almighty web protocol specifier (http:). Hopefully that'll give me at least a few weeks break from manually deleting all of the junk. In case you're feeling adventurous (which you must be if you're running MT on windows) or just desparate, here's my updated mt-comments.cgi script. As always, no warranty is implied...this is purely for the education of those of you who are interested in the inner workings here at pickabar.

#!/usr/bin/perl -w

# Copyright 2001-2004 Six Apart. This code cannot be redistributed without
# permission from www.movabletype.org.
#
# $Id: mt-comments.cgi,v 1.35 2004/05/17 19:51:25 ezra Exp $
use strict;

use CGI;
my $cgi = new CGI;
my $commentText = $cgi->param('text');

if ($commentText =~ m/http:/i)
{
print "Content-Type: text/html;\n";
print "Status: 404 Not Found\n";
print "\n";
}
else
{
my($MT_DIR);
BEGIN {
if ($0 =~ m!(.*[/\\])!) {
$MT_DIR = $1;
} else {
$MT_DIR = './';
}
unshift @INC, $MT_DIR . 'lib';
unshift @INC, $MT_DIR . 'extlib';
}

eval {
require MT::App::Comments;
my $app = MT::App::Comments->new( Config => $MT_DIR . 'mt.cfg',
Directory => $MT_DIR )
or die MT::App::Comments->errstr;
local $SIG{__WARN__} = sub { $app->trace($_[0]) };
$app->run;
};
if ($@) {
print "Content-Type: text/html\n\n";
print "An error occurred: $@";
}
}

Posted by gerrard at February 14, 2005 9:43 PM