{"id":365,"date":"2004-05-04T02:22:12","date_gmt":"2004-05-04T09:22:12","guid":{"rendered":"http:\/\/stefangeens.com\/?p=365"},"modified":"2004-05-04T02:22:12","modified_gmt":"2004-05-04T09:22:12","slug":"for-better-blogging","status":"publish","type":"post","link":"https:\/\/stefangeens.com\/2001-2013\/2004\/05\/for-better-blogging\/","title":{"rendered":"For better blogging…"},"content":{"rendered":"

Yesterday, the amount of comment spam here and on MemeFirst<\/a> quite simply got ridiculous. Barely 9 months after getting (and blogging<\/a>) a first instance, and despite in the meantime removing every possible incentive to posting such spam, volume started growing exponentially as automated spam delivery mechanisms exploiting Movable Type’s standard commenting scripts got more sophisticated. Over the past month, the use of randomly generated emails and rotating IP addresses has allowed spammers to easily circumvent MT’s built-in defences at a rapid clip.<\/p>\n

Myself, I was waiting for MT 3.0’s upgraded comment filtering technology. In the meantime, MT-Blacklist<\/a>, a plug-in that filters URLs for proscribed content, has made it harder for spam to make it through, though not impossible, especially if the sites being promoted by spam use conventional words in their URLs. And, though spammers now have to continuously change the content of their spam, they can still usually get away with bombarding a large number of blogs before they all update their blacklist or the blacklist clearinghouse gets updated. In that sense, MT-Blacklist also chases after a moving target, much like banning IP addresses is ineffective against a spammer continuously changing her IP address.<\/p>\n

But last night, as my list of recent comments swelled with the labor of the dregs of humanity, I was willing to settle for something quick and dirty to solve the specific problem of automated spamming engines afflicting my<\/em> blog. This is what I came up with — and it only takes two minutes to install.<\/p>\n

The idea was to personalize my blog’s comment submission process so that a spammer needs to either post spam in person or else manually tweak his comment submission engine so that it works specifically for my<\/em> blog. Basically, it becomes as annoying for him to post spam as it is for me to remove it. With the burden shared in this way, I’m guessing the spammer won’t bother with my blog, as I care a hell of a lot more about it than he does. And if a spammer visits my site, examines my comment submission process and manually tweaks his engine, I simply alter my process. I feel their pain, and it feels good.<\/p>\n

The hack involves requiring a human mind to complete a simple instruction, such as “type the letter ‘A’ in this textbox” or “Type the third letter of this sentence in the textbox,” before MT accepts the accompanying comment. Here’s how:<\/p>\n

In your cgi-bin folder, navigate to and edit the file cgi-bin\/lib\/MT\/App\/Comments.pm. Do a search for the following piece of code:<\/p>\n

if (!$q->param(‘text’)) {<\/p>\n

return $app->handle_error($app->translate(“Comment text is required.”));<\/p>\n

}<\/p><\/blockquote>\n

Replace this with:<\/p>\n

if (!$q->param(‘text’)) {<\/p>\n

return $app->handle_error($app->translate(“Comment text is required.”));<\/p>\n

}<\/p>\n

## my addition<\/p>\n

unless ($q->param(‘spam’) eq ‘A’) {<\/p>\n

return $app->handle_error($app->translate(“Type the anti-spam text exactly as shown.”));<\/p>\n

}<\/p>\n

## my addition<\/p><\/blockquote>\n

Save and close. Now go to the templates screen in your Movable Type user interface, and make sure that all templates that allow you to submit comments have the following HTML snippet added to the comment submission form (I placed mine just above the comment textbox):<\/p>\n

<label for=”spam”>Today’s anti-spam measures are brought to you by the letter “A”. Please type it here:<\/label> <input id=”spam” name=”spam” \/><\/p><\/blockquote>\n

In standard builds of MT the templates you want to alter are: Individual Entry Archive, Comment Listing Template, Comment Preview Template and Comment Error Template.<\/p>\n

What happens now is that when a comment is submitted, MT checks that the accompanying question is answered correctly; if it is, the comment is accepted. The question is asked in the HTML, the answer is found in the Comments.pm code I addedAdvanced MT users: It’s actually a lot simpler to put that HTML snippet into a template module and to refer to the module wherever a template contains a comment submission form. This way, when it is time to change the question\/answer pair, you only need to alter the HTML in one spot. More about MT modules here<\/a>.
 
Update 2004-05-19<\/b><\/span>: This hack is not compatible with MT-Blacklist. MT-Blacklist is not a proper plugin in that it completely bypasses Comments.pm with its own comment-handling files. Altering Comments.pm as described here has no effect as long as MT-Blacklist is installed.
 
Update 2004-09-10<\/b><\/span>: It is<\/em> compatible with MT-Blacklist, as the comments below attest to. (I don’t use it though. There really is no need now.)
 
Update 2004-10-29<\/b><\/span>: Strang’s Blog has a post<\/a> that explains how to get this to work for MT 3.11 templates.<\/span>.<\/p>\n

Of course, a spammer can still visit my blog, determine the required answer for the anti-spam question, and then program his submission engine accordingly. But the catch is that he has to do this manually every time I change the question\/answer pair. You can alter the question\/answer pair whenever you want: in Comments.pm, just replace the ‘A’ in the above example with whatever letter, number or word you want, as long as it is inside single quotes; and also make sure the question in the HTML snippet leads unambiguously to that answer.<\/p>\n

The reason this is not a plug-in is because I don’t know Perl. I guessed-and-pasted this out of desperation, but it works like a charm. If I knew Perl I would probably build a library of question\/answer pairs that I can rotate at will. And, additionally, if you are willing to forgo having comment submissions on the static Individual Entry Archive template in favor of using only the pop-up comment templates, which render MT tags on the fly, you could build a system that automatically rotates the question\/answer pairs every X hours or days, overlapping successive pairs so that commenters on the crux of an changeover are not abandoned.<\/p>\n

The more that people personalize their comment submission forms, the less spammers can exploit the standard MT comment submission process.<\/p>\n","protected":false},"excerpt":{"rendered":"

Yesterday, the amount of comment spam here and on MemeFirst quite simply got ridiculous. Barely 9 months after getting (and blogging) a first instance, and despite in the meantime removing every possible incentive to posting such spam, volume started growing … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[8],"tags":[],"class_list":["post-365","post","type-post","status-publish","format-standard","hentry","category-science-technology"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7eNhC-5T","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/posts\/365","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/comments?post=365"}],"version-history":[{"count":0,"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/posts\/365\/revisions"}],"wp:attachment":[{"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/media?parent=365"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/categories?post=365"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/tags?post=365"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}