kasia in a nutshell

"Kasia Trapszo cleans community. Community in shock."

You damn right they're all in shock. You go girl.
Nut squeezing by proxy almost. Steve would be proud.

Steve is :-)

Hi!

Thanks for the slap across the face :)

I used to delete them as they came, but they just came faster adn faster, and I found myself spending more time deleting spam than blogging. One day, there was a bot that spammed every single post in my archives (about 250 of them) at one shot. That was the point where I gave up. I think I've had it with MT. I'm trying to be regular in my Live Journal (link above) which is clean and sweet. Do visit :)

There's better ways of stopping spam in MT than mt-blacklist. mt-blacklist is just simple keyword-based filtering, meaning that it's rather easy for it to get false positives while also getting false negatives.

From what I've seen, the hidden-key mechanism (where you put a key in the form which isn't a standard part of the MT comment form, preferrably one unique for each page and, even better, comprised of a hash of the user's User-Agent and a per-page pseudo-random number) works exceedingly well.

Also, if you have a phpBB forum already, you might want to look into some work I did for integrating phpBB with MT: http://trikuare.cx/mt/archives/000425.php

phpBB's anti-spam measures are much more robust than MT's (granted, MT is catching up in most regards in 3.0, but it'll take a while), and it has the added benefit of requiring user registration if they're going to link back to a URL as their 'personal site' or whatever. Also, phpBB's moderation interface is WAY better than MT's (which was the main reason I switched to begin with).

I used to have tons of comment spam on my blog (MT), but none anyomre. No need for blacklists or keyword-based filtering either.

The bots that spam you just pretend that it hit the "Post" button. You will agree that this is a stupid hack, but it should be enough to fool the bots. Simply change the "value" parameter in the "Post" HTML button in the comments template to something other than "post" and hack the appropriate MT perl module so that it accepts that value.

The module you want to edit is MT::App::Comments, look around for $q->param('post') and change it to whatever you want.

Works perfectly for me.

Oops, I think I meant to say that you should change the "name" parameter in the button, not the "value" parameter..

I cleaned up my act last year. I met a very unsavoury person from the nether regions of the internet. It was then that I spent a week making sure that all content was verified before being posted.

Comment spam hit b2++ last year and on my site we offered weblogs to other users. If those users didn't maintain their blogs the comments would persist and be indexed by Google. Now it's fixed. How? Comment moderation. All comments have to be verified by the blog owner before they're displayed. Attempts at spamming have practically stopped now :)

"Require registration to comment - I hate this one, but if it's the only way for you, whatever, just do it."

I hate it, too, but there may be a way to lock out the spambots without having to require registration for users who want to post. It won't help prevent stuff that was cut and pasted by humans, though.

I'm not a MT user, but I know that PHP-Nuke (I know there's a difference between PHP and Perl :)) has a feature where you can't even log in without typing in a randomly generated "secret" number that is in a graphic that cannot be OCR'd. In other words, when you log in, you also need to type in a 6 digit number that appears next to the log in information. This is to prevent brute force attacks.

Could not the same thing be done in MT, even with anonymous comments? Simply require entry of the random nubmer token to verify it's a human, not a machine that can't read the graphic information, and the bots should be locked out.

At least, I think it would work.