You may have noticed, some rather, uh, specific, spam comments have been getting through the last few days. I've been using the Weblog Defense Grid, a combination of anti-spam plugins combined with a comprehensive set of filters for MT's Spamlookup that has been quite effective until now.
However, some rather determined spammers have found a way around those filters and plugins, so a little tweaking was required. Hopefully that will keep them at bay for a while.
Sorry to anyone who was exposed to some of the more, uh, specific spam. Yuck.
Fight on Mighty Warrior, fight on!
Well, I guess I missed a few keywords. I woke up this morning with almost a dozen new spam comments. Fortunately, most of them got caught be moderation, but it seems the worst made it through. :-(
The filters had been working quite well. I guess it's a never ending battle as we find ways to block them and then the spammers find ways around the blocks.
Maybe I need to go back to the secret code thing.
OK, I added another anti-spam plugin to my arsenal. Let's see if it's working OK.
I don't know if it's available for you on MT, but I use a plugin that uses hashes for posting comments. Mine is called WP Hashcash.
I've not had a problem since I installed it two years ago.
I'm not sure what 'using hashes for posting comments' means, so I don't know if something like that is available or not.
The plugin I just installed is called CCode / TCode. It functions similarly to the old 'secret code' that I used to use & that's common on Blogger where you have to enter in the alpha-numerical sequence shown in the image.
The difference is that the secret code is generated through javascript based on the text of the entry and is entered by a hidden form field. (I think, I don't precisely understand it.) So, that means no user input needed and spam bots that know the path to my comments script can't just hit it directly.
Sure, they could come to each post and figure out how to hit the comments script from here, but that would only let them spam this post. They'd then have to do the same for each of my 500+ other posts. More likely, they'll just find easier targets.
The built in anti-spam plugin, Spamlookup, in MT is pretty robust in general, but it requires consistent tweaks to get around new spammer techniques. I have a couple of other enhancements to it that beef it up a bit, but it still requires maintenance. And when the spammer finds their way around, several dozen or more spam comments can get through before you find a way to thwart the latest technique. Lately, new techniques around the filters have been popping up every few weeks, making spam maintenance tiresome.
What I like about this plugin is the same thing I liked about the old secret code thing, it gets to the difference between humans and bots. Humans come to the post, read, type and hit the 'Post' button. Bots skip all that and just hit the comments script directly. This can tell the difference. Come in through the button? You're good to go. Hit the script directly? No such luck.