MoveableType Comment Spam
November 3, 2004 9:36 AM

I have put my Moveable Type weblog to sleep, although I am keeping its archives up. Not surprisingly, comment spam continues to come in. It looks like there is no way to globally turn commenting off in MT. Rats. But I do have MT Blacklist installed, and I'm wondering if there's a good way to add some kind of regex wildcard to my blacklist that will deny all comments. Any ideas on how to stop all comments?
posted by scarabic to Computers & Internet (12 answers total)
My spam went from 3-4 a week to 0 when I renamed mt-comments.cgi to something else.

Haven't had a bit of spam.

So if you wanted to cut them all out, you could just replace mt-comments.cgi with some blank page, or a page saying "no more comments!"
posted by xmutex at 9:39 AM on November 3, 2004


would I still be able to see existing comments if I did that?
posted by scarabic at 9:54 AM on November 3, 2004


Yeah, scarabic, they're already built into your individiual archives' html. You'll want to change the links to individual entries, though, from links to mt-comments.cgi to just the html file.

Then depermit mt-comments.cgi or rename it.

xmutex, they'll get you yet -- their bots are pretty clever. I have a renamed mt-comments.cg and a host of other barriers in place, and I still get the occasional piece of automated spam.
posted by Zed_Lopez at 10:07 AM on November 3, 2004


xmutex, can I suggest that you set up an IP blacklist based on hits to that non-existant CGI? Nobody should be manually typing in such an address, so it's safe to auto-blacklist them. Maybe return a page letting them know how they can get unblacklisted (by contacting you) in case it was a legitimate mistake.

That should help take care of the bots. And if they turn out to be infected computers running zombie clients, all the better. The best way to stop dumb people from using the internet is to make it so the internet doesn't come to them. :-D
posted by shepd at 10:13 AM on November 3, 2004


This guy wrote a tool to turn off comments on older entrys. I used it one of my old, out of date weblogs and it worked fine.

Or, you could just require all comments to have typekey authenication.
posted by Hackworth at 10:35 AM on November 3, 2004


If you're no longer using MT and just keeping the archives around, why is the comment CGI script still installed? Remove it.
posted by majick at 12:21 PM on November 3, 2004


Second what Majick says. Just delete the mt-comments.cgi script. The downside is that the comments will be "broken" but the upside is that you won't and can't get any spam.

If the site is high-traffic, the comment spambots will find your comment script even if you rename it. My experience has been that lower traffic sites can use this technique effectively, though.
posted by cell divide at 3:59 PM on November 3, 2004


Run this command on the db:
update mt_entry set entry_allow_comments = 2
This will change the comment status of all entries to closed. Be careful if you have more than one blog on your mt installation. If you do, add this line:
where entry_blog_id = [blog_id #]
posted by tcaleb at 4:28 PM on November 3, 2004


This is where I got my mt-close plugin. Works great.
posted by deborah at 7:03 PM on November 3, 2004


Another vote for mt-close. Works great, and on multiple weblogs on the same install.

I note that my MT install is an older version, and I don't know if it works on the latest releases.
posted by stavrosthewonderchicken at 1:08 AM on November 4, 2004


Hm... I tried mt-close but it doesn't appear to have done anything, even after a site rebuild. Not sure what I did wrong. It appeared to do its thing. Then, oddly, this AM I got the biggest deluge of comment spam I've ever seen. Oh well. I've removed execute permissions from mt-comments.cgi, which does the trick. Only side effect is that people see a nasty server error message if they do try to comment.

Makes me wonder whether it would be fun to set up some kind of bot-killing script with the name mt-comments.cgi... what could you do to a bot, anyway? Is there a way to keep it busy forever and then kick it in the head?
posted by scarabic at 9:55 AM on November 4, 2004


Too late, but I forgot one trick -- rename your mt-comments.cgi. You'll need to alter references to it elsewhere, of course. I've been to lazy to do it myself, but I'm sure you can google up some instructions somewhere.
posted by stavrosthewonderchicken at 1:11 AM on November 5, 2004


« Older Where did the power from my small engine go?   |   Election results leave me feeling despondent, what... Newer »
This thread is closed to new comments.