February 3, 2005


I've been back for a little more than a week, but obviously I haven't been posting. This is partly because of a slight post-vacation depression and partly because I've come down with a nasty flu, but the biggest impediment of all has been this deluge of comment and even trackback spam (an odd spamming strategy, since I don't even publish trackbacks) that actually seems to have broken MT's comment counter. I knew solving the problem for the forseeable future would be possible with just a few patches, plugins, and precautions, but I also knew finding that combination and purging all the existing spam would take hours. For some reason my installation of MT-Blacklist can't really handle more than a couple hundred comments at a time.

By the way, I don't think comment spam in general is a classic commons problem, as I've read in at least two places over the past couple days. In general, vulnerability to spam is a problem that the owner of a site has an incentive to fix, and the ability -- if she can get her hands on the right technology. I would expect a commons problem when it comes to developing free anti-spam software for blogs, but the magic of the open-source seems to have taken care of that. All the solutions I have implemented were discussed in the incredibly useful chicagobloggers group -- so thanks to everybody who's been asking and answering questions there. Following are the changes I have made:

  1. I installed the plugin from MT to stop an exploit that's been allowing spammers to commandeer MT's email notification function and use it to send spam email. In the process I was forced to upgrade to MT 2.661 -- not 3.15, because of the huge price tag, although I'm told the MT-Blacklist implementation built into that version is more functional.

  2. I installed another plugin from MT that adds "rel=nofollow" to all links posted in comments -- this means that linking back to your site in a comment will not affect your Google page rank anymore. I feel bad about this, because it removes part (hopefully a small part) of the incentive to leave comments here. To compensate for this, in the future I will try to add frequent commenters to my blogroll, if they aren't there already. This is step I would urge all MT users to take if they haven't already -- I doubt it will have an effect on the amount of spam you experience, but if everyone did it, there would be no more incentive to spam comments. And of course, regardless of whether the spam stops, it's nice to know it isn't achieving its goal.

    (By the way, the installation of this plugin is definitely a commons problem from the blogger's perspective, but I wonder if Google might be helping out with that: I noticed today, after installing the nofollow plugin yesterday, that my page rank has increased, despite the fact that I haven't posted in three weeks and there haven't been any new links in at least that time. Is this just a coincidence? If Google hasn't added an input for nofollow use to its page rank algorithm, it probably should -- it would create a huge incentive for individual blog owners to install the plugin, which will help salvage the whole page rank model.)

  3. And I instaled MT-Close2, which allows MT users without a MySQL database to mass close old comments. Closing old comment threads seems to be the most effective means of limiting comment spam -- and it is far easier to manage spam deletion for a few dozen posts than for a few hundred. Be advised: my new policy will be once a month to close all threads more than 30 days old.
And of course I've also deleted all of the spam I could find, both manually and with the help of MT-Blacklist. I don't know if this is going to be a comprehensive solution, but it should make things much more manageable and stick it to the spammers at the same time.

apostropher  {February 11, 2005}

Paul! Welcome back!

Y'know, upgrading to 3.x is free if you only have one author. My hosting company forced me to upgrade to the latest version and I went ahead and ponied up the cash since apostropher.com has two authors (though, predictably, Froz went into hiatus almost immediately thereafter).

Anyhow, the 3.x version will make an enormous difference and I don't think it will actually cost you anything. The upgrade process went flawlessly for me and didn't break anything in the process.

Best of luck with it

Post a comment

Remember personal