scriptygoddess

There is a lot of discussion going on right now about now regarding comment spam and how to stop it. Comment spam is basically a comment posted to your blog that may/may not have anything to do with your post (I've seen/had it both ways), but it will include a link either within the comments or from the authors "website" for a commercial website. Most of them seem to be selling herbal products, Viagra, or direct mail items. The idea behind stopping comment spam is two-fold: First, no one wants their website to be a graffiti wall. Second, this seems to be just the first "wave". Many of the spam comments are being done by a few individuals actually trolling for MT websites. The real deluge is coming as more and more automated "bots" start searching the web MT comments forms to auto-fill with their spam messages.

So, the question is: What can I do to stop comment spam? Here's a rundown of some ideas that are slowly making their way around the internet. They are certainly going to be expanded and revised over the next few months, but –rather than wait– you should get an early start and stop spam now. As with graffiti, once it's there, it just leads to more people tagging your site because you're "easy". (You don't want to be "easy", do you?)

1. Implement the ScriptyGoddess Comment Queue Hack. This great script will put all comments into a "holding cell" until you can approve/disapprove them. With this method, you do lose some of the immediate interaction, but you can screen comments and pull out the spam. For a lot of people, this is a very difficult solution because it does involve modifying your Movable Type installation somewhat and you do need to monitor the comment queue on a regular basis. For these two reasons, this may not be the answer for you.
2. Implement Burningbird's Comment Spam Quick Fix. This is a very good, simple solution and a great first step. You are adding a hidden field to all of your comment forms and then telling MT to look for that information when it processes the comment form. This should eliminate a lot of the spam comments from bots. When you work this into your templates, please make sure you choose your very own, unique value. Burningbird uses "goaway". You could use any alphanumeric combination. Just like passwords, the more jumbled the better.
3. Implement Jacob's "Edit/Delete Comment" hack for your comment notification. Jacob modified the mt-comments.pm file to add a line to the bottom of your comment notification email that includes the link to the "Edit/Delete Comment" screen. This is a simple and fast way to take care of comment spam that is sent by actual visitors to your site. It's a very simple hack and the documentation is really goo.
4. Integrate a Turing test to eliminate spam from bots. James Seng has finished his version of a Captcha Turing Test as an MT Plugin. You can see it in action and download it on James's website. James's plugin basically gives you a graphical validation – so the user has to type in the numbers shown in a graphic in order for the comment to be processed. If you have ever signed up for Yahoo mail or used Paypal or Network Solutions, you've probably seen something like this in action. This will eliminate all of the comment spam from bots, as very few of them will be programmed with the ability to defeat the random sequence. I first saw this on a blog by MrBlog, who has since released his source code for Greymatter in hopes that it will be ported to MT. It needs to be said that using a captcha presents some usability issues, as those with graphics disabled or users who have a visual handicap may not be able to comment using the default install. At this time, there is not an enhancement to this plugin to remedy that. This is still an OUTSTANDING solution, just measure the accessibility versus the effectiveness when considering this solution.
5. Implement the Comment Spam Blacklist being put together by Jay Allen. It's not actually released yet, but Jay is making it possible to use this plugin to test URLs in your comments and trackbacks against a blacklist of known spam offenders. This is supposed to be available for download on 10/13/2003, but it may/may not be as this is just one man's project and we all have to be respectful of his time. Girlie is implementing Jay's solution as his alpha tester and reports that it is working with no hiccups just yet. Everyone can add to the blacklist and the community list should be included once the plugin is released. In the meantime, Jay has some screenshots of how it works. You definitely want to stay updated on Jay's site to get the latest.

Finally, the only 100% foolproof way to stop comment spam is to stop comments altogether on your website. For me, this is not a solution. Comments encourage interaction and help visitors get to know you and vice versa. But, if you can't comment, you can't comment spam, so your mileage may vary!