Commentings

Last week I mentioned that my Movable Type installation was being severely pounded by comment spammers, to the extent of causing the server to keel over a few times under the load. Even after renaming my comments script to not be the default MT filename, the attack persisted. I guess these days their bots actually check the action value of the URL to get the script's location, rather than merely assuming. (Ohh, not like the comment spammers we had in our day...)

At the weekend I implemented a slight hack in an attempt to completely prevent bots from finding the comments script. It worked disturbingly well, to the extent where I was paranoid I had eliminated everyone's ability to comment, even though I had tested it! I went from having 3000-3500 comment attempts per week before the script renaming (nearly all attempts blocked successfully by Movable Type), to about 150 per day after the renaming, to one in three and a half days. Marvellous.

Since unfortunately the solution (leaving the form action URL blank in the HTML, and writing it in with Javascript) blocks users without Javascript from commenting, as well as bots, it's just a workaround solution that will stay in place until we implement something like Jeremy Zawodny's got, that will also only let humans comment. But I'm loving it for the moment.