I agree with Simon w/r/t registration. Although we do have plans to include registration in future versions of MT, I’m not particularly fond of that solution. True, registration may block many unwanted characters from posting to your site but it’s at a cost — namely, the limitation of open discussion.
]]>I won’t bore you with the details, but I’ve forwarded it all to the local LUG here in Las Vegas.
]]>We can test REQUEST_METHOD and look for POST, and then check HTTP_REFERER and only allow POSTs from pages that share a common root URL In my case, all pages are served from http://weblog.burningbird.net. I’m going to modify mt-comments.cgi to exclude POST requests that don’t originate from this root URL. Then I’ll test it to see what it breaks…
]]>Burningbird, I wouldn’t spend too much time on anything like that. The fact is that if people can post without registration, a spammer can automate it, and there simply isn’t anything that will allow you to tell a ”real” comment from a spammed one with confidence. The email war is several years more advanced and the anti-spammers are not currently ”winning”. I see no reason to believe this will turn out any differently; it’s the same trust and content problem, with the same solutions, with ultimately the same, or even easier, workarounds available to the spammers, and the same ultimate foundering on the inability of computers to understand the content of a given text string.
The only real, long-term solution is pro-active monitoring of the comments, and deleting inappropriate ones. It’s not censorship, because comments on your weblog are on your space… quite literally! You are paying for the bandwidth to serve the spam out, so its well within your domain to just delete them.
Either that or go with an alternative system entirely to public comments.
Unless you know of some awesome solution nobody’s ever heard of, I suggest that people either learn to live with the spam, learn to delete it, or give up on comments as an experiment that didn’t work out long-term. To convince me that there is some fourth ”filter out the spam” solution, please first demonstrate the solution at work in the email domain. As of right now, there isn’t one; even SpamAssassin is only effective because the authors are involved in a constant arms race.
]]>But I will not give in, I will not let them take away my comments. The comments are the only interesting part of this site: without comments, I’d be bored with it in a week, and shut it down in a month.
Michel: Trackback’s even easier, but we probably shouldn’t admit that. Luckily, very few people put it anywhere but behind Javascript, so it’s not very valuable to a spammer: I assume that the goal of comment spamming is PageRank, rather than direct visits from such a lamely crafted spam.
]]>