Strong opinions, weakly held

Spam-proofing my Movable Type installation

For the past week, I’ve been getting more comment and trackback spam than ever, so this weekend one of my projects was to do what I can to slow down the spammers. I started out with the Six Apart Guide to Combatting Comment Spam, and the Movable Type manual. (The guide is a bit behind the times so you have to refer to the manual as well.)

In my first round of addressing the comment spam issue, I’m trying to take measures that won’t affect users. The first step is renaming the trackback and comment scripts. I doubt it will help but it certainly won’t hurt anything.

I also discovered that I wasn’t using the SpamLookup features built into Movable Type 3.2 very well. There are ways to block keywords, ways to subscribe to IP and domain name blacklists, and you can configure how the link filter works as well. Hopefully these filters can be configured to take care of my problems. I’m starting out by adding nicknames used by some of the most persistent comment spammers. Hopefully it filters on nicknames as well as comment content.

There are a few things I’m still trying to figure out:

  • Is there a good list somewhere of other blacklists you can subscribe to?
  • Is there an easy way to ban an IP address?
  • Is there a Bayesian filter for Movable Type that works like the one in Thunderbird?

I’m also tempted to start looking at writing Movable Type plugins. BigPAPI is built into Movable Type 3.3, and there are some cool things you could do to make spam handling easier.


  1. I found that MT Moderate kills most visible TB and Comment spam.  The next thing I needed to do was deal with the effective DDOS that happened when 50 or 100 trackback calls ate all the memory in my little old G3/350 webserver.  I ended up finding that if I had more than 15 simultaneous trackbacks, I was definitely being spammed.  At that point I used this shell script to dump the processes.

  2. I run WordPress on my blog (which is pretty great, btw…) and the newer versions of WP come with Akismet. It is really kind of hard to believe just how well Akismet works. It has literally gotten rid of all spam for me and — as it turns out — there is also a Movable Type plug-in. Maybe that is something for you?

  3. I highly recommend the Tiny Turing plugin from Staggernation. Since installing it my published comment spam went from 10-30 a day to zero. I haven’t a single one since installing it two months ago.

  4. Tiny Turing looks interesting. I think I’m going to see how far I can get filtering spam without intruding on the user experience. If that fails, I’ll be more aggressive.

  5. Matt> Any chance of false positives?

    How would you know?

    \ Just asking; curious

  6. @Bryan: There’s certainly a chance of false positives but it hasn’t been a problem for me yet. When a comment is junked the commenter is shown a message saying their comment was held for approval. In my case, it’s mostly friends who read my site and I’m confident someone would have notified me if they were having an issue.

    Also, I’m willing to take the chance that one or two comments might slip through the cracks if it means zero spam making it through. As an example of how much work it saves, I have 1,349 junk comments from the last two weeks that could have ended up on my blog.

Leave a Reply

Your email address will not be published.


© 2019 rc3.org

Theme by Anders NorenUp ↑