« Isn't there a rule about not blogging drunk? | Main | Off-air »
January 17, 2006
Beating spam with Movable Type 3.2
This is a somewhat detailed explanation of what worked for me in blocking spam in AWVC. The short version is that I tried installing a CAPTCHA, MT-SCode, which I couldn’t get working properly. Then I found MT-Keystrokes, which works brilliantly. So: Install the latter and you’ll be fine. The catch is that your site visitors will need to have Javascript enabled to leave comments.
The long version is contained in AWVC’s first ever extended entry!
Blogs, Comments, CAPTCHAs, and the utility thereof
Each brand of weblog software has software routines used to record comments. The routines are generally operated in exactly the same way across multiple installations of that weblog software. Scripted programs can be pointed at these specific routines to automatically log “comments” (i.e. crappy ads for crap). The routines are easy to locate as they’re generally described using plain text, easily parsed by a web script.
A CAPTCHA is designed to confirm the person entering a comment is an honest-to-God human. It uses an automatically generated image only a human could decipher (spam bots not being sufficiently advanced to decipher the generated image - yet, at any rate.
MT-SCode not being the most co-oerative of beasts
Lots of people seem capable of installing MT-SCode, and not having any problems with it. I ran into the problem described here. Currently there’s no explanation for the problem, but if it helps with future diagnosis, I’m running AWVC on the creaky BerkeleyDB back-end.
But SCode has other problems. The generated image (showing the code you need to type into the verification box) isn’t very attractive, and having to type anything at all into the box is an extra roadblock users leaving a casual comment might not be arsed working around. There are accessibility problems with CAPTCHAs too, which I’m not entirely comfortable with.
Finally, SCode requires Javascript. As far as I can tell the few regulars that I have all have Javascript enabled, so that’s okay, but it might not be for you.
I tried my damndest to get SCode working, but wasn’t really getting it going reliably. Then I stumbled across MT-Keystrokes.
Alternative Means of Detecting your Humanity
MT-Keystrokes also tries to confirm the person entering the text is a human, but does so without requiring the user to decipher an image. It does this by tying into a Javascript event handler - a piece of code that runs every time a user types something in a text box. Spam bots don’t come with built-in Javascript engines - yet - so they ignore the Javascript code and are consequently ignored by the blog software. The plugin still requires Javascript to be enabled, but doesn’t require the user to do anything more than they’d normally do when leaving a comment. MT-Keystrokes requires a bit more effort to install, but because it’s simpler than MT-SCode it should also be a bit more reliable.
The best part? AWVC = spam-free.
Addendum
Incidentally, while editing my MT configuration file, I screwed up the line-endings by saving the file in a Mac text editor. I thought I’d killed AWVC as whenever I tried to log in or leave a comment I got an error message saying Got an error: Bad ObjectDriver config. After some panic and then some calmer thinking, I resaved the file in a PC text editor and all was well. Google didn’t help at all though, leading me to believe I’d corrupted the database somehow.
Posted by Oliver at January 17, 2006 09:24 PM
Comments
Post a comment
AWVC uses the Markdown formatting system, a very simple way to format your comments. Whitespace is converted directly. Enclose a phrase with asterisks to italicise, and two asterisks (**) to embolden. A good introduction to the Markdown format is available here.
Cleverly, though, the preview is basically useless (it will just show what you've typed). If you want a real preview, enter your text into the Markdown Dingus, then re-enter it here.