MT-Blacklist: New Movable Type Plugin to Block Comments Spam

Jay Allen’s MT-Blacklist plugin has been made available to help combat comments spam. There’s plenty of praise and comments at his post, MT-Blacklist: Stop Spam Now, too.

Since I’d already implemented Jay’s comment spam modules I’ve seen firsthand how incredibly effective filtering can be for my site, reducing my comments spam to a trickle. For more of my thoughts on dealing with comments spam with links and tips see my post, Friday Feast #61: Unwanted Comments.

Jay’s new plugin, even in its beta version, is certainly impressive with its easy-to-use interface and convenience. It’s definitely worth considering.

Sharing My Blacklist

I’m still not inclined to post my blacklist filters online for spammers to find and attempt to work around; however, I’m happy to email it to anyone upon request. Leave a comment at this post or email me directly. (If you don’t already know my email address, use the Contact page for your request.) Please include your weblog URL with your request as I need proof you’re not a spammer, of course.

Recent Related Entries

09:03 pm, pdt13 October, 2003 Comments, Trackbacks (8) ·';}?>

Categories: Movable Type, Weblogs


Comments, Trackbacks: 8 so far. Add yours!

  1. Shirley, you don’t mind passing that list along to me do you?

    Hiya! :-)

    02:48 am, pdt14 October, 2003Comment by ben

    comment #1 permalink ·'; else echo '·'; ?>

  2. Jay Allen has released MT-Blacklist to counteract the latest round of commenting spamming. Even Webdiva hasn't escaped Lolita's comment postings....

    14 Oct, 2003Trackback from Webdiva

    trackback #2 permalink ·'; else echo '·'; ?>

  3. I don’t follow your logic for keeping the blacklist private. Since the blacklist is comprised of URL strings, how would the spammers get around it, except by registering new domain names? And even if they did that, it certainly wouldn’t be effective for long... provided that the "good guys" share their blacklists. Or am I missing something?

    I know, I know. I’m naive.

    The really good news about Jay’s plugin is that it is very easy to install (and update). That will be very helpful for less tech-savvy bloggers.

    05:21 pm, pdt14 October, 2003Comment by Bryce

    comment #3 permalink ·'; else echo '·'; ?>

  4. Well, purchasing new URLs would be one way for comment spammers to try to get past filters, of course. From what I’ve seen, the comment spammers have no problem with excessive volumes of domain names. ;-)

    I also happen to feel that comment spammers are capable of figuring out ways to spoof various filters even with URL strings.

    Additionally, though, my blacklist filters aren’t comprised of only URLs. They also include words and phrases used by comment spammers. :-)

    Besides, I’m more than happy to share my blacklist, as I’ve mentioned. I’m just not going to post it online, at least not right now.

    I’m also hoping the search engines and directories will take action against the comment spammers and ban them from the search engines and directories. They’re known to do that when sites try to spoof them in other ways. When they do that I’m hopeful that our comment spam outbreak and problems will also be reduced.

    So, that’s my thinking at the moment.

    07:52 pm, pdt14 October, 2003Comment by Shirley Kaiser

    comment #4 permalink ·'; else echo '·'; ?>

  5. Shirley,

    Would it be possible for me to obtain your filters to implement into my blog? I’m interesting in them and want to stop as much SPAM as possible.



    08:34 pm, pdt14 October, 2003Comment by Erik

    comment #5 permalink ·'; else echo '·'; ?>

  6. Hi Shirley—I’m in the process of designing my blog right now and all of this discussion about comment spamming couldn’t have come at a better time. I’ve come across three solutions, all imperfect in one way or another.

    The first, of course, is Jay Allen’s MT-Blacklist. This is a good tool but its logic at this point is pretty simple: it scans for strings and if the string (or a substring, i.e., part of a word) is on your list, it identifies the comment as spam and does the appropriate thing. The drawback to this is that it can lead to a lot of false positives—where a substring is part of a larger word that is OK. Here’s an example: A year or so ago, my wife wanted to make a reservation for lodging at the Snowma__ Ski Resort (you can already see where this is going, I bet). Her employer uses blocking software and she was unable to access because of the offensive substring. In fairness to Jay, he’s working to improve the logic of the plugin, but blacklists invariably suffer from the problem of false positives.

    James Seng has come up with a different solution, a bayesian filter for MT. In order to use this filter, you must "train" it to recognize both good posts and bad posts. The more you train it, the better it gets at recognizing spam. The drawbacks here are the time it takes to train the filter and the fact that you need spam in order to train it. Once it’s trained it is probably a better solution than a blacklist filter, yielding a lower percentage of false positives, but for sites with a low comment volume it will take a long time to train it. On the other hand, for sites like Little Green Footballs that get a high volume of comments, such a filter would probably "learn" quickly and thereafter work better than a blacklist filter.

    The third approach was also created by James Seng and can be found here. This approach, commonly referred to as CAPTCHA inserts a graphic with randomly-generated characters, along with a field that must be filled in with these characters, in each comment form. You can see it in use on his comments form at the bottom of each page. This approach is used on sites like PayPal and Yahoo to frustrate scripts attempting to set up multiple accounts. This solution works pretty well against script spammers but it raises serious accessibility issues—people with certain disabilities, people with text-only browsers or with images turned off can’t comment. Nonetheless, I intuitively like this approach, particularly if used in concert with other anti-spam approaches, because it reduces the amount of time the blog operator has to spend policing comments.

    It seems to me that this approach would work well so long as one also supplies a contact form, such as you use, for comments from those wishing to comment but who are prevented from doing so for accessibility reasons. Would you care to share your thoughts on this?

    12:06 pm, pdt21 October, 2003Comment by PaulG

    comment #6 permalink ·'; else echo '·'; ?>

  7. Today I am pleased (proud, relieved, thankful, etc) to announce the release of MT-Blacklist v1.5. There are some major changes...

    28 Oct, 2003Trackback from JayAllen - The Daily Journey

    trackback #7 permalink ·'; else echo '·'; ?>

  8. Is there any new program codes out there that can combat spam as I am up against spam all the time. I have a website that gives out a free guest book to websites where the guest book sends out a thank card automatically, personally created by the guest book owner thanking them for signing the guest book and I go to check the websites of people who sign up for our free guest book and the guest books are just full of comments. To me it isn’t so much the comments, it is the way it is commented. If someone visits your website then leaves a message and tells about themselves with reference to their website is ok by me, but if they just type ad words that have no coherence to them, that bothers me, no class. If there was a code I could use to prevent spam in my guest books, I would surely like to know about it. I will check back and see what is said here later on. I find this very interesting.
    Take care and bless you

    12:35 pm, pst 2 February, 2004Comment by Steve

    comment #8 permalink ·'; else echo '·'; ?>

This discussion has been closed. Thanks to all who participated.

*/ ?>