Trick the Comment Spammers

Keep track of this discussion by subscribing to the RSS feed for this discussion thread

Author

Message

Mark

Posted: December 16, 2004 4:01 PM

Update (12/17/04 08:57 EST): I have just received a report that this trick does NOT work using the Safari web browser. This is likely becuase this is not the "proper" way to use BASE HREF. I will be posting a javascript version soon. I tried this about 5 hours ago, and it works. I have received ZERO spam since I implemented this -- and I usually get hundreds a day. The trick requires a simple template edit and works by tricking the spambots into think that your comment script is somewhere else. So when they try to spam you, they get 404 errors. Everyone else can post fine as usual. Steps: 1. In your Individual Entry Archive, look for the following: <form method="post" action="<$MTCGIPath$><$MTCommentScript$>" name="comments_form" onsubmit="if (this.bakecookie[0].checked) rememberMe(this)"> and replace it with: <base href="<$MTCGIPath$>"> <form method="post" action="<$MTCommentScript$>" name="comments_form" onsubmit="if (this.bakecookie[0].checked) rememberMe(this)"> 2. Further down the page, after the </form> tag, enter: <base href="<$MTBlogURL$>"> 3. Rebuild your Indivdual Archives, and you are done. This tricks spammers into thinking that your comment script is in the same folder as your entry. Since I starting using this, I have received zero spam and about 50 'Page Not Found' 404 errors in my web stats, presumably spambots trying to look for my comments script in the wrong places. In combination with this, you may want to rename your comments script, just to be safe. I have not done so, but it may help. This trick -- like many others -- is easy for the spammers to work around. If enough people start doing this, they will make adjustments to defeat it. For now, however, it is working extremely well.

Jake

Posts: 1

Reply: 1

Posted: December 16, 2004 4:52 PM

I was under the impression that you couldn't have two base hrefs in a document, and only the last one would be read. Is that the idea here, or am I missing something?

Mark Carey

Posts: 33

Reply: 2

Posted: December 16, 2004 4:56 PM

Based on my (limited) experience, you can have multiple base hrefs on one page. Each one seems to apply until a new one is found on the page. It seems like it is read (and rendered) top-down, switching the base everytime a base href tag is found.

ktpupp

Posts: 1

Reply: 3

Posted: December 17, 2004 9:22 AM

Interesting idea, but I am curious about the 404 errors... Obviously this method will keep the spam from being posted (good for the blog), but the server will still be taking quite a hit serving the 404 error page (not so good for the server/host), right? -=kt=-

Mark Carey

Posts: 33

Reply: 4

Posted: December 17, 2004 9:46 AM

ktpupp, I am not expert when it comes to server loads issues, but I am pretty sure that serving a 404 error page takes much less resources that executing the MT cgi scripts, which including checking the for string matches on my 3,000 entry blacklist and may include a rebuild of some of my pages.

Roger Johansson

Posts: 1

Reply: 5

Posted: December 18, 2004 8:47 AM

Interesting idea, but unfortunately it will make your HTML invalid. The base element is only allowed in the head section of a document. That is most probably why it isn't working in Safari. There may well be problems in other browsers too.

Mark Carey

Posts: 33

Reply: 6

Posted: December 18, 2004 8:51 AM

Normally I don't care about my HTML being invalid, but when it causes problems with a major browser like Safari, I do care about that. I have switched to the javascript version of this trick.

john

Posts: 1

Reply: 7

Posted: January 3, 2005 12:35 AM

This trick has eliminated every spam I had been getting (except for the manual ones of course). Since most of them were robots though this has been a blessing. I am purposely not writing about it on my website lest someone catch on. Silence is golden for now.

Anthony Graddy

Posts: 1

Reply: 8

Posted: July 7, 2005 5:13 PM

I think you make a really important point that once enough people start using this work around, the spambots will be changed to work with the work around. I guess the idea that I got from your post is that if we always stay one step ahead of what the majority of people are doing, then you probably will be able to avoid problems. I read of another method to avoid spam comments using Flash at this link: http://www.actionscripthero.com/blog/archives/2004/01/fighting_commen.html As long as you do not have your site setup in the most common method, I think you will be able to avoid spam.

Mark Carey

Posts: 150

Reply: 9

Posted: July 11, 2005 6:08 AM

Yes, Anthony, I agree (mostly). You will always receive some spam, but using techniques that are only used by a minority can contribute to a significant reduction in spam. Ps. As I mentioned at the beginning of this entry, this trick may not work for all browsers. The javascript version is preferred.

Pozycjonowanie

Posts: 2

Reply: 10

Posted: January 13, 2007 9:26 AM

Mark thanks for Trick the Comment Spammers i had problems with spam but now know how to fight with it. keep up the good work. Greetings

Subscribe to this discussion: Email | RSS

Join the conversation:

This weblog is licensed under a Creative Commons License.