Update (12/17/04 08:57 EST): I have just received a report that this trick does NOT work using the Safari web browser. This is likely becuase this is not the "proper" way to use BASE HREF. I will be posting a javascript version soon.
I tried this about 5 hours ago, and it works. I have received ZERO spam since I implemented this -- and I usually get hundreds a day.
The trick requires a simple template edit and works by tricking the spambots into think that your comment script is somewhere else. So when they try to spam you, they get 404 errors. Everyone else can post fine as usual.
Steps:
1. In your Individual Entry Archive, look for the following:
<form method="post" action="<$MTCGIPath$><$MTCommentScript$>" name="comments_form" onsubmit="if (this.bakecookie[0].checked) rememberMe(this)">
and replace it with:
<base href="<$MTCGIPath$>">
<form method="post" action="<$MTCommentScript$>" name="comments_form" onsubmit="if (this.bakecookie[0].checked) rememberMe(this)">
2. Further down the page, after the </form> tag, enter:
<base href="<$MTBlogURL$>">
3. Rebuild your Indivdual Archives, and you are done.
This tricks spammers into thinking that your comment script is in the same folder as your entry. Since I starting using this, I have received zero spam and about 50 'Page Not Found' 404 errors in my web stats, presumably spambots trying to look for my comments script in the wrong places.
In combination with this, you may want to rename your comments script, just to be safe. I have not done so, but it may help.
This trick -- like many others -- is easy for the spammers to work around. If enough people start doing this, they will make adjustments to defeat it. For now, however, it is working extremely well. :D
Comments (11)
I was under the impression that you couldn't have two base hrefs in a document, and only the last one would be read. Is that the idea here, or am I missing something?
Posted by Jake | December 16, 2004 4:52 PM
Posted on December 16, 2004 16:52
Based on my (limited) experience, you can have multiple base hrefs on one page. Each one seems to apply until a new one is found on the page. It seems like it is read (and rendered) top-down, switching the base everytime a base href tag is found.
Posted by Mark Carey | December 16, 2004 4:56 PM
Posted on December 16, 2004 16:56
Interesting idea, but I am curious about the 404 errors... Obviously this method will keep the spam from being posted (good for the blog), but the server will still be taking quite a hit serving the 404 error page (not so good for the server/host), right?
-=kt=-
Posted by ktpupp | December 17, 2004 9:22 AM
Posted on December 17, 2004 09:22
ktpupp,
I am not expert when it comes to server loads issues, but I am pretty sure that serving a 404 error page takes much less resources that executing the MT cgi scripts, which including checking the for string matches on my 3,000 entry blacklist and may include a rebuild of some of my pages.
Posted by Mark Carey | December 17, 2004 9:46 AM
Posted on December 17, 2004 09:46
Interesting idea, but unfortunately it will make your HTML invalid. The base element is only allowed in the head section of a document. That is most probably why it isn't working in Safari. There may well be problems in other browsers too.
Posted by Roger Johansson | December 18, 2004 8:47 AM
Posted on December 18, 2004 08:47
Normally I don't care about my HTML being invalid, but when it causes problems with a major browser like Safari, I do care about that.
I have switched to the javascript version of this trick.
Posted by Mark Carey | December 18, 2004 8:51 AM
Posted on December 18, 2004 08:51
This trick has eliminated every spam I had been getting (except for the manual ones of course). Since most of them were robots though this has been a blessing. I am purposely not writing about it on my website lest someone catch on. Silence is golden for now.
Posted by john | January 3, 2005 12:35 AM
Posted on January 3, 2005 00:35
I think you make a really important point that once enough people start using this work around, the spambots will be changed to work with the work around.
I guess the idea that I got from your post is that if we always stay one step ahead of what the majority of people are doing, then you probably will be able to avoid problems.
I read of another method to avoid spam comments using Flash at this link: http://www.actionscripthero.com/blog/archives/2004/01/fighting_commen.html
As long as you do not have your site setup in the most common method, I think you will be able to avoid spam.
Posted by Anthony Graddy | July 7, 2005 5:13 PM
Posted on July 7, 2005 17:13
Yes, Anthony, I agree (mostly).
You will always receive some spam, but using techniques that are only used by a minority can contribute to a significant reduction in spam.
Ps. As I mentioned at the beginning of this entry, this trick may not work for all browsers. The javascript version is preferred.
Posted by Mark Carey | July 11, 2005 6:08 AM
Posted on July 11, 2005 06:08
Mark thanks for Trick the Comment Spammers i had problems with spam but now know how to fight with it. keep up the good work.
Greetings
Posted by Pozycjonowanie | January 13, 2007 9:26 AM
Posted on January 13, 2007 09:26
really thanks for your solution - i thik that it will fix my problems.
greatings from poland.
Posted by budownictwo | December 12, 2007 9:54 AM
Posted on December 12, 2007 09:54