• An updated "top 40" list of firewall rules
• A bug fix that should address the "blank page" problem that some people experienced from time-to-time. If you still have this problem with version 1.2, please let me know.

Download Now

,<$MTAjaxRatingVoteCount type="spamfirewalldownloads" id="1"$>,0);">
Downloads: <$MTAjaxRatingVoteCount id="1" type="spamfirewalldownloads"$> (since 2/21/07)

About Spam Firewall

Spam Firewall is a plugin for Movable Type that can help reduce this load. The goal of Spam Firewall is to block 80% of spam attempts before they reach MT's comment and trackback scripts. As the name suggests, it acts like a firewall protecting your MT scripts.

How Spam Firewall Works

Spam Firewall creates a PHP script that acts as a firewall. Once installed, when comments or trackbacks are posted, they get posted to the PHP firewall script. The firewall script will then scan the the request against a "Top 40" list of common spam patterns. If the request matches, things stop right there. If the request passes the test, it gets forwarded to MT for processing in the normal manner. Most spam is blocked quickly, without consuming large amounts of CPU and memory.

The Top 40 List

The key to Spam Firewall is a "Top 40" list of common spam patterns. The 40 spam patterns (rules) released today represent 80% of the spam that I have received in the past 8 days. Of a total of 14,405 spam attempts, this Top 40 list matches 11,541 of them (80.1%). The list is based on real spam attempts from the past week. I plan on updating the Top 40 list regularly.

Requirements:

• MT 3.2+
• PHP (Note: you do not need to enable MT's dynamic publishing to use Spam Firewall, but your server must support PHP scripts -- most do)

Instructions:

1. Download the zip file and extract its contents.
2. Within the main 'Spam Firewall' directory, there are two folders, one names 'plugins' and one named 'php'. Upload both of these folders (including sub folders and files) into the same directory as Movable Type (often /cgi-bin/mt).
3. Go to 'Settings' on the blog you want to setup, then choose 'Plugins', then choose the 'Settings' link under "Spam Firewall". Then click the "Click here to install the Spam Firewall Template for this blog" link. This will install the Spam Firewall index template and rebuild it. Advanced users can change the Output File name if desired, but you should not change the Name of the template.
4. (Optional, but highly recommended) Rename your comment and trackback scripts [More Info]. Because Spam Firewall hides the name of these MT scripts, now is a very good time to rename them.
5. To setup Spam Firewall for comments, you need to change the comments submission form to point to the firewall script. Go to your Individual Archive Template and look for the following:

   action="<$MTCGIPath$><$MTCommentScript$>"

   and replace it with:

   action="<$MTBlogURL$><$MTFirewallCommentScript$>"



6. To setup Spam Firewall for trackbacks, look for the <$MTEntryTrackbackData$> and replace it with <$MTFirewallTrackbackData$>. Also, look for the <$MTEntryTrackbackLink$> and replace it with <$MTFirewallTrackbackLink$>.


7. Rebuild all individual archives.

Download Spam Firewall

Non-commercial use - FREE ( In exchange for the free use of this plugin, I ask that you install the MT Plugin Network plugin. Plugin Network will help keep you up to date on the latest version (and rules) of Spam Firewall and other useful plugins. [more info])

Also, donations are appreciated:

Commercial use - $97.00

Download Now

,<$MTAjaxRatingVoteCount type="spamfirewalldownloads" id="1"$>,0);">
Downloads: <$MTAjaxRatingVoteCount id="1" type="spamfirewalldownloads"$> (since 2/21/07)

As always, suggestions and feedback are appreciated. Please reply to this entry.

Same blog, just two different posts. Unfortunately, on the new post, you see the ping go through, but it doesn't register on the trackback screen or the older individual post.

Kate, the current rules in v1.2 should block all of the following, when a comment or trackback starts with:

good site. thank
good site. thanks
good site. thank you
nice site. thank
nice site. thanks
nice site. thank you
cool site. thank
cool site. thanks
cool site. thank you
very good site. thank
very good site. thanks
very good site. thank you
very nice site. thank
very nice site. thanks
very nice site. thank you
very cool site. thank
very cool site. thanks
very cool site. thank you

Note that each of the above includes 'thank' -- does the one(s) that got through have this. Admittedly, this rule does really neeed the 'thank' part, and I probably should remove it...

Here's what spamw.php reads, minus the starting line:

if ($_SERVER['REQUEST_METHOD'] != "POST") { exit("must use POST"); }
$fields = $_REQUEST['author'] . ' ' . $_REQUEST['blog_name'] . ' ' . $_REQUEST['title'] . ' ' . $_REQUEST['url']. ' ' . $_REQUEST['email'];
$body = $_REQUEST['text'] . $_REQUEST['excerpt'];
$all = $fields . ' ' . $body;
if (!isset($_COOKIE['tk_commenter'])) {
[snip first rules]
if (preg_match('@^(very )?(good|nice|cool) site\. thank@i',$all)) { exit('Your comment has been blocked as spam; rephrase it or e-mail the administrator'); }

(Yes, I edited the rules to give a more lengthy response than "blocked.")

I can send you the whole file if you like.

Thanks very much--I really like this idea.

When I trackback from post A to post B,
MT registers post A as a good ping and doesn't show any sign of a bad tb on the activity log. But the tb doesn't show up on post B, nor does it show up under the tb tracker.

Any chance your trackback was getting blocked by the firewall rules itself? If so, it wouldn't register as an error in MT. When the firewall blocks something, it doesn't send an error code back. In some ways this is a feature, as spambot will get the impression that the spam was successful, so they won't try again.

blog_name
title
url
excerpt

A bit of pain to test this way, but it came in handy when I was developing this plugin.

By the way, which entry on you site was "sending" the trackback? If you can provide a link, I might be able to guess if it might be tripping one of the firewall rules.

Another idea is if you could run a whitelist for sites that spamfw will ignore. If that can be managed, then you would skip the rules if they existed from such site.

Your whitelist idea is a good one, though I am not sure if it would help in this case, as I think the problem lies elsewhere.

Any thoughts? Got this running fine on my own blog, but can't get it to work on the friend's blog.

Is the error on the spamfw.php file itself, or when the spam firewall script tries to post to the comment script. The different may not be immediately obvious, but it important. To test this, and easy way is to post a comment with a 'bad word' in the name field. (examples: the name of that blue pill, or the place where people go to gamble). If the firewall is working, you should get a "blocked" message.

I've got in uninstalled at the moment, but can reinstall if you have some ideas on things to try.

Thanks,
Gary
BTW, on the various messages i've posted here, I've never received an email notification of new posts, even though I've checked "subscribe to this comment" each time! Just FYI.

Thanks for the detail. If I understand you correctly, you get the 500 error when inside the MT admin area while trying to rebuild the spam firewall template. This is much different than getting the error on the spamfw.php itself. In this case, it is the MT admin script that is triggering the error during the rebuild.

Since you mention that you tried change permissions of the spamfw.php file itself, this suggests that the rebuild of the template was successful (otherwise the file wouldn't get built and wouldn't exist). As such I am confused.

What version of MT? What version of perl? When you get the internal server error, does it happen right away, or does it take a while before showing the error? Have you tried submitting a comment to the firewall (if so, does it work)?

Ps. I know about that "email subscription" problem. I have used that feature in a long time, and I need to remove the checkbox. My bad. Sorry for the confusion.

Let me reinstall this and run some tests, noting exactly what happens and when. I'll get back to you with those details. I've been preoccupied with other stuff, and I admit I'm fuzzy on the exact steps to the error!

Back to you soon.

I have MT 3.34 with the commenting on FastCGI and my blog on a subdomain, if that helps.

That particular case is currently a limitation. The PHP firewall script has access to the cookies on blog domain but not on the MT domain. So when the blog domain is different that the MT domain, there's no easy way to pass those TypeKey cookies across. One way to work around is to build the Spam Firewall template as you normally would, and then manually move (or copy) the built PHP file over to a location on the MT domain. Then, update the comment form on your Individual Archive template to point to the new location of of the firewall script.

I've tried your suggestions, but I'm still not getting this to work properly for comments.

I have MT set up under cgi-bin on one domain, http://phaticcommunion.com, and a blog on that domain. I have another blog on a subdomain, http://fifthgeneration.phaticcommunion.com. The second blog (where I spend 90% of my time blogging) is causing the problem.

I copied the script file that was created under the subdomain to phaticcommunion.com and pointed the commenting script there. When I did, regular commenting on the subdomain's blog worked, but when I tested out a blocked comment, it also published.

Then, I pointed the commenting form to http://fifthgeneration.phaticcommunion.com/[script], and a test spam comment caused a page to load that said, "blocked!", but a real comment received the error I mentioned before ("Registration required").

On one of my blogs a person tried to leave a legitimate trackback and was met with the text "must use POST". I think that person is using Blogger, which I remember didn't have the ability to send trackbacks on its own but needed third party support for that. Is there a way to accept these kinds of trackbacks?

FYI - I'm running MT3.34 with Spam Firewall 1.2.

Thanks!

The spam firewall script does require that TBs be sentt via an HTTP POST. This requirement is also true for the built-in TB script. As such, the problem seems to lie with Blogger, or 3rd party solution they are using, that is using a GET instead of a POST. This requirement is important to protect against server load, and even more spam attempts.

I am currently running the beta and before attempting to use it wanted to make sure it was going to work. I guess there's nothing else to do but try it.

I haven't tested Spam Firewall with MT4 yet, so I am not sure whether it will work, or whether it will require an update to work with MT4. I will definitely be updating (if necessary) for the final release of MT4.

Thanks.

I thought I'd give this plugin a try in Movable Type 4, having never used it before.

Unfortunately I have hit a problem from the word go. Everything is installed but when I try passing a comment through the PHP page, what I get presented with is a 404 for my comment script.

The script is there - no problem with that. However I just can't get to it :(