Blog Janitor is a plugin for Movable Type that preforms various clean-up tasks. Blog Janitor can perform the following tasks:

  • Close comments on old entries.
  • Delete duplicate comments and trackbacks

Blog Janitor does his work automatically, you don't need to edit your templates. Just tell Blog Janitor the tasks you want him to perform (by adjusting the plugin settings), and he will go to work periodically (using the scheduled tasks feature of MT).

New in Version 1.1

  • Support for MT4. Blog Janitor now works with either MT3.3x or MT4+. No new features in this release.

Here are some details on Blog Janitor's current skills:

Close Comments and Trackbacks on Old Entries

One technique for reducing blog spam is to close comments (disable commenting) and trackbacks on entries that are older than a certain number of days. This can be a tedious process to do manually, if you remember to do it. Blog Janitor can take care of this job for you. Simply enable Close Comments in the plugin settings for a blog, and tell Blog Janitor the number of days he should wait before closing comments on an entry. That's all you have to do, Blog Janitor will routinely check for old entries and close comments on them for you.

Delete Duplicate Comments and Trackbacks

Duplicate comments and trackbacks can happen in a number of ways. For example, a commenter may hit the submit button twice, thinking that the comment did not get posted the first time. Another common occurence is duplicate junk comments and trackbacks -- since spammer often post identical spam messages, your Junk folders may be full of duplicates. Blog Janitor is skilled a scanning your recent comments and trackbacks for duplicates. If you give him the order (by enabling duplicate checking in plugin Settings), he look for recent duplicates and delete them. Just tell him how many recent items to scan, and he will go to work every hour looking for recent duplicates. (Note: there is no "undo" when Blog Janitor deletes items, but he does leave a message in the Activity Log notifying you of which items he has deleted).

Settings

The Settings is where you give Blog Janitor his orders. Go to the blog you want, then go to the Plugin settings for Blog Janitor. The settings look like this:

Requirements

  • MT 3.3x or MT4+

Instructions

  1. Download the zip file and expand it.
  2. Upload the contents of the 'plugins' directory in to the 'plugins' directory of you MT installation (usually /cgi-bin/mt/plugins/)
  3. Adjust the settings as described above

Notes:

  • If you have a large number if entries in your blog, Blog Janitor will not close comments on every old entry the first time he goes to work. He gets tired if he tries to close comments on too many entries at a time, and his union contract states that he doesn't have to close comments on more than 100 entries each hour. (Okay, the real reason is to save your MT from excess load that might slow things down) Since Blog Janitor works on up to 100 entries each hour, it may take some time before he gets 'caught up'. For example, if you have 2400 entries on your blog, it will take about 24 hours for Blog Janitor to go through all the old entries and close comments and trackbacks.
  • Blog Janitor punches his time clock when he starts and finishes a task. For each task, he posts a message to the Activity Log that explains what task was completed, and how many seconds it took him to complete. If you are concerned about system load, keep an eye on the Log to see how hard he is working.

Get Blog Janitor

Commercial Use: $97

If you buy a commercial license, you will get priority for future features, and an advanced version of Blog Janitor that enables you to give Blog Janitor orders on a system-wide basis (so you can adjust the settings in once place for all blogs on the system).

Blog Janitor is free for personal use:

Download Now

Download Now (Blog Janitor for Personal Use)
Downloads: 761

Membership required, please sign-in or register:

As always, comments and suggestions are welcome - please reply to this entry.

Comment Registration is a plugin for Movable Type that enables readers to register an account on your site and login to post comments. Commenters register and login directly with your site, not via an external authentication service (this plugin does not use TypeKey).

UPDATE: The latest version of this plugin, version 1.2, includes an important security bug fix. It is highly recommended that sites using previous versions upgrade to version 1.2 immediately. Simply upload the new version to upgrade -- there is no need to edit or re-install templates.

Movable Type supports comment registration (authentication), but commenters must register and sign via TypeKey, a centralized authentication service offered by Six Apart (the makers of MT). While this "remote authentication" approach has some key advantages, there are also reasons why you might prefer a "local authentication" system. The Comment Registration plugin provides this option.

Comment Registration works with the built-in Commenter system of MT (see the "Commenters" menu item on the left-hand navigation menu). When someone creates a commenter account on your site and posts a comment, they will appear on the Commenters screen, including their Nickname, username, URL, email, and a tally of their comments:

Note: Commenters must post at least one comment before they appear on the Commenters listing. If someone creates an account but does not post a comment, they will not appear in the listing.

Because the plugin uses the the built-in Commenters system, you can use all the MT commenter features, such as:

  • Trusting and Banning commenters:
  • Settings for accepting comments:
  • Settings for publishing comments:

Comment Registration comes with 4 default templates (based on the default MT3.3 templates):

Commenter Login - An index template that contains a login form for commenters.
Commenter Registration - And index template that contains a form for creating a commenter account on your system.
Site Javascript - This is a replacement index template for the existing Site Javascript (mt-site.js) template. (Your existing Site Javascript will be renamed as a backup during installation).
Widget: Commenter Login - A Widget Manager widget that you can add to your sidebar, containing a login form for commenters.

Test it Out Now

Head over to the MT Hacks Test Blog and register for an account and then submit a few comments. Start at this test entry by clicking here.

Installation:

  1. Extract the files from the zip file, and upload the contents of the 'plugins' directory to the 'plugins' directory of your MT installation.
  2. Change the permissions on the mt-login.cgi file to 755 (CHMOD 755).
  3. Browse to the blog you want, then go to Settings - Plugins, and then the Settings button for Comment Registration. You will notice that the plugin has no settings of its own, but you will find a link to install the default templates. Click that link. The default templates will be installed and rebuilt.
  4. You must have Authentication enabled for the default templates to work (if you currently allow TypeKey authentication, you can skip this step). Go Settings > Feedback and find the "Authentication status" setting. In field after "Or, manually enter token", enter some text (anything will do).
  5. (Optional) Adjust the Feedback settings for accepting and publishing comments (see images above) as desired.
  6. Save Feedback settings and then manually rebuild the Site Javascript (mt-site.js) index template.

Requirements

  • MT 3.3x

Note that this plugin does not work with MT4, as this plugin's features have be built-in to MT4.

Get Comment Registration

Comment Registration is free for personal use, but you must place a link on your site, such as:

Powered by the <a href="http://mt-hacks.com/commentregistration.html">Comment Registration</a> plugin for Movable Type.

Donations are appreciated:

Download
Download Now
Downloads: 297

Membership required, please sign-in or register:

Commercial License (up to 5 blogs) - $97

Blog Network License (unlimited blogs) - $249

Note for multi-blog installations / blog networks: commenters need only create one account and can use the same login for all of the sites on the same MT installation.

As always, comments and feedback are appreciated. Please reply to this entry.

Spam Firewall v1.2 is now available. Version 1.2 has two changes:

  • An updated "top 40" list of firewall rules
  • A bug fix that should address the "blank page" problem that some people experienced from time-to-time. If you still have this problem with version 1.2, please let me know.

Download Now

Download Now
Downloads: 287 (since 2/21/07)

Membership required, please sign-in or register:

About Spam Firewall

Spam Firewall is a plugin for Movable Type that can help reduce this load. The goal of Spam Firewall is to block 80% of spam attempts before they reach MT's comment and trackback scripts. As the name suggests, it acts like a firewall protecting your MT scripts.

How Spam Firewall Works

Spam Firewall creates a PHP script that acts as a firewall. Once installed, when comments or trackbacks are posted, they get posted to the PHP firewall script. The firewall script will then scan the the request against a "Top 40" list of common spam patterns. If the request matches, things stop right there. If the request passes the test, it gets forwarded to MT for processing in the normal manner. Most spam is blocked quickly, without consuming large amounts of CPU and memory.

The Top 40 List

The key to Spam Firewall is a "Top 40" list of common spam patterns. The 40 spam patterns (rules) released today represent 80% of the spam that I have received in the past 8 days. Of a total of 14,405 spam attempts, this Top 40 list matches 11,541 of them (80.1%). The list is based on real spam attempts from the past week. I plan on updating the Top 40 list regularly.

Requirements:

  • MT 3.2+
  • PHP (Note: you do not need to enable MT's dynamic publishing to use Spam Firewall, but your server must support PHP scripts -- most do)

Instructions:

  1. Download the zip file and extract its contents.
  2. Within the main 'Spam Firewall' directory, there are two folders, one names 'plugins' and one named 'php'. Upload both of these folders (including sub folders and files) into the same directory as Movable Type (often /cgi-bin/mt).
  3. Go to 'Settings' on the blog you want to setup, then choose 'Plugins', then choose the 'Settings' link under "Spam Firewall". Then click the "Click here to install the Spam Firewall Template for this blog" link. This will install the Spam Firewall index template and rebuild it. Advanced users can change the Output File name if desired, but you should not change the Name of the template.
  4. (Optional, but highly recommended) Rename your comment and trackback scripts [More Info]. Because Spam Firewall hides the name of these MT scripts, now is a very good time to rename them.
  5. To setup Spam Firewall for comments, you need to change the comments submission form to point to the firewall script. Go to your Individual Archive Template and look for the following:

    action="<$MTCGIPath$><$MTCommentScript$>"

    and replace it with:

    action="<$MTBlogURL$><$MTFirewallCommentScript$>"


  6. To setup Spam Firewall for trackbacks, look for the <$MTEntryTrackbackData$> and replace it with <$MTFirewallTrackbackData$>. Also, look for the <$MTEntryTrackbackLink$> and replace it with <$MTFirewallTrackbackLink$>.

  7. Rebuild all individual archives.

Download Spam Firewall

Non-commercial use - FREE ( In exchange for the free use of this plugin, I ask that you install the MT Plugin Network plugin. Plugin Network will help keep you up to date on the latest version (and rules) of Spam Firewall and other useful plugins. [more info])

Also, donations are appreciated:

Commercial use - $97.00

Download Now

Download Now
Downloads: 287 (since 2/21/07)

Membership required, please sign-in or register:

As always, suggestions and feedback are appreciated. Please reply to this entry.

Blog Janitor is a plugin for Movable Type that preforms various clean-up tasks. In version 1.0, Blog Janitor can perform the following tasks:

  • Close comments on old entries.
  • Delete duplicate comments and trackbacks

Blog Janitor does his work automatically, you don't need to edit your templates. Just tell Blog Janitor the tasks you want him to perform (by adjusting the plugin settings), and he will go to work periodically (using the scheduled tasks feature of MT 3.3+).

Here are some details on his current skills:

Close Comments and Trackbacks on Old Entries

One technique for reducing blog spam is to close comments (disable commenting) and trackbacks on entries that are older than a certain number of days. This can be a tedious process to do manually, if you remember to do it. Blog Janitor can take care of this job for you. Simply enable Close Comments in the plugin settings for a blog, and tell Blog Janitor the number of days he should wait before closing comments on an entry. That's all you have to do, Blog Janitor will routinely check for old entries and close comments on them for you.

Delete Duplicate Comments and Trackbacks

Duplicate comments and trackbacks can happen in a number of ways. For example, a commenter may hit the submit button twice, thinking that the comment did not get posted the first time. Another common occurence is duplicate junk comments and trackbacks -- since spammer often post identical spam messages, your Junk folders may be full of duplicates. Blog Janitor is skilled a scanning your recent comments and trackbacks for duplicates. If you give him the order (by enabling duplicate checking in plugin Settings), he look for recent duplicates and delete them. Just tell him how many recent items to scan, and he will go to work every hour looking for recent duplicates. (Note: there is no "undo" when Blog Janitor deletes items, but he does leave a message in the Activity Log notifying you of which items he has deleted).

Settings

The Settings is where you give Blog Janitor his orders. Go to the blog you want, then choose Settings, then the Plugins tab, and then click on Setting for Blog Janitor. The settings look like this:

Requirements

  • MT 3.3x

Instructions

  1. Download the zip file and expand it.
  2. Upload the contents of the 'plugins' directory in to the 'plugins' directory of you MT installation (usually /cgi-bin/mt/plugins/)
  3. Adjust the settings as described above

Notes:

  • If you have a large number if entries in your blog, Blog Janitor will not close comments on every old entry the first time he goes to work. He gets tired if he tries to close comments on too many entries at a time, and his union contract states that he doesn't have to close comments on more than 100 entries each hour. (Okay, the real reason is to save your MT from excess load that might slow things down) Since Blog Janitor works on up to 100 entries each hour, it may take some time before he gets 'caught up'. For example, if you have 2400 entries on your blog, it will take about 24 hours for Blog Janitor to go through all the old entries and close comments and trackbacks.
  • Blog Janitor punches his time clock when he starts and finishes a task. For each task, he posts a message to the Activity Log that explains what task was completed, and how many seconds it took him to complete. If you are concerned about system load, keep an eye on the Log to see how hard he is working.

Get Blog Janitor

Blog Janitor is free for personal use:

Download Now

Download Now (Blog Janitor for Personal Use)
Downloads: 761

Membership required, please sign-in or register:

Commercial Use: $97

If you buy a commercial license, you will get priority for future features, and an advanced version of Blog Janitor that enables you to give Blog Janitor orders on a system-wide basis (so you can adjust the settings in once place for all blogs on the system).

As always, comments and suggestions are welcome - please reply to this entry.

Two months ago I posted about the CPU load effect of Comment and Trackback spam. In short, even when most of the spam gets correctly marked as junk, it can still have a major impact on the CPU load and memory usage of the server. This can make everything else run slower, and some web hosts may threaten to disable your account for hogging CPU resources.

Spam Firewall is a plugin for Movable Type that can help reduce this load. The goal of Spam Firewall is to block 80% of spam attempts before they reach MT's comment and trackback scripts. As the name suggests, it acts like a firewall protecting your MT scripts.

How Spam Firewall Works

Spam Firewall creates a PHP script that acts as a firewall. Once installed, when comments or trackbacks are posted, they get posted to the PHP firewall script. The firewall script will then scan the the request against a "Top 40" list of common spam patterns. If the request matches, things stop right there. If the request passes the test, it gets forwarded to MT for processing in the normal manner. Most spam is blocked quickly, without consuming large amounts of CPU and memory.

The Top 40 List

The key to Spam Firewall is a "Top 40" list of common spam patterns. The 40 spam patterns (rules) released today represent 80% of the spam that I have received in the past 8 days. Of a total of 14,405 spam attempts, this Top 40 list matches 11,541 of them (80.1%). The list is based on real spam attempts from the past week. I plan on updating the Top 40 list regularly.

Requirements:

  • MT 3.2+
  • PHP (Note: you do not need to enable MT's dynamic publishing to use Spam Firewall, but your server must support PHP scripts -- most do)

Instructions:

  1. Download the zip file and extract its contents.
  2. Within the main 'Spam Firewall' directory, there are two folders, one names 'plugins' and one named 'php'. Upload both of these folders (including sub folders and files) into the same directory as Movable Type (often /cgi-bin/mt).
  3. Go to 'Settings' on the blog you want to setup, then choose 'Plugins', then choose the 'Settings' link under "Spam Firewall". Then click the "Click here to install the Spam Firewall Template for this blog" link. This will install the Spam Firewall index template and rebuild it. Advanced users can change the Output File name if desired, but you should not change the Name of the template.
  4. (Optional, but highly recommended) Rename your comment and trackback scripts [More Info]. Because Spam Firewall hides the name of these MT scripts, now is a very good time to rename them.
  5. To setup Spam Firewall for comments, you need to change the comments submission form to point to the firewall script. Go to your Individual Archive Template and look for the following:

    action="<$MTCGIPath$><$MTCommentScript$>"

    and replace it with:

    action="<$MTBlogURL$><$MTFirewallCommentScript$>"


  6. To setup Spam Firewall for trackbacks, look for the <$MTEntryTrackbackData$> and replace it with <$MTFirewallTrackbackData$>. Also, look for the <$MTEntryTrackbackLink$> and replace it with <$MTFirewallTrackbackLink$>.

  7. Rebuild all individual archives.

Download Spam Firewall

Non-commercial use - FREE ( In exchange for the free use of this plugin, I ask that you install the MT Plugin Network plugin. Plugin Network will help keep you up to date on the latest version (and rules) of Spam Firewall and other useful plugins. [more info])

Also, donations are appreciated:

Commercial use - $97.00

Download Now

SpamFirewall.zip

Membership required, please sign-in or register:

As always, suggestions and feedback are appreciated. Please reply to this entry.

While there are many strategies for blocking, filtering, and reducing blog spam, many of them don't due much to reduce the CPU load incurred to handle all that spam. Even if you have strong MT spam filters, or close comments on your entries, spam may continue to cause increased CPU load, even if the spam is rejected or filtered.

As far as spammers are concerned, the automated ones don't care much (or even realize) that comments are closed on your entries. And they don't take the time to see if their attempts were junked or pubished. They will continue to submit comment spam and trackback spam. MT will refuse them, of course, but the entire MT application loads on every attempt -- the MT cgi scripts still incur load in process these, but likely not as much as a junked or successful comment submission. The main benefit to closing comments and using MT junk filters is to reduce / remove the clean-up effort, and to keep spam from be published on your blog. You end up with less published spam, but I am not sure how much CPU load is saved in these cases.

To address the CPU load of spam, you need to prevent/reduce spam hitting the MT cgi scripts. A temporary solution is to rename your comments and trackback scripts. Spammers will still try to hit the old URLs, but they will get 404 "not found" errors. This still incurs some load, but not as much as if MT had to handle those requests to reject or filter them. This solution is temporary because spammers will soon learn the new names of your scripts, and spam and load will increase thereafter.

A longer term solution is to attempt to block spam *before* it hits the MT scripts. mod_security is one way to do this. It is an Apache module that uses rule-based filters to block requests at an early stage. You still need a good ruleset, of course. In many, case you will need a dedicated server to use this, but some shared hosting providers support mod_sec to varying degrees. In recent days, spam attempt have increased on my server. Yesterday, mod_security blocked almost 4,000 spam attempts. Without mod_security, that would have been a lot for MT and my dedicated server to handle. My server would likely have crashed several times. But my blocking the spam before it gets to my MT scripts, I was able to weather the attack without a huge spike in CPU load.

This plugin acts as a "connector" between MT-Blacklist and Movable Type 3.2. The most recent (and final) version of MT-Blacklist was not designed to work with Movable Type 3.2. The reason for this is because MT3.2 included SpamLookup, a new spam filtering plugin. While SpamLookup may be effective for many users of Movable Type, some people (including myself) found that MT-Blacklist was more effective on their systems. It is for this reason that I have created this "connector" plugin.

The connector is not for everyone -- some systems will benefit more than others. In my opinion, systems with the following characteristics may be ideal candidates:

  • systems with many blogs
  • systems with a large number of entries
  • systems that had accumulated a large Blacklist before upgrading to MT3.2

Note that this connector plugin is not an alternative to SpamLookup. With Blacklist32 installed, comments and trackbacks will be scanned by both SpamLookup and Blacklist32. In some cases, each plugin may assign a junk score to the same comment -- keep this in mind when adjusting your spam score settings.

Requirements:

  • MT-Blacklist 2.04b (may work with prior versions, but I have not tested them) - MT-Blacklist does all the heavy lifting, Blacklist32 just hooks into it to make it work nicely with MT3.2. Download MT-Blacklist 2.04b
  • Movable Type 3.2
.

Features:

Blacklist32 includes the following 'hooks':

  • New comments and trackbacks will be checked for matches against your local MT-Blacklist. If a match is found, a junk score is assigned, and a feedback log message is added.
  • A "Despam Comment(s)" action has been added to the Comment Listing screen. Simply check the comments that you want to despam, and choose this action from the dropdown. MT-Blacklist will then despam the comments, extracting any domains for optional inclusion in the blacklist. Note that items are junked, not deleted.
  • A similar plugin action has been added to the Edit Comment screen, enabling you to despam a single comment from that screen.

Download Now

Blacklist32 v0.75

Membership required, please sign-in or register:

Installation:

  • Upload to the 'plugins' directory of your MT installation.
  • Adjust the junk score weight via Settings > Plugins, if desired (default is 1)

As always, questions, comments, bug reports are appreciated.

This plugin uses Javascript to hide the true location of you comments script, making it difficult for spammers to find it in order to bombard you with spam.

It is important to note that if you use this plugin, commenters must be using a Javascript-enabled brower in order to post comments.

I have been testing this plugin on one of my blogs for about 12 hours, and I have received zero spam in that time period on that blog. I will be installing it on all my blogs today.

Installation:

1. Download Now:

DisguiseCommentURL.zip

Membership required, please sign-in or register:

2. Extract and upload MTDisguiseCommentURL.pl to your 'plugins' directory within your 'mt' directory.

3. Open your Individual Entry Archive template and find the following line:

<form method="post" action="<$MTCGIPath$><$MTCommentScript$>" name="comments_form" onsubmit="if (this.bakecookie[0].checked) rememberMe(this)">

Delete <$MTCGIPath$> and <$MTCommentScript$> and replace with a fake comment URL. An example might be http://www.mydomain.com/postcomments.cgi -- but don't use this example! Make up something unique. Remember, the URL should point to a non-existent file.

2. In the same template, after the </form> tag, enter:

<$MTDisguiseCommentURL$>

3. Rebuild your Individual Archives, and you are done. Post a test comment to make sure it works.

Update (12/17/04 08:57 EST): I have just received a report that this trick does NOT work using the Safari web browser. This is likely becuase this is not the "proper" way to use BASE HREF. I will be posting a javascript version soon.

I tried this about 5 hours ago, and it works. I have received ZERO spam since I implemented this -- and I usually get hundreds a day.

The trick requires a simple template edit and works by tricking the spambots into think that your comment script is somewhere else. So when they try to spam you, they get 404 errors. Everyone else can post fine as usual.

Steps:

1. In your Individual Entry Archive, look for the following:

<form method="post" action="<$MTCGIPath$><$MTCommentScript$>" name="comments_form" onsubmit="if (this.bakecookie[0].checked) rememberMe(this)">

and replace it with:

<base href="<$MTCGIPath$>">
<form method="post" action="<$MTCommentScript$>" name="comments_form" onsubmit="if (this.bakecookie[0].checked) rememberMe(this)">

2. Further down the page, after the </form> tag, enter:

<base href="<$MTBlogURL$>">

3. Rebuild your Indivdual Archives, and you are done.

This tricks spammers into thinking that your comment script is in the same folder as your entry. Since I starting using this, I have received zero spam and about 50 'Page Not Found' 404 errors in my web stats, presumably spambots trying to look for my comments script in the wrong places.

In combination with this, you may want to rename your comments script, just to be safe. I have not done so, but it may help.

This trick -- like many others -- is easy for the spammers to work around. If enough people start doing this, they will make adjustments to defeat it. For now, however, it is working extremely well. :D

This is a hack I began using recently, in an emergency situation. Blog comment spam was creating a huge CPU load on my web server, to the point that it was causing server crashes and CPU restrcitions from my (now former) web host. I have heard increasing report of web hosting banning the use of Movable Type on their hosting plans for the same reason.

This an MT-Blacklist hack that automatically blocks the IP address of someone trying to post commnent that matches your blacklist. It does this using htaccess, so repeated POSTs from that IP will never reach the MT scripts, thus saving your CPU.

First, let me be clear that I agree with Jay Allen and Adam Kalsey's comments about the drawbacks of IP blocking. And I recommend that you read those posts linked to in the previous sentence, before using this hack. I do disagree with the general notion that "IP banning is useless", because it can reduce the CPU load, and that it the only benefit of this hack. This hack will not reduce your blog spam. It may, however, reduce the CPU burden of MT and MT-Blacklist while spam is being checked against the (ever growing) blacklist and blocked accordingly.

Requirements:

MT 3.1+
MT-Blacklist 2.0+
Apache Web Server

Installation:

1. If you haven't done so already, read the 2 posts that I linked to in the previous paragraph. This hack is not perfect, and those posts do a job explaining some of the reasons why.

2. Open Submission.pm for editing, found in /mt/plugins/Blacklist/lib/Blacklist/App/.

3. Look for the following line:

$message = $app->translate("MT-Blacklist comment denial on '[_1]'.<br />Author: [_2]; Email: [_3]<br />[_4] matched: [_5]", MT::Util::encode_html($blog->name), $com_author, $com_email, $item_type, '<a href="'.$item_url.'">'.$matches->[0]->{item}->text.'</a>');

For me this is on line 552. After this line, add:

### AutoIPBlock
my $remote_ip = $app->remote_ip;
my $htaccess = ".htaccess";
open(DAT,">>$htaccess") || die("Cannot Open File");
print DAT "deny from $remote_ip\n";
close(DAT);
###

4. A few lines lower (now on line 561), find the following line:

$message = $app->translate("MT-Blacklist comment denial on '[_1]'.<br />Author: [_2]; Email: [_3]<br />[_4] blacklist items matched.", MT::Util::encode_html($blog->name), $com_author, $com_email, scalar(@$matches));

After this line, add:

### AutoIPBlock
my $remote_ip = $app->remote_ip;
my $htaccess = ".htaccess";
open(DAT,">>$htaccess") || die("Cannot Open File");
print DAT "deny from $remote_ip\n";
close(DAT);
###

5. Another few lines down (now at line 579), find:

$message = $app->translate("MT-Blacklist ping denial on '[_1]'.<br />Blog: [_2]; URL: [_3]<br />[_4] matched: [_5]", MT::Util::encode_html($blog->name), MT::Util::encode_html($remote_blog), MT::Util::encode_html($remote_url), $item_type, '<a href="'.$item_url.'">'.$matches->[0]->{item}->text.'</a>');

After this line, add:

### AutoIPBlock
my $remote_ip = $app->remote_ip;
my $htaccess = ".htaccess";
open(DAT,">>$htaccess") || die("Cannot Open File");
print DAT "deny from $remote_ip\n";
close(DAT);
###

6. Another few lines down (now at line 588 ) find:

$message = $app->translate("MT-Blacklist ping denial on '[_1]'.<br />Blog: [_2]; URL: [_3]<br />[_4] blacklist items matched.", MT::Util::encode_html($blog->name), MT::Util::encode_html($remote_blog), MT::Util::encode_html($remote_url), scalar(@$matches));

After this line, add:

### AutoIPBlock
my $remote_ip = $app->remote_ip;
my $htaccess = ".htaccess";
open(DAT,">>$htaccess") || die("Cannot Open File");
print DAT "deny from $remote_ip\n";
close(DAT);
###

Note: Steps 3 and 4 above are for comments, and steps 5 and 6 are for trackbacks. If you nwat to enable this hack for only comments or trackbacks, you can skip steps accordingly.

7. In your 'mt' directory (directory where your mt.cgi file lives), upload a blank file with the name of '.htaccess' (note the preceding '.')

8. Test it by posting a comment with a string known to be on your blacklist. If it works, you will be banned from posting. It will also ban your IP from accessing the MT admin area, so you need to go in via FTP and remove your IP from the .htaccess file.

That's it. This is a simple, very rudimentary hack, that should only be used in mergency situations, where CPU load has become an issue due to repeated spamming by spambots.

Note: I am not an expert when in comes to CPU load and such. I don't know how much CPU cycles are saved by this hack. I do know that it seems to help a lot when my old server was crashing frequently due to CPU load.

You may have been recently hit by several waves of Trackback spam, including a major assault over the last 24 hours. These attacks are clearly automated, sending many pings in a short period of time. Even if MT-Blacklist is effecting repelling these attacks, it can still cause problems for some. In the past few weeks, MT-Blacklist was working so hard to block all the spam that it contributed to a heavy CPU load on the server, resulting in several crashes (I have since moved to a dedicated server). So I have been looking for ways to ease the burden of MT-Blacklist. For trackback spam, one of the first things I tried was to rename my Trackback script from the default 'mt-tb.cgi', thinking maybe that's how these spammers were finding and attaching my sites. It didn't work. Within minutes, they were hitting the newly renamed script. Based on this, it seems that there must be Spam Spiders at play here, crawling the web and sending trackback spam as soon as they find trackback URLs. And since they seem to have adapted to the new name, perhaps these spiders are looking for some other pattern, perhaps the text " The Trackback URL for this entry is". I have tried changed that text on all of my blogs, but I think it might help. Instead, I decided to disguise the Trackback URL so that it would be difficult for spiders to parse and attach my sites.

MTDisguiseTrackbackURL is a mini-plugin that replaces the MT function for the <MTEntryTrackbackURL> tag that is displayed in the Trackback Listing template. MTDisguiseTrackbackURL outputs the URL using a few javascript commands, breaking up the full URL in the underlying HTML code. But as long as your visitors are using a JavaScript-enabled browser, the URL will appear the exact same way that it does now, and they can easily copy and paste the URL manually.

If you want to seem an example, view the Trackbacks page for this entry, and view source to see the JavaScript code.

Installation:

Installation is very easy:

1. Download Now:

DisguiseTrackbackURL.zip.

Membership required, please sign-in or register:

2. Extract the DisguiseTrackURL.pl and upload it to the 'plugins' directory within your 'mt' directory.

3. That's all. Since Trackback listing pages are dynamically displayed, you don't need to rebuild anything.

As always, feedback is appreciated.


By the way, if you haven't heard yet, a critical bug has been found in the latest version of MT-Blacklist. Don't delete any blogs! Click here for more information.

This plugin is designed to be used with MT-BlackList. The plugin gives you the ability easily see stats about what is being blocked by your blacklist, including the ability to summarize and rank blacklist entries.

BlacklistStats is an adaptation of the Searches plugin by David Raynes. 99.9% of the credit goes to David, as I modified only a very small portion of the code to create this plugin.

Instructions

1. Download the plugin:

blackliststats.zip

Membership required, please sign-in or register:

2. Upload the "blackliststats.pl" file to the plugins directory in your MT installation.

3. Begin using the template tags described below

Template Tags

MTBlacklistStats - A container tag used for displaying statistics about your blacklist activity. The tags below must be used within an MTBlacklistStats container.

arguments:

days: to include blocks from only the last n days (e.g. <MTBlacklistStats days="7">)
lastn: to include n searches in the list (e.g. <MTBlacklistStats lastn="5">)
unique: to include only the latest instance of a particular blacklist entry (e.g. <MTBlacklistStats unique="1">)
rank: orders the blacklist entries by rank, the most common being the first (e.g. <MTBlacklistStats rank="1">), implies unique

MTBlacklistValue - The blacklist entry that caused the comment/trackback to be blocked (ie. viagra.com).

MTBlacklistDate - The date that the comment was blocked. This tag takes a "format" argument, which works the same as MT Date formats.

MTBlacklistIP - The IP address of the person (or server) of the blocked comment/trackback.

MTBlacklistBlog - The name of the blog on which the blog occured. This is useful if you have more than one blog.

MTBlacklistType - The type of block: 'comment' or 'trackback'

MTBlacklistRank - The rank of the blacklist entry. For example, the blacklist entry that resulted in the highest number of blocks would be ranked #1.

MTBlacklistTotal - The total number of blocks for a blacklist entry. For example if 5 comments were blocked containing "viagra.com", this tag would have a value of 5.

Also included in the zip file is a sample template. The template creates two tables:

Blacklist Stats - lists each block by date, most recent listed first.

Rankings - lists each blacklist entry, ranked from the most blocks to the least.

You may need to adjust the stylesheet and image paths. I used the stylesheet used by the MT admin interface.

Notes:

1. If you want keep your stats private, be sure to build the stats file in a protected area.

2. It may be a good idea to uncheck "Rebuild this template automatically..." and just manually rebuild the stats from time to time (especially if you have a large activity log).

3. The plugin pulls data from the activity log. If you reset the activity log, your BlacklistStats will also be reset.