So I got my first two comment spams in forever in the past 3 days. Not exactly sure how the spammer is getting past the SCode, unless the spammer is doing it manually.
Here's the info my apache logfile:
212.160.128.114 - - [13/Nov/2004:19:14:03 -0600] "POST /cgi-bin/mt/mt-comments.cgi HTTP/1.1" 200 2322 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
212.160.128.114 - - [13/Nov/2004:19:14:03 -0600] "GET /cgi-bin/mt/mt-scode.cgi?code=13 HTTP/1.1" 200 221 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.0.1) Gecko/20020823 Netscape/7.0"
212.160.128.114 - - [13/Nov/2004:19:14:06 -0600] "POST /cgi-bin/mt/mt-comments.cgi HTTP/1.1" 302 5 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
Looks like an IP from Poland. One weird thing is that the browser ID from the image GET doesn't match the one from either POST, which leads me to believe that it's some sort of automated system, and not a person at browser. On top of that, the second POST (which resulted in the comment, I'd guess) was done 3 seconds after the GET request was received. A person would have to be pretty fast to have the image load, read it, then enter the 4 digits, and finally submit all in 3 seconds. But it's not impossible.
Just in case it's an automated system, I decided to spice up my scode with some code taken from a comment left at the SCode post above by timtak. (An English professor in Japan, from what I can tell). My scode should hopefully be a little harder to read. If lots of people started adopting SCode, it was only a matter of time before someone wrote a script to read the numbers from the image. But if someone is leaving spam by hand, then more power to them. I'll just have to delete them by hand.
If anyone wants my updated mt-scode.cgi, just leave a comment (faster) or send me an email.
Posted by ramk at November 13, 2004 09:33 PMi started getting spam over the weekend too with my MT blog. i installed mt-blacklist which seems to be doing the trick so far.
Posted by: john at November 15, 2004 05:56 AMI don't like blacklist for a few reasons. You are dependent on someone else for your spam blocking. See here:
http://www.jayallen.org/comment_spam/2004/10/master_blacklist_stagnation
If you use MT 2.x and Blacklist 1.x, then you are currently out of luck unless you upgrade. And it's understandable the guy expects everyone to upgrade.
He has some good ideas in 2.x like the Max URL thing (which makes sense), and the old entry comment moderation (where most of the spam comes from). But the old entry comment moderation requires manual effort on your part, which I don't like. Also, how big is the blacklist eventually going to get? And what if something that isn't actually spam gets blacklisted?
The system of course, has it's positives. And the Scode system has it's negatives (doesn't work for blind people), but I'd rather stick with the accessibility problems then the other problems. I guess I'll add a little line saying 'email me if you have a comment and you can't post it' to catch the small percentage of people who can't read the scode.
Posted by: Ram at November 15, 2004 12:51 PMsome positives that i like:
-your blacklist can involve regular expressions
-it works across multiple MT blogs (which i have)
i definitely think your system is better. can you email me your mt-scode.cgi?
Posted by: john at November 15, 2004 01:54 PMhello ramakrishnan. will i be able to download s-code by using windows automatic update? i'm afraid that as an average computer user, i cannot do much more. how much is it to install such a device on my web-page? Can you do it for me for free?
just kidding. I see you switched to 5 digits. thats a little nuts for one spammer. i somehow managed to get scode and BL to work, i forget how. doesn't matter. cant view my own page anyway since its ass slow from china. yours and sunny's works fine tho. got in on that 1and1 deal way back. free hosting... shoulda known.
Posted by: jackson at November 18, 2004 02:49 AMspam got past your scode? wow. that's nuts. I guess I avoid the majority or problems by not having my page crawlable. still get the odd bastard spider ignoring the rules but no spam thus far.
you thinking of upgrading to mt3? I'm still waiting on plugin updates...
Posted by: Dan at November 19, 2004 04:53 PMHello, I am interested by your version of scode that cannot be defeated by bots.
Thanks in advance,
Sam.
I've noticed the same thing. And those spam bots are draining too much system resources... I ended up using mod_security to handle the problem.
May I please have a copy of your modified MT-Scode? Just to increase my protection.
Thanks.
Posted by: Antony Shen at November 21, 2006 08:30 PMHi
I am glad you are enjoying the MT code. I still use an old MT with this code on my blog.
I am a english prof of sorts in Japan. But someone turned my homepage into a link farm. I would be very grateful indeed therefore if you would be so kind as to remove the link to my old page.
Best,
timtak