Viva La Resi-staunch: French Canadians (?) Help Fight Blogspam

Andy Makely sends me a translated link to‘s Flash Form, created to replace MoveableType blogs commenting form in an effort to prevent blog spam. The only thing it does is prevent form auto-fill scripts from spamming your blog, and the instructions mention to rename your mt-comments.cgi file which the SWF reads from an XML config file.

“Dude, this is worthless… the spammers can find the CGI file via google, and they hit the cgi directly, NOT my web page…”.

To accentuate my point, 7 minutes after re-activating my mt-comments.cgi after installation of the Flash comments, I got a new blogspam.

Then I got an idea. Some dude had written me in an email, talking about his solution. He basically added an extra form field for the user to type in a value, and have perl check to see if that value exists when the form data hits it.

The flaw in that theory is that the blog spammer can read your comment page, see the new variable Perl is expecting, and modify his/her script as need be.

…you can’t do that with Flash. You can decompile the script, but I don’t think most blog spammers know how to do that. Hidden form fields on HTML pages are easily spotted via View Source, but doing that in Flash requires a SWF decompiler… and I’ll have to test to see if they can spot the variable name when I get home to check via ActionScript Viewer.

SO, I added the variable with a whack value:

specialVar = “some whack string”;

To the “MTgotoAndComment.fla” file, and recompile to the form.swf, and replace the one they give you.

In Perl, I check for the value, and if it’s not there, I throw an exception… at least, that’s what the code looks like its doing, I don’t know Perl.

After some tests, it appears to be working. IF this solution does work after this weekend, I’ll delve into further detail of how I got it to work, and then I’ll rewrite this form for AS2.

…and to the blogspammers, I say…

Blogspam == DNS Attack

I’m starting to think blogspam is the equivalent of a DNS attack. Currently, I’m effectively shut down. I cannot blog, because if I post an entry, I cannot allow feedback. My comments, if opened, will be open to predations by hundreds of blog spam comments a day. I don’t have time to sort through and delete 300+ comments a day whilst ensuring the real comments stay in and get approved.

Now, this has been going on for the past 2 months. When I turned on MoveableType’s comment approval, it significantly helped my cleanup efforts because deleting un-approved comments was much faster than rebuilding the entry they had polluted, and no negative content was posted on the front of my site.

Things got so bad, my web hosting provider, Mediatemple, called my cellphone to inform me my site was consuming a lot of bandwidth because blogspammings were hitting my mt-comments.cgi during their weekely cron-job weekend forays. I’ve been imitating the admins behavior of renaming the file to mt-comments.cgi.removed when I needed a break, and back again to enable comments.

However, after my 2nd failed attempt to install a Captcha test, the best defense against scripts since scripts can’t “see” images, I had to re-install MoveableType since my pryings into Perl foobarred something. I chose to use the MySQL option instead of the Perl flat-file database since I know MySQL a little bit, and was pleased with the enormous speed improvements in site rebuilds. However, users started reporting they couldn’t comment. Whatever flag sets how many db connections at one time was being overwhelmed by the blogspam scripts.

Now, if you haven’t successfully obtained a single blogspam comment on my site in 3 months, why would you continue? Only 1 reason: To shut me down.

You want proof of their tenacity? Check the email address of this lastest blog spam comment (I renamed my mt-comments.cgi to mt-comments.cgi.remove):

Yep, blogspam; the poor man’s DNS attack.

I can’t blog without comments because that defeats the purpose of getting feedback, positive or negative. However, I want to continue blogging, and will do so once I find a solution.

A collegue and I are creating our own blogging solution with 2 goals being the driving forces behind it:
– easy to use. installation should be painless.
– built in blogspam protection

There are more, but those are the main 2 that are extremely important to me, and seriously lacking in MoveableType. MT Blacklist doesn’t work in newer versions of MT, and installing Captcha assumes you know and can debug Perl, which I can’t. This stuff should just work.

I’m tempted to download MT 2.66 and reinstall an older version of MT-Blacklist; when they actually worked. How can people screw up software this much?

Just to counter, unless you can provide me with a solution that does the following, I’m continuing on my own endeavor like Oscar Trelles, and building my own:
– allows comments anonymously
– supports blacklisting of urls
– supports captcha tests or other means of script prevention
– generates static content that is easily indexed by search engines
– is free, including the server-side portion that powers it

My apologies to those who have commented in the past 2 weeks only to end up with error pages. I’m defeated, for now. JesterXL always wins the game, and I’ll take this round as a defeat knowing I’ll dominate the next one. I realize I’m merely feeding the spammer by acknowledging his victory, but as a man of honor, I understand the game, and give credit were credit is due. Dude, this is war!

*** Update: I was told to go here, but my reservations are it is pretty much the same process that the Captcha test wants you to do with the same risk I’ll screw something up. Going to try to ease the pain…

MT Blacklist Works with MoveableType 3.1x

…for the most part. This necessary piece of anti-blogspam software is now updated to work with MoveableType 3.1x. I keep getting an error at the bottom of my screen, but the most important thing is happening:
– I can blacklist spam which auto-deletes new spammed entries
– new spam is no longer getting posted to my blog

I believe the error above is related to why the emergency release didn’t work; my db path in my mt.cfg was relative. The last version screamed something about a badobject, while this one had some nice “suggestion” information on what to do. Since I had the error with a suggested fix, it was easy to solve the problem myself after some tinkering. Blocks are not showing up in the Activity Log like they used to, but whatever; out of site, out of mind. I had to manually delete older entries which is extremely slower than Blacklist’s method for some weird reason.

Another weird thing is if the comment is already blacklisted, it doesn’t get deleted, thus I have to delete it manually. That seems dumb as the last version of Blacklist automatically did this. Secondly, there is no way to search older entries to delete comments that have blacklisted sites in it. I’m thinking those 2 missing functionalities are related. Regardless, there are some additional neat features. Jay’s definitely on a great dev path with this plugin; it’s definitely maturing into a full-fledged necessity piece of software.

Regardless, if your an upgrade addict like me and shot yourself in the foot because Blacklist didn’t work with the new MT, here’s your chance to gain control of your blog’s comments again without punishing yourself and your users with weird extra form fields, delayed/approving comments, or required TypeKey registrations.

MT Blacklist v2.01b

What is a blog?

Why should I care?

I was responding to SocialTwister’s post, and what started as a paragraph turned into a rant. I felt bad I wasn’t at the conference to help out. I love talking about this stuff, and because I can talk fast, even if I cover little, or my point is weak, at least I said a lot in a short amount of time to make up for it… at least, I keep telling myself that’s positive. I wanted to at least archive it here in hopes it’ll get picked up on web searches to at least ease the barrier of entry into blogging. Anyway, here’s what I think Blogging is, and will sell it.



A blog, web log, or online journal consists of a online journal, diary, or writing of things that interest you. Goals can range from wanting a forum to exchange ideas, gain feedback, judge reactions, share your knowledge & experience, showcase your weekly comic strip, showcase and share your photos/art/pictures, bookmark your favorite topics and hyperlinks, and/or to be a part of an online community with people who have similar interests… or just the opposite, and merely to lurk and absorb and read one or all of the above with or without partaking in responding and feedback.

What are examples of blogs?

Examples include online journals, sites devoted to collecting news stories and happenings related a specific industry, company PR which is more quick and direct to customers with the ability for feedback and responses, or communities consisting of many journals strung together intuitively mixing various elements of the above or not depending on the area of interest.

Real world examples include Macromedia company employee blogs, reflecting said employee’s tastes. Mike Chambers, Project Manager for Developer Relations has a lot of technical posts sharing knowledge, showcasing the future of one of their products Flash, and inviting community feedback. John Dowdell on the other hand has the pattern of posting news links, and commenting on whether they are useful, interesting, highlighting key points, and pointing out the logical flaws or mistakes the writer makes, showcasing the power of the community. An online comic strip, Penny Arcade, has a lot of video-game inspired comic strips. LiveJournal is an online community consisting of journals created by people form all over the world, could can easily link to each other, respond to each other?s posts ranging from daily life to development projects, and form community journals to allow many to post in the same arena.

What tools do I use?

For a personal journal with no technical knowledge, try TypePad. If you want to join a community, or perhaps learn if a community of blogging is right for you, checking,, and Finally, if your a techy, there are tons of software out there; just search on Google for blog software, and you’ll get a ton of review sites. I like MoveableType, but if your not a Perl fan, there are plenty of other PHP, ASP, .NET, CF, etc. out there.

Are there any dangers of blogging?

The pitfalls of blogging are having readers you don’t know about. This is not just a lack of knowing your demographic assuming your writing to an audience assuming this isn’t for just yourself. If you read a blog but do not respond to any of their posts, they probably don’t know about you. The same holds true if your mother, a significant other, or your boss reads yours. Just because they do not respond to your blog does not mean they are not reading it. Even if you obtain multiple blogs, one for personal entries and another for business, once online it tends to be always online somewhere even if you delete it, saved somewhere in the bowls of the internet.

Timestamps are another. If your employer see?s you posted a long entry, or series of entries, during work hours, will they care?

Revealing personal information is sometimes easier in writing, as the attitude that your writing in a personal journal is sometimes correct, and can give you a false sense of security. Some blogging sites do have ways in which to prevent your content to only be seen by registered users, and turn away internet search robots so it’s not categorized on some search engine, but your best bet is follow the old maxim, “I’m never sorry for something I didn’t say.” … that includes pictures, sounds, and video.

Additionally, even on blogs hosted by other servers, your sometimes apt to reveal personal information about yourself. This can be dangerous, more so for women, so be careful what you reveal, and KNOW who your talking to; anonymity is one of the web’s draws to the wrong people.

What is the point of blogging?

The gains are dependent on your personality and attitude. I do it because I want to share with my fellow man.

Writing is an outlet for some people. For others, putting down their thoughts about their day, life, or work so they can read them back later allows them to better reflect on things. Because others can comment, they can offer their perspective, experience, support, or distaste.

Companies gain from “1 click publishing”, whereas you can log into the software, write your post, and click publish… your done. This revolutionized PR at companies like Macromedia and Microsoft, empowering them to more quickly send information out to the community, interact with said community, and once a part of the blogsphere they can obtain a truly personal understanding of just some of the communities concerns without paying research fee’s, as well as being able to interact.

Others enjoy maybe not so much to post any entries, but rather read others. Whether it be a favorite news site, someone how makes fun and is a critic of other news sites, an audio blog, a photo blog, or blog communities in which you can read about other people’s daily lives, all from the comfort of your desk. Whatever float’s your boat.

I personally have one for my personal life to get things off my chest, one for promoting myself in the tech world as well as to share ideas with said tech world as well as geek things I find. My fianc? has one for knitting since she is new and loves getting help to save her frustration, as well as a professional for her career and sharing tech news she’s interested in.

Some people may have interests or work they are involved in that is unique, and the only way they can communicate and share with others in their field is via the blogsphere which is a lot more enriching and lasting than mailing lists or forums. Everyone blogs nowadays; your bound to find someone who has interests on par with what you do.


Blogging can offer monetary, emotional, spiritual, physical, and insightful gains. Go read some, and try it out! Your either surfing the personal internet, or adding to it. Either way, you can be part of the blogsphere.