Six Apart Move Forward on Comment Spam

Source Title:
Making Progress Against Spam
Story Text:

Anil Dash posts an update on Six Apart, the makers of MovableType and owners of LiveJournal and TypePad hosted blogging service's, progress on fighting comment spam. The plugins he lists are all proprietory to MT however, and it makes you wonder whether comment spam prevention is being used as a selling point for blog software market share...

One such innovation is MT Keystrokes, a Javascript plugin that sits on the commenters Browser and ensures they're actually typing the comment rather than POSTing it from a script - that's pretty neat i think, though i've not tried it as i don't use MT on anything (nor would i..)


What does it protect?

I still haven't seen any technical solutions that can block a team of Indian blogspammers. I bet that script dosen't prevent copy and paste :)

why wouldn't you..?

Yesterday, I purchased the MT Commercial version and installation for $299. It seemed like the easiest, most cost effective way to jump into blogging. I was looking for an application that was scaleable, and delivered search engine friendly pages. Was I wrong? Do you suggest somthing else?

Regarding if comment spam prevention is being used as a selling point for blog software market share, it factored in on my decesion process.

Thanks for providing a great site. TW rocks! This is my first post.


No, i dont think so Gus, and welcome to TW by the way, do introduce yourself

There are lots of different packages out there, and in one way or another they're all prone to abuse, but those features listed in the post at SixApart look pretty good and with just a little work and understanding most blogs can happily go about their business without being overy bothered by spam.

It just take a little bit of publisher responsibility and homework to get it all modded up right :)

Sending you a pm btw...

Nonproprietary fix

There's a fix that isn't proprietary.

It can be used by each website, or on the webserver itself.

The most prolific spammer bleeds some info that can be used to block him:
The HTTP:VIA part of the headers has this line:
1.1 pinappleproxy, 1.0 spcdmg
(possibly variations there, but pinappleproxy should be included in all hits, except those through high anonymity proxies)

So including
RewriteEngine on
RewriteCond %{HTTP:VIA} ^.+pinappleproxy
RewriteRule .* - [L,F]

in your .htaccess would block them

Or for webhosts, use mod_sec and block it there.


Still wondering when they'll introduce trackback moderation.

They already have redirects on comments, and the ability to disallow or control HTML.

However, nothing on trackbacks as yet - it's either on or off, and if it's on, you have to contantly remove crap.

Trackback spam

Brian wrote:

"Still wondering when they'll introduce trackback moderation"

On the WordPress side of things, I've been very pleased with Spam Karma's ability to handle nearly all the comment and trackback spam I've gotten. The main reason I didn't bother with the developer's referral anti-spam solution is that the perceptible delay as the script scans incoming requests isn't worth solving a problem that only I as the admin have to deal with through reading the access logs.


except those through high anonymity proxies

If you're spamming why would you use anything else but a high anonymity proxy? You can check if you're using one here:

Spamhuntress ...

What is that about pineappleproxy? Could you explain?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.