As some of you may have noticed, I have now installed
CAPTCHA protection for comments on my
weblog. It was made necessary by the most recent of onslaught link spam
that I just received. MT-BlackList has worked really well for me ever
since I installed it and until yesterday, the
previous massive spam
attack I received happened a month ago.
For some reason, MT-BlackList didn’t stop yesterday’s attack, which resulted
in one hundred (yes, exactly one hundred) link spam comments to be posted across
thirty blog entries.
What’s comforting is that despite the sophistication of spammers, they still
tend to always include some common pattern in their spam entries (IP, email
address, top-level domain, etc…) which makes it easy for me to
obliterate their entire deed of evil in less than a minute. Still, this
creates a certain amount of stress on my servers and, as a matter of principle,
I want to make their life as hard as possible.
So I installed a package called
SCode, which is a
CAPTCHA plug-in for Movable Type. It’s quite simple and uses a Perl
library to display numbers in a picture. There are much more complicated
solutions (involving not only digits but letters of various fonts warped by
random transforms while still identifiable by humans), but for now, I’d like to
see if this simple system will be sufficient to foil comment link spam on my
The installation was pretty easy but it still required me to edit Movable
Type’s source code directly, which is certainly a very unfriendly way to provide
a plug-in. I don’t know if it’s due to the its implementation or Perl, but
the concept of plug-in in Movable Type is laughably primitive. We are
definitely spoiled in Java land.