Otaku, Cedric's weblog

Elevating the spam alert level

As some of you may have noticed, I have now installed CAPTCHA protection for comments on my weblog.  It was made necessary by the most recent of onslaught link spam that I just received.  MT-BlackList has worked really well for me ever since I installed it and until yesterday, the previous massive spam attack I received happened a month ago.

For some reason, MT-BlackList didn't stop yesterday's attack, which resulted in one hundred (yes, exactly one hundred) link spam comments to be posted across thirty blog entries.

What's comforting is that despite the sophistication of spammers, they still tend to always include some common pattern in their spam entries (IP, email address, top-level domain, etc...)  which makes it easy for me to obliterate their entire deed of evil in less than a minute.  Still, this creates a certain amount of stress on my servers and, as a matter of principle, I want to make their life as hard as possible.

So I installed a package called SCode, which is a CAPTCHA plug-in for Movable Type.  It's quite simple and uses a Perl library to display numbers in a picture.  There are much more complicated solutions (involving not only digits but letters of various fonts warped by random transforms while still identifiable by humans), but for now, I'd like to see if this simple system will be sufficient to foil comment link spam on my blog.

The installation was pretty easy but it still required me to edit Movable Type's source code directly, which is certainly a very unfriendly way to provide a plug-in.  I don't know if it's due to the its implementation or Perl, but the concept of plug-in in Movable Type is laughably primitive.  We are definitely spoiled in Java land.