So it occured to me today, after a weekend of comment spam and referrals from the MovableType donors list that maybe the donors list is being used as the stepping off point for the bot that's been nailing everyone from Asa to me to many of the people interested in Jay Allen's comment spam protection. The question is: what can you do about it?
And yes, I know that Asa's blog is not listed on the donors page, however I'm sure that there are more pages than mine that link to him either in their link lists or in their posts on a regular basis. Although links make it easier for us toshare information, things like weblogs.com are basically self-published mass mailing lists for us to be terrorized.
I didn't get any referrals from the MT donors list, but I was hit with the comment spam too. Sorry it happened to you too man, but I actually feel relieved that I wasn't the only one.
I've been going through and disabling comments on all my archived posts. Not the best or easiest solution, but it's all I got right now.
Just installed MT-Blacklist on my work sites (my offhours site uses an older version of MT. Installation was a piece of cake (and it automatically applied itself to all our blogs, rather than the usual MT way of making you check a box in each one). I'm sure the spammers will try to get around it, but for now, I'm keeping my fingers crossed.
Jon, You'd only get referrals from the donors list if someone clicked the link to get to your site. In reading about the latest comment spamming (the name given is Lolita) it seemed to specifically target MT blogs. A good way to get an MT only list would be to use the Donors list to populate your spam bot. No referrals from that, but the referrals I got were what made me think of it. For more info about the comment spamming, check out sixapart.com. They're most recent post has some good stuff.
Adam, thanks for the heads up. I read about that Sunday and missed the release yesterday. I'll probably try it out when I get home today. I don't know if you were aware, but Jay Allen also wrote the original search engine code that's built into MT currently. His stuff is pretty high-quality.
Spammers will always try to find another way, and people like us will always be looking for a beter rat trap. Just part of the way of things.
True enough, but this case is pretty extreme. It doesn't bode well that they were able to post several links on several entries on several sites so easily. I was really pissed off (still am) when I saw those links. There's got to be a permanent solution somewhere. Preferably one that will tie the bastards up in endless, painful litigation for eternity.
Meantime, I'm also installing MT-Blacklist and hoping for the best.
The reason it was so easy is because MT tends to lend itself to pages that are similar across sites. Your comment form, my comment form, and almost everyone else's comment forms are very similar. One way to protect ourselves may be to merely change our templates: change the field names, their lengths, etc, so that programatically it becomes more difficult to use one script to rape numerous sites.
The second problem is that the Lolita job seems to have come from numerous IPs in one block. You can trace back there (and according to the comments on Jay Allen's page some people have) but I don't know what that gets you as far as nailing one specific person.
It's very interesting to see how fired up bloggers have gotten over this whole thing. I wonder what will happen next. As many sites as they *did* get, it was still small scale (they didn't nail every entry, or even all the recent ones). What is there next trick? How about the bloggers' next move? We all install MT-Blacklist; then what?