This will probably get me spammed, but I’ve been reading a lot the past few days (here, here and here, and the MT Pro list) about the horrors of comment spam, and how evil comment spam spiders are crawling sites for the path to mt-comments.cgi and then spamming the crap out of it. Me? I don’t really have a problem with comment spam. How I’ve been able to avoid it up to this point, I’m not really sure. I have several blogs, and none of them have been hit by more than one or two comment spams in their long lives (three years now for Ultranormal, two for Geekout and almost two for the photo gallery).\
But, I’m getting serious with the preventative medicine. I haven’t implemented all of these things, but I have done some of them:
- Don’t install Movable Type in the cgi-bin if your host allows it.
- Rename mt-comments.cgi (and update the CommentScript line in mt.cfg, removing the # in front of it).
- Use the Moderate plugin to close comments on old entries. This gives the spammers fewer available targets.\
I wrote a tutorial for doing a few of those. I’ll update it to add the form action bit and probably post it to Geekout in the near future.\
To me, the real problem here is that Movable Type’s default templates are vulnerable out of the box. Maybe if the default template set was a little more protected, comment spam wouldn’t be such a problem. I know the train has kind of left the station on this, since there’s already a huge installed base of people probably using slightly modified versions of the default templates. But, for future versions, a lot of these changes could be included in the default, protecting the vulnerable “newbie” from themselves.
Oh drat! I am immediatly demoted to being a noob! – I was under the impression that installing MT in the cgi-bin was the safest thing to do… Can you explain the pro’s and con’s please.
Nope, no noobdom for you. There shouldn’t be any security problems with installing it outside the cgi-bin, and it makes it a teensy bit harder for the spammers to find your comment script.
Sounds like sound advice…if only any of it made sense to me. Thank goodness I have you as my tech support!
ok…reloading fixed what i was talking about. guess I’m the n00b.
(is ur pen1s 2 sm.a.1l?)
Comments are closed.