After spending 20 minutes banging together mt_honeypot.pl, I decided it was pretty lame. It might end up being of great use, but I doubt it. So I went ahead and implemented URL blacklists. And there goes another exciting Saturday night. (minus the time spent crashing the wedding party next door)
What I Did
My approach was to write a subclass of
MT::App::Comments::SpamBad, and then make the tweaks to mt-comments.cgi to call my SpamBad subclass.
How It Works
SpamBad looks for a directory called
blacklists, and reads the contents of each file in that directory (in case for example you want to use other peoples lists as well as your own), one banned url per line, lines beginning with # are comments. It then compiles those URL into a simple regex which it checks against both the author’s url field, and the body of the comment. (My first reaction was this would be slow, but it isn’t, important to remember this is the kind of thing computers are good at)
- Download the tarball.
- Backup your mt-comments.cgi
- Copy mt-spambad-comments.cgi to mt-commets.cgi
- Move the spambad dir to somewhere mt-spambad-comments.cgi will be able to find it. (like in the same directory)
- Move the blacklists directory into the same directory as the mt-spambad-comments.cgi
- Test it to make sure its working.
- Start compiling your blacklist, or jump start the process by downloading someone elses.
Next StepsThis was a quick hack, not that I’m unhappy with it, but wasn’t the product of weeks of planning, released ‘as is’.
I wanted SpamBad to be configurable, I assumed I’d be able to add config options to mt.cfg, but actually MoveableType makes it practically impossible. I really like Kwiki’s approach to this, I wish MT would adopt it.
Blacklist checking is just one possible approach, I forsee SpamBad perhaps applying a number of different heuristics, ideally via a plugin architecture. (that was a hint)
A faster scanning technique would be worth considering for future implementations.