URL Blacklists in MT: An OO Approach

October 5th, 2003

After spending 20 minutes banging together mt_honeypot.pl, I decided it was pretty lame. It might end up being of great use, but I doubt it. So I went ahead and implemented URL blacklists. And there goes another exciting Saturday night. (minus the time spent crashing the wedding party next door)

What I Did

My approach was to write a subclass of MT::App::Comments called MT::App::Comments::SpamBad, and then make the tweaks to mt-comments.cgi to call my SpamBad subclass.

How It Works

SpamBad looks for a directory called blacklists, and reads the contents of each file in that directory (in case for example you want to use other peoples lists as well as your own), one banned url per line, lines beginning with # are comments. It then compiles those URL into a simple regex which it checks against both the author’s url field, and the body of the comment. (My first reaction was this would be slow, but it isn’t, important to remember this is the kind of thing computers are good at)

Installing It

  1. Download the tarball.
  2. Backup your mt-comments.cgi
  3. Copy mt-spambad-comments.cgi to mt-commets.cgi
  4. Move the spambad dir to somewhere mt-spambad-comments.cgi will be able to find it. (like in the same directory)
  5. Move the blacklists directory into the same directory as the mt-spambad-comments.cgi
  6. Test it to make sure its working.
  7. Start compiling your blacklist, or jump start the process by downloading someone elses.

Next Steps

This was a quick hack, not that I’m unhappy with it, but wasn’t the product of weeks of planning, released ‘as is’.

I wanted SpamBad to be configurable, I assumed I’d be able to add config options to mt.cfg, but actually MoveableType makes it practically impossible. I really like Kwiki’s approach to this, I wish MT would adopt it.

Blacklist checking is just one possible approach, I forsee SpamBad perhaps applying a number of different heuristics, ideally via a plugin architecture. (that was a hint)

A faster scanning technique would be worth considering for future implementations.

Lastly

If doing some moderately serious (though it should still upgrade smoothly) surgery on your MT install makes you queasy, you might try this other approach.

Tagged: Uncategorized

Comments are closed.