Over the last few days we’ve had something like 200 spam comments posted to this blog, so I’ve been forced to invest a few hours of my time deleting those comments, and trying to find a way to solve the problem in a more permanent, automated way in the future.
We’ve got some comment filtering in place now, which should mean that the spam comments at least only get seen by the blog admins (thus they don’t get spidered by Google et al, which is presumably the reason for spamming in the first place; and it also means that you, dear reader, aren’t bothered by them either).
The blog software does have provision for blocking by IP address, but like e-mail spam it tends to arrive not from one or two sources, but from a multitude of machines, so having a simple list of banned IPs is never likely to be practical. However I took the list of IP address seen in the last couple of runs of comment spamming, and cross-checked them against some well-known DNS blacklisting services, traditionally used to protect against e-mail spam. About half of the blog spamming IPs were listed in those blacklists, so if anyone happens to know of a MoveableType plugin which can do DNSBL lookups, please let me know!
Without going into any detail, I’ve taken a few other measures to protect against this problem; it shouldn’t have broken anything, but if it has, please let me know about that too