Learning Movable Type: Concerning Spam

Learning Movable Type: Concerning Spam

Spammers have discovered bloggers and sooner or later if you allow comments, trackback pings, or the Movable Type send-entry form on your weblog you will get spammed.

Weblog spam appears in many flavors:

1) Basic comment spam. The spammer leaves a short uneventful message in a comment field in one of your entries. The spam comes from the URL placed in the comments URL field. These URLs link back to every conceivable scam. The spammers leave URLs here to create a link from your site to theirs, thus increasing their Google ranking. Spammers are also now linking to legitimate sites that have not cleared their pages of comment spam, thus increasing the Google rank of those spam links. This all goes to show you that you really do need to check the links of anyone who leaves a comment on your site.

2) Trackback Spam. Spammers have discovered how to take advantage of Trackback. TrackBack spam is very similar to comment spam. The spammer sends TrackBack pings to your site that direct viewers to a totally unrelated URL.

3) Comment flooding. The spammer uses an automated computer bot to flood your blog with spam messages, up to hundreds in an hour. The spammer doesn't necessarily leave a URL, but leaves garbage messages, almost like a graffiti artist.

4) Referral spam. The spammer links to your site from their site, and then pings your site through their link, thus creating a reference and link to their site on the statistics referral log of your website. When you are reviewing your stats and see the reference to an odd site (ex. Paris Hilton), clicking on the link takes you to their site. Many people list "referrals" on their site publicly, so by spamming referral logs, not only does the spammer get a link on your referral log (which is picked up by Google) but may even get a link on your main page.

5) Send-mail spam. If you are using MT's "send entry" — a form to send an email of your entry to a friend — the spammer uses your mt_send_entry.cgi script to send spam or viruses to others using your email address in the return field. You can tell that this might be happening if you start getting rejected emails bounced back to you that you never sent in the first place. There was a vulnerability in earlier versions of MT that allowed this to happen.

How do you fight spam on your blog?

MT3 offers Typekey authentication that ...