In the never-ending battle against comment spam, I'm trying a new approach. I've renamed the comment script to something aside from the default. This means that the bots shouldn't know which php file to post the comments directly to, and so the spam should pretty much cease.
If anyone has any troubles commenting, please email me directly (you know the address) so that I can look into it. I've tested things out, and I think there shouldn't be any hitches, but I still figured I'd warn everyone.
Hopefully this is the end of spam for me.
Testing comments...does it work?
Me too.
As far as I can tell, all comments are working. w00t! So far, no spam... the true test is to see what happens overnight. If I have no spam in the morning, I'll be a very happy boy indeed.
well another common attack is that the bot uses the form POST request to the form URI link, not that big of a deal for the bot to figure that out... ONE thing that I saw being done which I thought would rock, is to randomly change the field IDs of the form on the site, and keep it in session so that your comment script can snag it back and grab the value.
There's a big blog movement right now (google + LJ + blogger + etc) that adds rel="nofollow" to all of your links in comments... the problem with that me thinks is that my URL has to now appear in main posts and not just comments for the bot to index me :( ... damn
Good call Jake -- that's not a bad idea. I've heard of that trick as well. I only got 5 spams last night, which is a significant drop in activity, but it's still not zero. :-P