I have never, ever, in my 26 years of computer use regretted upgrading software more than when I installed Movable Type 3.2. Ever since installing it, I have been regularly receiving HUNDREDS of spam comments each day that are somehow not junked. The new "SpamLookup" filter is total shit. It doesn't learn ANYTHING. You would think that once you mark a spam as "junk" the filter would learn to mark all future occurrences as junk. You would be wrong. On top of that, marking commenters as "trusted" or "banned" doesn't work... they are never registered. Even worse, my feeble attempt to add keywords and keyphrases to the SpamLookup preferences have all met with failure. I don't know if it is because the entire plug-in is not working, or whether I am doing something wrong. Since there is ABSOLUTELY NO F#@%ING DOCUMENTATION, how can I know? I am familiar with perl expressions, and have tried dozens of different variations... but nothing works. I go to the SixApart forums for help, but nobody there is getting their questions answered.
I would switch to WordPress or another solution, but I just don't have time to create all new templates, import 1100+ entries, and figure out how to keep from breaking old links. So now my options are to either keep manually junking shit-loads of spam, or turn off comments entirely. I don't know who I am more pissed-off at... spammers, or SixApart for letting them get to me.
Now, if you'll excuse me, I just received another three email notifications for spam while I've been typing this. Oh wait... one of them is from Karla... make that two.
I love comments! However, all comments are moderated, and won't appear until approved. Are you an abusive troll with nothing to contribute? Don't bother. Selling something? Don't bother. Spam linking? Don't bother.
PLEASE NOTE: My comment-spam protection requires JavaScript... if you have it turned off or are using a mobile device without JavaScript, commenting won't work. Sorry.
You’re not the only one hating MT right now… I tried upgrading and got into such a quagmire that I ended up switching to WordPress and have been blissfully happy ever since! 🙂
Hate to sound like a WP evangelist, but it was worth the time to redo my templates because I have no more spam issues (at one point my host had shut me down) and I really enjoy the ease of use and awesome plug-ins.
Where is Anil Dash when you need him the most? He’s always commenting posts as soon as you mention Movable Type…
One would think that they’ve had a shitload of time to both test and document a new version as MT3.2 – apparently not. I even think that basically any other Blog software is better than MT in handling spam right now…
Have you tried blocking the IP:s with .htaccess rules? There are usually a couple of dozen IP:s that do all the spamming.
Sorry to hear about the spammers, Dave..
If it’ll make you feel better, blogger’s just as bad – even with the new ‘word verification’ thing.
In looking over WordPress docs, the thing that worries me are the perma-links for my existing MT entries. There are several solutions offered, but it seems that they don’t address all the various forms that MT static pages can take. I think mine would require custom programming to do the mapping.
The problem with the spam is that they are not traceable to the same IP address. Even though the message is the same, they all have wildly different IP addresses, so blocking isn’t going to help.
As for a response from Movable Type… I have no idea. This being the blogosphere, you’d think that they would do something to address the problems people are having. I’m not seeing it.
I find it odd that the “word verification” thing isn’t having much of an effect. Spammers must be finding a way to circumnavigate it? Sad really.
In many ways I blame bloggers who don’t monitor and eradicate spam on their blogs for the problem. The fact that so many bloggers just leave the spam there, means that spamming works, and spammers will keep doing what they do. If every blogger was responsible, and nobody allowed spam to sit on their blogs… then spammers would give up and go away.
I hope this helps. The MT documentation for 3.2 is here:
http://www.sixapart.com/movabletype/docs/3.2/
The beta documentation has been there for quite some time. It’s the documentation for SpamLookup that’s missing:
http://www.spamlookup.com/wiki/KeywordFilter
Just a blank page. Alas, I appear to be stuck.
Also, have a look at this link. It talks about some of the problems of SpamLookup
http://www.movabletype.org/support/index.php?act=ST&f=26&t=54310
I’ve discovered that the plugin is doing its job on my blog. It’s junked no less than ten spams this past week, and I didn’t know they existed. One flaw is that MT’s settings can be in multiple places. You can add to the “junk this” phrases from the main menu/plugin settings, but the controls which tell you how long to hold something in the junk file before purging is set in each blog’s individual settings.
Hmm… Maybe drop them a support ticket and ask them what’s what. Alternately, drop me an e-mail off list and I’ll see if I can help you tomorrow morning. One thing I do know: the whole “banned” and “trusted” element only works on TypeKey comments. If you allow “unauthenticated” users to comment, this feature isn’t going to help you.
I’ve considered switching to TypeKey-only comments, but I decided that was too limiting. But, then, I haven’t had the spam problems you have.
People on the forums have sent in tickets to no avail. Short of turning over my blog to somebody in the hopes that they can fix things, there’s not much I can do. I’m just going to tough it out as long as I can, and hope that documentation and bug fixes are released shortly. This is a gamble, because nobody at Six Apart is saying a frickin’ word.
I am dead-set against forcing commenters to use an authentication system. If somebody has a good thought about something I write here, I don’t want anything standing in the way of their posting it. That’s why I don’t install Typekey, which I feel gives the illusion of preference to those using it (and, in some ways, actually does). In fact, I don’t require anything for somebody to leave a comment. Some of my favorite comments were left anonymously, and the fact that they could forge names and addresses anyway, makes the whole thing academic.
Hi David. I use MT and never bothered with the plugins for spam because they never really seem to work for others I know who use them. On the other hand, I read a while back that the spambots that attack MT start with archived entries and move forward, testing for a live blog. Once I read this, I went back and turned the comments off on all of my old entries. Now instead of 17+ comment spams a day, I get one or two every couple of months. At any given time, people can comment on blog entries dating back about a month, but no further.
It’s not ideal, but it works. At least it might buy you some breathing time while you search for other solutions.
MT-Blacklist worked fine for me… simply because once I entered a spam to be blacklisted, I was not bothered by any future spam from the same source.
SpamLookup doesn’t work like this. Even if I junk a spam, I can get a hundred more comments with the EXACT SAME URL, because SpamLookup doesn’t “learn” anything. It’s just wave after wave of spams for me to deal with. And spammers are smart about it, because they change the IP address every time. It’s almost as if there is a spam relay network in place!
This would all be solved if I could get my perl-expression keywords to actually register. But they never do. Even the samples that MT ship with the plug-in do not work. This leads me to believe that, for some reason, my installation is not using the plug-in at all, though I can junk comments, so I just don’t know.
I’m spam?
Damn.
Damn damn spam spam.
Well, if I am spam, hey, want some Viagra? And I can get you some Xanax, cheap. And your ebay account needs updates, can you enter your account information and SSN and I will fix that right up for you? Oh, and my name is Mr. Mogootu, I live in Nigeria, and I am contacting you regarding your kinsman, Mr. Evil-Man Simmer, who has left me $135,000 dollars……
There’s a workaround. It’s manual labour, but it will teach Spamfilter to block the comments you want blocked.
When you’re hit with the junked spam, copy the URL, or the relevant portion thereof, go to the main menu, click plugins, scroll down to SpamLookup Keyword Filter and click show settings. Keywords to Moderate and Keywords to Junk boxes are there. That’s your blacklist.
Enter in the URL, or the portion of the URL that’s common with the other URLs you’re likely to junk, then head on over to Brad Choate’s website and rant at length over how SpamLookup can’t learn to junk comments automatically when older comments are junked.
SpamLookup does learn, but it learns more slowly. It assigns points based on whether you published a commentator’s e-mail address before, or published a URL before. It takes points away if more than X number of links are in a comment (you can set that number under Settings-SpamLookup Link-show settings, or if you’ve junked an e-mail or a URL before.
You set how aggressively SpamLookup goes against comment spam at the blog level, however (which is a frustrating oversight). Enter your blog, click “settings” and then “feedback”. Scroll to the bottom. There’s a section called “Junk”. You can raise or lower the Junk score threshold, which filters out more questionable material.
I hope this helps.
Dave, you just inspired me to write this. Hope it helps you at least a bit.
And we thank you for not requiring TypeKey authentication, Dave. Believe me. That is the one thing that keeps me from commenting over on WilWheaton[dot]net. I just don’t want to take the time. Registration is not that big a deal, but I just don’t want to do it for a single site. So I don’t bother. He’s got enough commenters as it is.
I’m sure if you switched over, I would make the leap and register (not being able to comment here would be painful), but you would lose a lot of the randomness inherent in comment posting. I love that about blogging. Anybody can comment and you meet new people that way. I have met way too many via comments posted on my blog and some of my preferred-read blogs.
Entering URLs and Keywords and IP addresses and adjusting scores does not seem to work for me. When I woke up this morning, I had four comments and 47 spams. 28 of them were this stupid t-e-x-a-s poker links which have been plaguing me since the very first day I “upgraded” to v3.2.
I have been putting the IP addresses for t-e-x-a-s in my deny list. I have the URL in my SpamLookup prefs. I have the partial keyword in my keyword list. I’ve done absolutely everything to try and keep them from getting through, but there they are all day long. Possibly because every single spam has a different IP address, but the same message? I would NOT be having this problem with MT-Blacklist!
At first I thought that SpamLookup wasn’t even working or something, but then I visit the junk list, and there ARE a few t-e-x-a-s spams already there. So who knows what the problem is. I just now wiped everything, and am starting over.
Anyway, thanks to James for your tips and Neil for your entry. I’ll go read it right now. Hopefully there is something there that will tell me what I am doing wrong? It’s strange, but I’ve spent HOURS on this, and am pretty sure I’ve examined and tried everything. I hope I am wrong!
Oh Karla… you aren’t spam. See, I took my count from three to two when I saw it was you.
Given all this spam crap, I am very interested in your cheap Xanax…
I switched to WordPress overa year ago. If you have the money, Mark Jaquith will do it for you. He is awesome.
WordPress rox! I have no spam thanks to Spam Karma 2 and Bad Behavior.
I had exactly the same problem you were having. This morning I went through and removed SpamLookup and reinstalled it. I also cleaned out all of the old files from MT 3.17 that were strays. Now SpamLookup appears to be working those damn “t-e-x-a-s” poker trackbacks are going straight to the junk folder.
Dave, sorry you’re having these problems. We’ve got thousands and thousands of users on MT 3.2 (including myself, and our company site) that are getting zero spam on Movable Type 3.2 with just the default SpamLookup installed.
This makes me think that there’s some configuration or setup problem that’s causing your installation to not be blocking spam. We know MT3.2 blocks all common spam right out of the box, and we’ve done extensive testing to make sure it does so, so I’d like to help however we can to make sure that everything’s set up correctly so it works for you.
Shoot me an email to let me know how we can help, or IM me at anildash any time. We’re revamping our documentation as well, but I think we should be able to get this solved for you very quickly.
I’ve solved the problem by ignoring SpamLookup altogether and using CCode as my defense.
This entire ordeal doesn’t make much sense to me. I made a fresh installation, and have quadruple-checked absolutely everything, right down to the permissions of every file. There’s nothing left of my old installation except the templates to cause any problems.
What’s puzzling is that SpamLookup will junk half of the spam, then let another half that has the exact same URL go right on through. Granted, the IP addresses are always different… this “t-e-x-a-s-poker spammer” must have enormous resources… but I would think that being able to block the same URL after junking hundreds of them would be built into the system. Spam is a way of life for a blogger, but I never had such problems with MT-Blacklist.
The really frustrating thing is that such a critical piece of the anti-spam puzzle… easily the #1 trial faced by bloggers… would be wholly undocumented at the time of final release! This is very, very sloppy, and should have never happened. I thought that by waiting until 3.2 was out of beta that I wouldn’t have to worry about such things. I mean, if Neil Turner can write out SpamLookup documentation in a few hours and share with everybody, then it’s pretty lame that SixApart couldn’t delay final release by a day to document the new spam solution that their product relies on. I realize not everything can wait, or else the project will drag on forever and never be released… but an entirely new way to handle the biggest problem a blogger has to deal with? This is not some ignorable cosmetic detail we are talking about documenting!
Of course, it’s easy for me to take pot-shots from the sidelines… I have no idea what goes into software development, nor the support required to handle new releases… but I do know that without proper documentation, you are pretty much guaranteed to frustrate users trying to work with the software. I hope that Six Apart can understand this, because I don’t relish the idea of having to junk nearly three years of work with MT to start over again with something else. But the software is only half the package, and if lack of documentation becomes a trend, I won’t have much choice.
I installed MT-Keystrokes and it eliminated 99.99% of comment spam. That is…instead of receiving hundreds a day I received 2 in 6 months.
Check it out here: http://overstated.net/projects/mt-keystrokes/
And you should still be able to run MT-Blacklist although you do need to change one line of code. See http://www.adventuresinurbanliving.net/2005/jul/14/a_slight_mtblacklist_hiccup.php
It’s done over 1,000 for me the past few days, I noticed this since I noticed a big jump from 59,000-61,000 the last few. (That’s 60k over the last 4 months!)
I’m running it with spamlookup (although I’m not really sure how to get it’s list to grow) although I’ve seen a few little things that makes me think it’s actually working too (but MT-blacklist is killing most before it sees it).