Recently, the admin tool of this site is very slow. I didn’t pay enough attention until it takes about several minutes to load a page in MovableType admin. I found out it was because of the comment spams.
The log shows I am almost 1000 junk comments every day. In the peak time (6:00 – 8:00 AM), there are more than 10 comment requests in every single minute.
MovableType have great anti-spam features. It blocked all of them, but it requires a lot of resources to handle that. The result is, the server is slower and slower. Lunarpages, the hosting company ever emailed me complaining my MT installation sometimes consumes about 40% of one CPU, out of 4 CPU they have for the server.
It seems to be a serious issue.
Changed the Script Name
I guess the spammers may try to post to the default installation of all the MT based blogs: /cgi-bin/mt/mt.cgi. I decided to change the default script name from mt-comments.cgi to something new. I choose the name of the script to a random name.
Then changed the configuration so it is now the new comment script. The name ifuleuiycfi of the scripts reads:
I Fu Le U If You Can Find It.
Fu Le means admire in Chinese
Spams Comes After Me
To be honest with you, I don’t think they will check the page for comment scripts before posting spams.
I was wrong, deadly wrong. Within one minute, a new comment spam appeared, using the new comment script. I did a rename, so the previous comment script does not exist already.
New spams keep coming. I’d like to say: “I really admire you guys, spammers”.
Since many of the URL ends with .ru, I guess it comes from Russia.
The rule I set for anti-spam is, I don’t add additional work to people who comments. Quickly, I wrote a piece of code like this:
<form method=”post” action=”http://home.wangjianshuo.com/cgi-bin/mt/mt-comments.cgi”
onsubmit=”if (this.bakecookie.checked) rememberMe(this); s1=’http://home.wangjia’; s2=’nshuo.com/cgi-bin/mt/mt-‘; s3=’comments-ifuleuiycfi.cgi’; this.action = s1+s2+s3;”>
The form still direct the robots to mt-comments.cgi, which does not exist.
This time, the comment spams went away. I got only one spam in the last few days – obviously, this honest guy posted manually.
From the server log, mt-comments.cgi is really busy. A file not found error does not add as much burden to the server as a real comment.
So way to go, cheers, and jia you, those spam robots!