Learning Movable Type: Preventing Comment Bot Spam with MT-Approval


Chad Everett has released a plugin called MT-Approval that presents an effective way to combat the comment spam brought on by spam bots that make up 99% of the comment spam most Movable Type users experience.

MT-Approval requires MT version 3.1 or higher.

MT Approval works by requiring that a comment contain an "approval hash" - a list of data that is generated in the comment form by a new template tag called <$MTApprovalHash$> on the comment preview template. Spam bots don't use the form on the preview template; therefore they are missing the hash when they try to post the comment directly to the comment.cgi and thus their comments never post.

MT Approval requires that you force a preview before someone on your site can post a comment.

Installing MT Approval

There are two paths for installing this plugin, depending if the Comment Preview Template you are using makes use of the <MTCommentFields> tag. First check your Comment Preview Template for this tag.

Install instructions for those using the <MTCommentFields> tag

  1. Unpack the zip file for the plugin found at Chad's site. Using FTP, upload the four unpacked files to your server in the following locations (where MT_DIR is the directory in which your MT cgi files are stored): MT_DIR/extlib/jayseae/approval.pm MT_DIR/plugins/Approval.pl MT_DIR/tmpl/cms/approval.tmpl MT_DIR/mt-approval.cgi Set permissions of these files to 755.
  2. Run the mt-approval.cgi. To do this open your main MT menu, scroll down to the bottom where the plugins are located and click on the MT-Approval plugin link.
  3. You will see the status of the program on your system. The first time you run this script it will say that it is not installed. Click on the "install" link to install it. A message will come up that tells you if it was a successful install or not. The status should then switch to "installed" with an option to remove.
  4. At this point you are done. Unlike users who do not have MTCommentFields, you only have to do this once for the entire installation, not for every blog.

If you have MTCommentFields in some blogs but not in others you will need to implement both methods.

Note that the MTCommentFields users do not have the ability to do the Javascript step outlined in the first set of instructions above. Chad is planning to add that to the install process.

Install instructions for those NOT using the <MTCommentFields> tag

  1. Unpack the zip file for the plugin found at Chad's site. Using FTP, upload the Approval.pl file to your MT plugins folder. Set the file's permissions to 755.

  2. Add the following tag

    <$MTApprovalHash$>
    

    to the Comment Preview template and the Comment Error template of your weblog. Put the tag right above the closing form tag </form> of your comment forms in those templates.

  3. Remove the post button from the Comment form on your Individual Entry Archive (assuming you have inline comments), or from your Comment popup template if you are using popups. The post button code that you need to remove looks like this:

    <input style="font-weight: bold;" type="submit" name="post" tabindex="6" value="&nbsp;Post&nbsp;" />
    
  4. Add the following Javascript to each of the input fields on your Comment Preview and Comment Error templates comment form (not the preview or post buttons):

    document.getElementById('post').disabled = 'true';
    

    For example, change the default Email Address input code from:

    <p><label for="email">Email Address:</label><br /> <input id="email" name="email" value="<$MTCommentPreviewEmail encode_html="1"$>" /></p>
    

    To:

    <p><label for="email">Email Address:</label><br /> <input id="email" name="email" value="<$MTCommentPreviewEmail encode_html="1"$>" onchange="document.getElementById('post').disabled = 'true';" /></p
    

    Repeat for URL and Name input fields.

  5. Add

    id="post"
    

    to the post button on the Comment Preview and Comment Error template comment forms. Changing the default post button code from:

    <input style="font-weight: bold;" type="submit" name="post" tabindex="6" value="&nbsp;Post&nbsp;" />
    

    To:

    <input style="font-weight: bold;" type="submit" name="post" tabindex="6" value="&nbsp;Post&nbsp;" id="post" />
    
  6. If you have more than one weblog on your MT installation that uses comments, repeat the steps for each weblog.

Inquiries regarding MT-Approval installation should be directed to Chad Everett at Don't Back Down

If you install this plugin and it saves you time and headache from spam, please consider giving Chad a Donation for his efforts!

Links: MT-Approval


Posted by Elise Bauer on December 17, 2004 1:13 PM to Learning Movable Type http://www.learningmovabletype.com/