There's a new version of Movable Type, version 2.66, which is apparently a stopgap to help deal with comment spam until Version 3.0 is released. It will allow you to require that a certain amount of time pass between the posting of comments from a single IP address. It also uses redirects to link to URLs in comments, as this will not boost Google page ranks, which is what comment spammers are looking for. Unfotunately, this new version currently does not play well with MT Blacklist, but Blacklist author Jay Allen says he'll have a fix soon.
I may or may not install that, since I'm pretty happy with things as they are now. I do strongly suggest that any Blacklist users reading this consider adding the following regexp to their master lists, which will block all .biz URLs (just copy and paste it in as is):
[\w\-_.]*\.biz
I say this because within the past hour or so, I've blocked about 50 comments containing such URLs, according to my activity log. I'm sure if this particular bot came after me, it'll come after you next. Even if you don't want to do this, or you don't have MT Blacklist installed (install it! really!), the IP address that this particular scuzzball used is 63.202.139.82, so do yourself a favor and block that.
UPDATE: Jay Allen himself suggests a more comprehensive regexp than the one above:
([\w\-_.]+)\.(ru|ro|biz|ag|ws|tk)
I don't think I've had any spams from those other domains, but that doesn't mean I won't. I'll make an update soon. Thanks, Jay!
UPDATE: Well, in testing Jay's bigger regexp, I discovered it wants to kill comments from Rob Booth, and anyone else whose personal URL starts with www.ro-something. That won't do, so I've added a word-boundary tag on the end. The regexp is now:
([\w\-_.]+)\.(ru|ro|biz|ag|ws|tk)\b
This properly ignores Rob's www.robbooth.net URL. Use it at your own risk. I suggest you try running a big de-spam after adding something like this to see what else you might catch. Among other things, I realized that my .biz prohibition would kill any link to a Yahoo! business story. I can live with that, but you may not like it. So caveat emptor, and drop me a note if you have any questions.
Posted by Charles Kuffner on January 19, 2004 to Administrivia | TrackBackPersonally, I am using this one:
([\w\-_.]+)\.(ru|ro|biz|ag|ws|tk)
That regexp was crafted using the combined knowledge culled from what I see in the Clearinghouse plus the real comments I get on my site. It's probably not for everybody, but I have never gotten a non-spam comment from any of those domains and they are all very very spammy. Works well...
Posted by: Jay Allen on January 19, 2004 7:47 PM