Oh Andrea!!...I would so much miss your blog, if you had to discontinue it, or remove the comment section. Sorry I can't offer any fixes. I am such a "techno-phobe" myself, it's a wonder I can even turn my computer on.... All I can say is, "mean people suck!!!" and about all those heartless spammmers who would disrupt a beautiful and positive blog like this one...they all obviously have way too much time on their hands, and possess very mean spirits. Please don't let negative people like that ruin this blog. The world needs the positive energy and sharing that you provide here.

Starting with MT 2.66 there's the option of a 'throttle' line in your mt.cfg file, which disallows anyone making comments within the specified time (e.g. mine is ThrottleSeconds 120 so if a comment is posted, another comment can't be posted from that IP again for 120 seconds. I get almost no spam since I added this, and when I do it's one at a time). There's also some sort of auto-ban feature if someone tries to post a comment a certain number of times in a row, I've only been notified once that this happened, the throttle alone seems to drive the would-be spammers away. MT3 has other anti-spam features like comment registration and moderation -- you can upgrade for free if it's just this one blog and just you posting to it. http://www.movabletype.org/get_movable_type_personal.shtml

Andrea - I read at Sekimori's site Sunday a new trick that may help: from www.sekimori.com:

From the Hostmatters forums, a bit of wisdom on circumventing nasty MT comment spammers:

The key is that spammers have automated scripts that look for Moveable Type blog sites and they then post to our comments using a direct call to the "mt-comments.cgi" script. If you installed Moveable Type into the default directory (/mt) then they know exactly where the script is and how to call it.

The solution is simple: rename the script to some odd name (ex. qwerty.cgi) and edit your mt.cfg to point to the renamed CGI script. Look for the line that is commented out and reads "# CommentScript mt-comments.cgi". Uncomment the line and change the name of the script to the new name. You need to rebuild the site before it takes effect. Users will not be able to post comments while you are doing this but the entire process only takes a few minutes.

I've been getting slammed with around 30 comment pr0n spams a day lately, trying this method in 3, 2, 1...

Hope it helps!
coop

try this link:

http://www.google.ie/search?hl=en&ie=UTF-8&q=blocking+movable+type+spam+comments&btnG=Search&meta=

all sorts of info.

i am having the same problem. :-(

i wish in the power editing screen there was a way to delete all the comments from posts.

I've been having the exact same problem! Deleting the spam comments one at a time (painstaking! frustrating!) has been my only coping method in the past. Recently I discovered that the majority of them were coming from the same IP, so I've been using MT's IP Blocking option. This, along with a little My SQL magic, has helped me erase all the spam comments I've been getting over the past year and a half. Since you're using MT Blacklist, you're already a step ahead of me, though. I wish I had a better solution for you - all I can do is commiserate with you & tell you what a relief it is that I'm not the only one having this problem.

I recently received my first spam block, too, from Japan. BUT, it was throttled thanks to MTblacklist. So, question: are you regularly updating blacklist for new and known entries? You need to get the latest version and add it to your site yourself.

Yes, also, you may want to add metas to your blog templates that instruct search engines not to index, not to follow, not to index pictures and so on. You won't want to do it for your biz site, of course.

Then, my robots file does not allow any robots and agents. None of them. Who breaches this gets banned from my site and is reported.

.htaccess is very powerful, and there are very good lists out there that know most of the actual spammers.

There is a validation feature for comments which basically forces a commenter to verify they're human by typing in a short code before accepting the comment. Maybe this works on your MT copy.

Lastly, yes, changing the name of your comments cgi. There are good tutorials out on the net. http://www.elise.com/mt/ has many good tutorial and links.

Switching to another CMS is quite useless, they come with their own set of problems and neither are spamsafe.

I had some things at hand, but can't find them back right now...if you want me to look for more, let me know?

I think if you'd close your comments for the time being until you're back with a spamsafe version...no one would take offence. They all know your email, don't they.

I use a robots.txt file to keep ALL search engines and spambots from indexing the directory where I have Movable Type. In the 3 years I've been using MT, I have not had one single spam comment on any of my blogs so I think it works pretty well.

Here's a tutorial:

http://www.searchengineworld.com/robots/robots_tutorial.htm

P.S. I also use the close comments script on one of my blogs, but mainly to keep people from commenting on older, archived entries. It was easy to implement and that may be alternative for you. (I don't use it on my other blogs because there are certain entries on which I'd like for comments to remain open.)

I close comments on my old entries and only keep about a week's worth of entries open. This makes it more manageable when I do (oh and I do) get spam.

most likely its a spam-bot that searched for 'mt-comments.cgi' and spammed to their little hearts content. you could easily rename that file to something unique, change the appropriate setting in the mt.cfg file, and then rebuild your site. that should prevent a similar attack.

OOP.S. Thats 'delivering' or 'delivery of'hug to Jen.

Andrea - Firstly ~ THANK YOU for delivery the hug to Jen, so appreciate that. I am so technically challenged that it adds a new dimension to the whole concept of technically challenged. Perhaps this is worth knowing though - djblurb@blurbomat.com I got a reply that said 'This message was created automatically by mail delivery software (TMDA). It then required me to send an empty message to a listed address before my message would be released. The confirmation I would be sending back would verify my message as legitimate and not junk mail. Not sure if this is what you need ~ hope it helps. He is extremely helpful and would be a great source of advice. Good Luck and PLEASE DON'T GO AWAY!

I have had this problem too. Most frustrating....all of the offending comments I received came from different addresses (and none of them are "valid"...I bounced them all back and received system administrator replies). I hate to say it, but I decided to close my comments :( If there is a way to work with this problem I am all ears to hear it. And of course if I come across a solution I will pass it on. Good luck!

Are they all from the same address? If so, you can block comments from known offenders, at least you can on typepad. Seek help from uber-geeks. Chant. Pray. Tell the offenders to sod off. Good luck! The thought of you not having comments on your blog fills me with sadness.

my completely unhelpful smartass answer is : switch from MT to another content management system.

but i hate being a smartass, so instead i will say, keep plugging away on the support forum and start emailing some of the more techno saavy people that still use MT.

good luck.

we would miss you too.