« Notes from the underground | Main | The sysadmin always knocks twice »

Anti-comment-spam tip

I’ve mentioned this in passing once before, but it bears repeating and calling attention to. A few months ago I changed the name of my Movable Type comment script to foil comment spammers. Some of them have bots which can figure out the new script name, but it appears that many of those bots have a bug: they can’t distinguish mixed-case URLs. Since my new script name has both capitals and lowercase letters (my personal shorthand for this site is F.o.P.,) and URLs are case-sensitive, I am seeing a lot of not-found errors in my log where spammers try to access the comment script using an all-lower-case URL.

So, if you’re changing the name of the mt-comments.cgi and mt-tb.cgi, try using mixed-case names. It’s not utterly foolproof, but it turns out the comment spammers are only run-of-the-mill fools.

Posted by pjm on March 12, 2005 4:06 PM |

TrackBack

Listed below are links to weblogs that reference Anti-comment-spam tip:

» Concerning Spam from Learning Movable Type
Update January 4, 2005: Check out The Six Apart Guide to Combatting Comment Spam from the makers of Movable Type. Spammers have discovered bloggers and sooner or later if you allow comments, trackback pings, or the Movable Type send-entry form on your... [Read More]

Tracked on March 12, 2005 5:01 PM

Comments

Good observation. Thanks!

Posted by: elise | March 12, 2005 4:57 PM

URLs aren’t case sensitive. They may expose underlying filesystems which ARE case sensitive, but that’s not the same thing.

Windows filesystems aren’t case sensitive; UNIX filesystems are.

Posted by: Jeff Atwood | May 11, 2005 6:14 PM

Wrong … domain names aren’t case sensitive but GET/POST requests are.

Ergo .. URLS are as they include the GET request.

If URLS were not case sensitive then how would the linux F/S know you were looking for ComMents.cgi rather than comments.cgi ?

Posted by: CJ | September 23, 2005 10:00 AM

Post a comment