Akismet for Movable Type v2

I recently saw a discussion over at 456 Berea Street discussing the etiquette of posting comments and how it had become difficult to manage them due to the huge increase in comment spam.

Akismet, the latest anti blog-spam wonder from the developers of WordPress, was mentioned several times, but unfortunately he’s running an older version of Movable Type so can’t use the official MT Akismet plugin as it’s only for v3.2 and above.

I thought it might be a good idea to provide a solution to this problem…

I’m in a similar situation to Roger in that, of the several sites I manage, I’ve got an old v2.6 Movable Type install — not this one, obviously — that has had its fair share of customisation, and I’ve simply not got enough free time to migrate it to WordPress. (Upgrading to 3.x isn’t an option due to Six Apart’s drastic licence change back when they released v3.)

Over the course of time I had made several modifications to cut down on spam: renaming the comment submission Perl CGI and adding an extra custom POST parameter to stop automated posting; creating multiple comment forms — along with text explaining which form to use, for accessibility — and hiding them with CSS, etc.. But still the spam was getting through, and getting worse.

After a particularly annoying batch of over a hundred spam comments in five minutes, I finally caved in and hacked Akismet into Movable Type v2.6. It’s pretty basic stuff, with the hard work being done by the Net::Akismet module, but it works. I thought I’d better share it with the general public as I’m sure there are still a good few Movable Type 2.x holdouts for whom it may be useful.

Pros & cons

Here’s a good overview of the general pros and cons of Akismet.

The main positive of this hack is that, umm, you’ll get less comment spam!

It should also cut down on server load by reducing page rebuilds. MT v2.x generates static HTML pages so each time a comment is added it’ll have to regenerate the particular entry and all its comments. This is a rather CPU intensive process; imagine a hundred spam comments being added in quick succession and you’ll see the advantage, as will your webhost if you’re on a shared server.

The primary disadvantage of this hack is that there’s no mechanism for correcting false-positives or reporting false-negatives. As I’ve never had a false-positive with the many WordPress sites I administer I’m willing to live with this, you’ll have to decide whether this is acceptable to you.

Another downside is that, should the Akismet server go down or stop responding, your visitors won’t be able to post comments. I’m not sure what the reliability figures are for Akismet’s uptime, anyone care to comment? Comment posting may also become somewhat slower due to the added Akismet lookup delay.

It’s also a hack rather than a plugin, so you’re directly editing source instead of adding a few files. Usually this would be a major hindrance to incremental upgrades, as you’d have to diff any changes and apply them to the newer source, but as MT v2.x is obsolete this isn’t really an issue.

Installation

There are seven steps to install the hack and it should take less than fifteen minutes to get it tested and working.

  1. Get yourself an Akismet API key.
  2. Download Net::Akismet and unarchive it.
  3. FTP the “Akismet.pm” file to your webserver’s Movable Type installation location into the “extlib/net” directory. For me this is “/cgi-bin/mt/extlib/Net/” (HTTP.pm and HTTPS.pm should already exist there.)
  4. Edit the following code block, replacing “yourkeyhere” with your Akismet API key and “http://yourwebsitehere.example.com/” with your website’s URL.
    #  --- MTv2Akismet comment spam checking code v0.1 ---
        require Net::Akismet;
    	my $akismet = Net::Akismet->new(
                            KEY => 'yourkeyhere',
                            URL => 'http://yourwebsitehere.example.com/',
                            USER_AGENT => 'mt-v2_akismet_hack/0.01 | Akismet Perl/0.02',
                    ) or return $app->error($app->translate('Key verification failure!'));
    
    	my $verdict = $akismet->check(
                            USER_IP                 => $comment->ip,
                            COMMENT_CONTENT         => $comment->text,
                            COMMENT_AUTHOR          => $comment->author,
                            COMENT_AUTHOR_EMAIL     => $comment->email,
                            COMMENT_AUTHOR_URL      => $comment->url,
                            COMMENT_TYPE            => 'comment',
                    ) or return $app->error($app->translate('The spam-checking server is not responding!'));
    
            if ('true' eq $verdict) {
                return $app->handle_error($app->translate(
                    "You are not allowed to post comments."));
            }
    #  --- end MTv2Akismet comment spam checking code  ---
  5. Now navigate back to your base Movable Type installation directory and drill down into “lib/MT/App”. Make a backup of “Comments.pm” before opening it in a text editor. Find the line containing “$comment->save;” and insert the aforementioned comment code immediately BEFORE it. Save the file and upload. OK, that’s the comments done!
  6. Now we want sort out the trackbacks & pings. As before, edit the following code block, replacing “yourkeyhere” with your Akismet API key and “http://yourwebsitehere.example.com/” with your website’s URL.
    #  --- MTv2Akismet trackback spam checking code v0.1 ---
        require Net::Akismet;
    	my $akismet = Net::Akismet->new(
                            KEY => 'yourkeyhere',
                            URL => 'http://yourwebsitehere.example.com/',
                            USER_AGENT => 'mt-v2_akismet_hack/0.01 | Akismet Perl/0.02',
                    ) or return $app->_response(Error =>
              $app->translate('Key verification failure!'));
    
            my $verdict = $akismet->check(
                            USER_IP                 => $ping->ip,
                            COMMENT_CONTENT         => $ping->excerpt,
                            COMMENT_AUTHOR          => $ping->title, #$ping->blog_name,
                            COMMENT_AUTHOR_URL      => $ping->source_url,
                            COMMENT_TYPE            => 'trackback',
                    ) or return $app->_response(Error =>
              $app->translate('The spam-checking server is not responding!'));
    
            if ('true' eq $verdict) {
    			return $app->_response(Error =>
                  $app->translate("You are not allowed to send TrackBack pings."));
            }
    #  --- end MTv2Akismet trackback spam checking code  ---
  7. Using your FTP app, navigate back to your base Movable Type installation directory and drill down into “lib/MT/App” again. This time, make a backup of “Trackback.pm” before opening it in a text editor. Find the line containing “$ping->save;” and insert the above trackback code immediately BEFORE it. Save the file and upload. OK, that’s the trackbacks done!

All done!

Now, when someone posts a comment it’ll be checked against the Akismet spam database. Only if it passes will Movable Type save it and rebuild the entry and associated comments, otherwise it’ll tell the spammer that they’re not allowed to post comments. (Feel free to change the error messages to something more useful/appropriate to your site.)

To test that it works try posting a comment to your blog with the author’s name set to “viagra-test-123”. This should always trigger a “this is spam” response from Akismet so, assuming you’ve followed the above steps correctly, you shouldn’t be able to successfully post a comment. You can do the same for trackbacks by giving the trackback post the title of “viagra-test-123”.

I’ve not done anything for trackback spam yet, though the code will will be very similar to the above so I’ll probably get round to knocking something similar up in the next day or so.

2 Comments

  1. Anil

    Upgrading to 3.x isn’t an option due to Six Apart’s drastic licence change back when they released v3.

    If you haven’t had a chance to look lately, the MT licensing is pretty liberal these days — the personal version is totally free and you can have as many blogs as you want. Considering that 2.x versions are years old and have known security issues, we’d be glad to help you get up to date — we’d rather people have as good an experience as possible, rather than worry about their license. Let me know if we can help.

    MT 3.3 also has its built-in junk folder, which can keep a lot of this junk off of your site without requiring any outside services or sending your data to any third parties.

  2. Stef

    Thanks for the info Anil, I’ve not looked at MT3 in a while so should really take another glance.

    With that said, I’ll probably end up migrating the site in question over to WordPress anyway, purely because I’m much more familiar with WP now, having set up several sites using it recently.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2024 stefpause.com

Theme by Anders NorénUp ↑