Do not make the mistake of thinking that because my conclusion is the same as another person's that my reasoning is the same
I believe I've made a key observation on all this comment spam. I think all the blogs that have been affected use record numbers for file names. It would explain why they keep hitting old messages…it's because low numbers have a greater chance of being used as a file name on any given blog.
[UPDATE: Bzzzzzt! Wrong. The record ID is in a hidden field of the form. It still explains why old posts get nailed, but renaming the file doesn't help. If the title AND the record ID were both submitted with the form and had to match the existing record it would work, but I'm not hacking Perl because I don't like Perl.]
Michael of Move The Crowd and Trader Mike told me how to set up MT to use the title of the post as a file name. It's a pretty common thing since most of us have PHP on our servers.
My only problem with doing this is, because I didn't really know MT when I converted from Blogger and I thought the default titles were ugly, I got overly clever and plugged the import file title fields with " ". So I have over 1000 posts with a blank in the title. And I'd break some permalinks. I'd have to think about how deep that gets.
Posted by P6 at October 12, 2003 06:19 PM | Trackback URL: http://www.prometheus6.org/mt/mt-tb.cgi/1954I still (before I implemented my new security code scheme) get spammed even though I use the post title for the URL. So I'm not sure that changing for that purpose would help very much.
Somebody posted that spammers could get a list of MT blogs to hit simply by doing a Google search with certain keywords that would find MT comment forms. My guess is that many spammers are doing that or something very similar.
I remember the shifted librarian had a whole bit where she integrated the conversion from a number to a reasonable name combined with a script that redirected old links to the new mapping. Can't find it offhand, but she likely knows where to point.