Heal Your Church WebSite

Teaching, rebuking, correcting & training in righteous web design.

Countering comment spam with mod_rewrite

Even though you may have installed Jay Allen’s MT-Blacklist to thwart comment spam, wouldn’t it be nice to deny spambots from consuming your system’s bandwidth and CPU by redirecting them to an ‘error page’ especially designed for our vermonous visitors?

Apache Wunderwerkzeug : mod_rewrite

A quick tip-toe through our archives and you’ll see that in the past we’ve given some detailed attention to the use of mod_rewrite for a variety of tasks, including:

Comment spam … sucks

Like most legit webmasters, I’ve also given the topic of spam quite a bit of coverage on this blog, such as:

Unix-Girl to the rescue

So just in time for a weekend project , I found a brilliant bit of mod_rewrite by Kasia Trapszo, a.k.a. Unix-Girl, that concatenates these two topics into an effective way to thwart comment spam.

On her page, Kasia details a very simple snippet that demands anyone filling out a comment form first be referred by an article on the same site. In other words, bots just can’t come in out of the blue and fill out a form without at least first pretending to have read the article.

While I believe she, is running Jay Allen’s MT-Blacklist, this form of .htaccess hackery is a good idea as it gives her publishing system and bandwidth a break by stopping this type of scum at the door.

With a little experimentation, this little code gem could also be used to protect any form on your site. Then again, this is mod_rewrite, so be careful not to shoot your foot off. Oh, and let me know if you come up with something unique based on Kasia’s kool example.


  1. Only slightly related to today’s topic, a month or two ago you did an article on “who is answering the phone”. In my comment, I used a couple bogus email addresses @ my church domain to illustrate my point. Sure enough, last weekend we started getting spam addressed to those two addresses. I’ve learned my lesson.

  2. I’ve been using MT for about 4 months now, and I’m starting to notice the spam. It’s so minimal right now that it would take more time to install something (and I’ve only received 2 real comments). I’ve just been blocking the IP, deleting the post, and then closing that post to comments. So far, so good.

    If I were to install something it would probably be SCode (http://mt-plugins.org/archives/entry/scode.php). It looks pretty cool. It puts in a random number key and requires that people type it before adding a comment. Accessibility issues abound in this, but with personal blogs, I could see this being useful. I think what business sites do when they have this kind of security is that they require that you call up if you want to get past that point.