Heal Your Church WebSite

Teaching, rebuking, correcting & training in righteous web design.

Stopping Sucky Comment Spam with SCode for Comments

Tired of sucky comment spam? So is Rob Hulson who kindly writes:


Still loving the Scripturizer plugin. Works great and I’ve been blessed by its inclusion for my website.

I had a question for you, and that’s what you use for your comments. Is the thing that you’re using (the whole “Put in the number” deal) helping with the amount of spam you’ve received? I’m getting a lot and I’m tired of it. I just went to “Approve,” but now I spend my time deleting junk mail in my comment queue.

Is it a plugin that you’re using? I’d like to make use of it on my website. Thanks a lot, have a blessed Lord’s day. :o )

Rob Hulson

I like notes like this, especially when they come amid a week where someone else has been questioning my Christianity because of some of my exciting blog titles such as “Do drop-down menus suck like a remora?” and “Church Marketing Sucks – the website.” That and the pugged-nose smiley at the end of Rob’s message can’t be beat … but I digress.

The point is, Rob not only says nice things about one of my more furtive ministries, but also asks a question for which I have a quick, solid and finite answer … in three parts even:

  • Yes Rob, I’ve reduced my comment spam down to about 1 entry per week via a nifty little plug-in by James Seng entitled SCode.
  • Yes, it does create a usability issue for those who have their graphics disabled — especially those ‘bots who are bypassing your blog entries all together and are exploiting a weakness in ‘my-comments.cgi’ … at least if you’re using a 2.n version of MovableType.
  • Yes, I got it to work with Jay Allen’s most excellent MT-BlackList, though I’m thinking of unhooking the two as SCode seems to be getting the job done quite nicely.

Rob, hope that answers your question. Now if someone out there could answer mine … specifically, do you suppose it would be wise to mention to my detractors that my name appears indelibly etched onto the bathroom walls of the Internet via “Son of Web Pages That Suck?


  1. WOW – “bathroom walls of the internet” PURE Resume material if ever I heard it! lol!

    As to your detractors, remember THEIR great commision is to preach the gospel to the ends of the earth, NOT to judge others while they are here. Jesus message is pretty simple and very clear about HOW His followers are to be determined. Those who bear fruit. Jesus is the gardener and will do any tree trimming required. We are just supposed to produce fruit as best we can, not bother the other fruit trees.

    So who’s Christianity should be under scrutinty, IF we were supposed to do such a thing?….seems like a no-brainer to me.

  2. So back to the spam-axe. I’ve seen this same type of thing on GoDaddy’s site when you check the owner of domains. Theirs does not work with Safari, but yours is fine BTW. It is very non intrusive for me as a user, and placed perfectly in the layout on the post window I think.

    GoDaddy’s site uses an image where the letters and numbers are tilted and not on the same baseline, but I still think this is a cat and mouse game with the spammers, but now you’re the mouse and it’s always better to be the hunted in this situation rather than the hunter.

  3. I’ve been using Scode on my MT 2.661 site for months. Recently I’ve seen many blogs on different platformss complaining when their spam rocketed to hundreds of spam comments a day. I saw an increase at my site too. I went from 0 per week to 1 or 2. :-)

  4. One simple trick that can often be deployed is to simply renamed the file that contains the comment code – a lot of comment spamming bots are simply looking for the relevant filenames for MT or WordPress or similar. Renaming the file means they just get a 404 and move on.

  5. I found an even simpler solution for boyink.com — granted I don’t get a ton of comments so I can be pretty restrictive.

    I just disallow comments with HTML in them.

    Since all spam seems to be used to link to websites of questionable intent, this approach has effectively zeroed out my comment spam.

    Since pmachine was already checking comments for tags this solution was implemented by inserting a single line code.

    If someone legitimately does want to reference a site in a comment the URL will just have to be copy/pasted.

  6. Verily, as it is written in Job 3:12 — “Why did the knees receive me, And why the breasts, that I should suck.” Thus does Job woefully lament the suckiness of life and (we can be certain) hideous websites. And in Job 20:15,16, Zophar reminds Job of the fate of all wicked men, especially crapacious website designers: “He swallows riches, but vomits it; God shall cast them out of his belly. He shall suck the poison of asps; the viper’s tongue shall slay him.”

    So it is written; so it shall be.

  7. Pingback: robhulson.com

  8. Thanks, Dean. Unfortunately, I’m quite the ignoramous when it comes to this sort of thing (hence, my Scripturizer for Dummies post from way back was quite a feat for me), so installing SCode is simply beyond my capacity. I’m giving TypeKey a chance, and if that doesn’t work, I think I’ll go with Boyink’s helpful solution of disabling HTML.

    But thanks for putting this up. Hopefully one of these days it’ll be easier.

  9. My site uses MT-Blacklist, but it doesn’t keep the spammers from creating a traffic spike by hitting your comment script. I guess that scode would have the same problem. Our site got shut down a couple of weeks ago by our host because of all the traffic the spammers were creating. Our solution was to rename the comment script (since most spammers just search for mt-comments.cgi). We’ve been pretty clean since then.