Javascript Required

Having disabled the MT-DSBL plugin after it blocked valid comments, I've since decided to try another plugin to lower the amount of spam that even gets to the blacklist.  As such, I have installed MT-Keystroke, a plugin that is supposed to detect actual interaction with the form, and then prevent the comment from being posted unless there was the aforementioned interaction.

Admittedly, it's not a particularly well-conceived hack, as I'm pretty sure I can already figure out how to get around it.  (Explanation:  it's based on the idea of a hidden field, however it uses Javascript to change the hidden field from its default value only after there has been actual interaction.)  While I'm sure the code to the actual plugin is nice, the fact that it's essentially just another hidden field hack doesn't make it terribly secure in the long run.  But until it becomes enough of a bother to spammers, it probably will work.  The one downside to this is that Javascript is now required for commenting.  Since I'm probably the only one who ever commented from a non-JS browser, that shouldn't be a problem unless some people who occasionally post comments have turned of JS.  If that's going to be a problem, then email me.  (You can get my email by doing a whois lookup for leftblank.org over on Sam Spade.)

Finally: moving up to a higher position on 'the list' than blog spammers, we find people who operate stealth web-spiders.  The server actually went down today, giving off 503 status codes.  The cause?  A spider, which attempted to cloak itself as MSIE and which therefore ignored my robots.txt, was hitting every link on my website as quickly as it could.  The end result of that many comment scripts trying to run/open new DB connections was to bring the entire machine to a grinding halt.  (And, unfortunately, the requests were spaced out just enough, and with enough other pages thrown in, to prevent mod_dosevasive from kicking it.)