I never got comment and trackback spam on this blog, until about three weeks ago. Then I started getting swamped by it. What happened?
I switched the URL for MovableType CGI functions (used for searching, commenting, and managing the blog) from HTTPS (i.e., a “secure” page) to just plain HTTP. I did this because the older version of OpenSSL I had been using had a known insecurity, and I didn’t feel like rebuilding all the software. It was easier to just turn SSL off.
So these automated spambots don’t know how to spam sites using SSL? Or maybe they just don’t know they should try. Either way, it’s interesting. I may go to the trouble of rebuilding the software soon so I can go back to the old way. In the mean time, I’m trying to require TypeKey authentication for comments, which I don’t think I have working right.
Charles Engelke's Blog 