Dealing with Fake Notifier Signups
MT Notifier allows readers to subscribe to a blog, category or entry such that they receive an email notification when a new entry or comment is posted to the blog. Ever since the early versions however, it has been plagued with fake signup problems, spambots and spammers seem to check every box and fill in every field on a page when submitting their spam and hence automatically subscribe to entries, categories or blogs. The double opt-in system that came with Notifier 3.0 definitely helped with this problem, requiring every signup to be confirmed. Although spammers still automatically signed up for notifications, we as blog owners would only ever receive one Mail Delivery Failed error per sign up (as opposed to one with every attempt at sending notifications as with Notifier 2.x).
In this tutorial, I'll show you several steps to reducing the number of faux-signups. This tutorial was written for MT Notifier 3.4.1 - if you use a different version, some of the code may be different.
Quick and Dirty Fix
Notifier 3.0 creates its own table in the database (mt_notifier_data) which makes it much easier to delete unwanted records. As I mentioned above, the new double opt-in system requires readers to confirm their subscription and the status of their confirmation is stored in the column notifier_data_status. A quick and dirty fix would simply be to delete all those subscriptions which have not been confirmed and this is fairly easy if you are using an SQL database. Execute the following query
delete from mt_notifier_data where notifier_data_status = 0
If you don't have access to a tool that will allow you to execute SQL Query, try Brad Choate's SQL Plugin by putting the following into a template:
<MTSQL query="delete from mt_notifier_data where notifier_data_status = 0">
</MTSQL>
Running this query will delete all records from the database that have not confirmed their subscription. However, it is only a temporary fix so lets look at a few longer term fixes.
Using the Comment Junk Status
I've noticed that the largest source of fake signups occurs due to comment spam - spammers apparently check every single box on the comment form. This simple hack will leverage Movable Type's Junking system such that any comments that attempt to signup for comment notifications but are then determined to be junk comments will not be signed up whatsoever.
Open MT_DIR/plugins/Notifier/Notifier.pl and on line 318, you'll see
if ($app->{query}->param('subscribe')) {
change that to
if ($app->{query}->param('subscribe') && $obj->is_not_junk) {
The only caveat with this method is that false positive comments will also be affected. This simple hack has completely cut my fake signups but your mileage may vary depending on your antispam armour.
Changing the field names
I've noticed that email fields are often spammed with fake email addresses, this has occurred frequently on Movalog with the blog subscription on the sidebar being the second largest source of fake signups. A quick fix for this was to simply change the field name from email to something like notifye, for example:
<input name="notifye" />
and then reflect this change within the Notifier App. Open MT_DIR/plugins/Notifier/lib/Notifier.pm and on line 249, you will see
if ($email = $app->{query}->param('email')) {
Replace the second email with the new name of your field, in my case I replaced it with notifye:
if ($email = $app->{query}->param('notifye')) {
Before writing this tutorial, I had about 1500 rows in the mt_notifier_data table, 1400 were fake signups and these rows were cleaned up using the first tip. After implementing the next two steps, fake signups have almost completely stopped. Your mileage, however, may vary depending on your junk filters.
11 Comments
Subscribe to Movalog's Feed
demonsurfer said:
on Jun 3, 2006 8:51 PM | Reply
Nice work Arvind :) I also thought a simple challenge question could help too (something like Jay's comment challenge plugin which is currently in alpha) - that could stop bots completely. I'm waiting for MT3.3 before I do anything though - I'll do a fresh install to clean out any old crap in the DB etc and go from there. Cheers again, keep up the good work :)
Lisa said:
on Jun 3, 2006 10:01 PM | Reply
Wonderful! I have a friend who is getting a lot of junk signups and this should help him out a lot.
Nicholas Jesson said:
on Jun 4, 2006 3:53 AM | Reply
Arvind,
I like these ideas, and am trying to implement them. However, after changing the Notifier.pl file as recommended, I am getting error messages.
The hack to test the junk status should only affect subscriptions to comments. However, when the blog level subscription form is used, I get the error message:
Try it at www.ecumenism.net/blog/
Any suggestions? Thanks,
Nick
Al-Muhajabah said:
on Jun 4, 2006 8:07 AM | Reply
Thanks, Arvind! I've been getting spammed really hard by the failure messages from Notifier recently, and this was a big help.
Arvind Satyanarayan said:
on Jun 4, 2006 2:55 PM | Reply
Hi Nick, I would perhaps redownload Notifier.pl and reapply the hack. If that still poses the problem, drop me a line, I'll see if I can figure it out.
demonsurfer said:
on Jun 17, 2006 8:13 AM | Reply
Hey Arvind :) I just tried putting BlogRoll 2.11 on MT3.3b2 test installation http://test.twinflame.org .. it installed fine, but when I try to add a new link I get the following error:
unknown column: created_by for class Blogroll::Links at ../../lib/MT/Object.pm line 278.
Maybe something I've messed up, but thought I'd let you know.
demonsurfer said:
on Jun 17, 2006 8:29 AM | Reply
sorry, I should've posted that comment somewhere on your blogroll page.
demonsurfer said:
on Jun 17, 2006 8:31 AM | Reply
sorry, I should've posted that comment somewhere on your blogroll page.
Dafydd said:
on Jun 20, 2006 7:07 AM | Reply
Arvind, I was unable to leave this comment on the post of the "quicktags" for comments. I'll try to leave it here, and my apologies for being off-topic...
Arvind, I was finally able to get this to work. My problem was really silly: in the MT template for the Individual-Entry Archive, there are two completely separate places where the textarea window is opened... and I had only seen one of them.
Alas, that wasn't the one that's usually called (I don't know what criteria they use). When I put your script thingie in the other as well, it started working.
But I do have one small annoyance that you can probably fix very quickly, or tell me step by step how to fix it: when I'm in the midst of a long comment, and I select some text and, e.g., click the B button to make it boldface, it does so -- but then it also moves my view right up to the top of the text again.
This means I have to scroll back down through the text, trying to find where I was when I clicked it. If I have several bullet-points I'm putting into li tags, I have to scroll back again and again. Argh!
Can you rig the script -- or tell me, a complete notice, how to rig it -- so that after clicking the button, the text in the window stays right where it is instead of scrolling up to the top?
Thanks,
Dafydd
Dafydd said:
on Jun 20, 2006 7:09 AM | Reply
(I should have mentioned: when I tried to leave that comment on the "Quicktags for Comments" post, it told me that I had left too many messages too recently... even though my last message was months earlier. That's why I left it here, even though it's about your wonderful quicktags script. Sorry!)
Dafydd
Heath Allyn said:
on Mar 6, 2007 3:39 AM | Reply
I'm using an older version of Notifier (because my favorite function, to be notified of ALL new comments posted to any entry on the blog, is no longer present) and when I try to add your hack to the notifier.pl I get:
Can't call method "getconfighash" on an undefined value at lib/Notifier.pm line 365.
When I look at that line in notifier.pm it says:
my $config = $notifier->getconfighash();
Any ideas? I know it's probably hard to say since I'm using a different version but man I'd love to implement this hack!