I will give you my comments offline.

How about registering commenters?

The only thing I can suggest is switching the type of Blog you use. Blogs like B2evolution, Expression Engine or PMachine have a feature where only registered users can comment. The one I'm using now, Serendipity has a built in feature where commenters have to enter a string of characters to leave thier comment like when you sign up for Yahoo Mail. Just some suggestions. I don't suggest Wordpress just yet. They still have some bugs to work out of their spam busting techniques.

Simply require commenters preview their comments before posting. That will limit auto spamming bots.

You can't kill the blog. Especially not now that you have T-shirts!!! Everyone buy a T-shirt and make this worth Zombyboy's time.

Pixy fixed that problem on Munu by jes' changin' the name of comments.cgi to somethin' else.

PS. Makin' me register in order to comment means I will not be commentin'. I know of a lot of other people who feel exactly the same way.

Changing the comments file does dramatically reduce the volume of spam comments that find their way to the blog, but if the spambot tries to find the old file anyway, it's still a request that the server has to handle (even if it is just to say "not found - now away with you!"). That seems to be the problem here (from what I've read).

I would imagine that the only long-term solution is to put a no-indexing file in the public HTML directory, so that Google, et al won't index the site anymore, and hope that eventually the old references in the search engines are replaced by something else.

I fear comment spam is a losing battle until there's an appreciable cost for spamming (e.g. Microsoft's idea of requiring the originating PC to solve a small puzzle, eating up CPU time).

I changed the name of that script a couple of weeks ago. When one of the bots finds it again, they spread the news. I still am not getting as much spam that makes it past blacklist as I was before I made the change; the problem is that whether it gets past blacklist or not, the bots that are spamming are placing a heavy load on the server by repeatedly calling that script.

It's sort of like a DOS attack in the sense that it uses the natural function of the server (in this case running a common scripts) in a way that is detrimental to the server. In the case of a DOS attack, the whole point is to bring the server to its knees. In this case, the potential for crippling the server (and all the sites hosted on it) is there, it just isn't intentional. Verve would suspend my account if it gets close to that point, and I wouldn't much blame them for doing so.

So your blacklist is working but is taking too many CPU cycles to reject the comments?

If I were you I'd move the blog to a different hosting company, or put the business ventures somewhere else. That way at least your blog wouldn't kill something that might make money.

There's also evidently a plugin out there to make commenters punch in a code based on a jpg. Not sure if that would help, the spammers would still eat cycles failing the code check, but they might give up after a while.

Here's a thought, Z. Instead of asking us what we want you to do, how about if we ask you what you want to do.

What would make you the most happy?

Tig- I don't think it works because I got hit by about 50 just yesterday. The only way I can seem to keep them away is to ban the IP each time.