Close Comments on all Channels that dont need comments… duh.
I have been getting hit hard by some comment spam on a client site for the past week. I was really confused as I even turned off comments and it was still posting them. It was not till I searched for the title of the entry on the edit page that I got a clue as to what had happened. The client had posted an event to their calendar with the same title as the title of a blog post. The intelligent spammer somehow figured out that he could post comments to the site by subsituting the entry titles for other channels into the url structure for the blog/comments. So in other words instead of sitename.com/blog/comments/blogentrytitlehere he typed in sitename.com/blog/comments/eventcalendarentrytitlehere and it allowed him to post comments to that channel.
So… when creating the channels for your sites make sure to shut off comments for all channels that don’t require them. It can be found in admin -> Channel (weblog) administration -> Channel (weblog) Management -> Edit Channel (weblog) Preferences. Find Comment Posting Preferences on the left hand navigation. The radio button at the top turns them off.
