Most Spammers are using some Perl modules ie HTTP::UserAgent and friends to perform their attacks. In doing this they leave a visible trail that shows up in the logs and if it shows in the logs then we can filter them out.
The method I used was to catch people accessing the commets script and then check the
HTTP_USER_AGENT
environment variable. If this variable matches a certain value then I would deny them access to the site. My watered down set up is as follows.
In httpd.conf
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} ^.*mt-comments.*$
RewriteCond %{HTTP_USER_AGENT} ^libwww-p.*$ [NC]
RewriteRule .* - [F,L]
This has been stopping a lot of the buggers. If you have a hardened spammer attacking your site using different User Agent strings then add them as necessary using the following syntax.
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} ^.*mt-comments.*$
RewriteCond %{HTTP_USER_AGENT} ^UA1*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^UA2*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^UA3*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^UA4*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^UA5*$ [NC]
RewriteRule .* - [F,L]
For the really die hards you could actually specify which User Agent strings to allow and deny all others which would filter a lot of the less competent spammers. I would not recommend it though because of the amount of legitimate User Agents in the wild.
This technique is not infallible it. I used it to deter two particular spammers who always used the same User Agent. I just thought I would share it!