One realm of computer security research postulates that many of the effects of computer viruses could be lessened by creating a network with more heterogeneous mix of connected clients. The theory being that because N percent of the connected computers are all running a specific operating system (a variant of Microsoft Windows in this case), the effects of a virus attack crippling the Internet increase by some sliding scale. Something along the inverse of this argument is used in proclaiming other operating systems perceived security is really only a case of untested/unpopular targets. The problem with this sort of theory is that there really is no way to prove it. You can run simulations, where each client can be a mixed ratio of operating systems, but you won't ever really be able to model the true results given the nature of the beast (sysadmins disconnecting systems, possible cross-platform viruses etc). Enter blogs.
A blog? Yes, a blog. As the blogging phenomenon took off, the sheer number of blog authoring software grew, but there always tends to be a clear leader in each field. I would hazard a guess that most blogs took up the MovableType system judging by a cursory glance at a number of blogs on a blog scraper. This fits since I too run the MovableType software, and as such can run a test scenario even if it's completely wrong.
How does this relate to computer security? Well one of the problems with the MovableType system, just like predominant operating systems, is it's uniformity. Under the 2.x system, every piece of installed software is called mt-*.cgi where the * can be any number of words. This uniformity has greatly reduced the amount of effort required by blog comment spammers, who can generically attempt at writing to the mt-comments.cgi without having to actually look at the blog.
Herein lies my change. It's something simple, mostly a case of name obfuscation, but the point is to see how long it takes the blog comment spam community to re-act to something as easy as changing the name of the script. The hope being that if every MovableType installation could rename their commenting system CGI to unique values, what kind of slow down effect would this cause to comment spammers? I can't imagine the current database architectures or systems would work very well for adding in a second field of comment system name changes. Not that it would take very long to adapt to this, but what if a system could be generated to constantly obfuscate the script? Meaning it couldn't be called upon the same on a daily basis.
Starting today, I've renamed my comment script, and will be re-opening comments from this point on. I'll mark when the first comment spam arrives, and hopefully when the second and third happen. I'm planning on trying to pinpoint exactly how that gets distributed. Once the comments start returning, I'll implement phase two of the process, which is a small cron process to be run daily that changes the installed name of the commenting script based upon a hash of a secret key and some random values. At that point I'll also post the results, and the script so that others may implement a similar process and attempt.
To those that might argue that obfuscation isn't the answer, I disagree. In this case the minor amount of processing time that is required to enable an obfuscation based system pales in comparison to the number of cycles wasted each day as comment spammers attempt to post an entry to my blog. More importantly this will eventually, hopefully, increase the barrier to continuation of blog spam.
[EDIT: it would also be interesting to test this theory on various other installs as well. ]