I installed MT-Blacklist the week before last after getting hit with 5 spam comments. Since then it’s stopped 12 more spamming attempts, so it’s doing its job very well.
For those who don’t know, comment spamming has become a problem on blogs because it’s used as a way of pushing up web search rankings. Comments on various sites with links pointing to an online casino/viagra store etc, push the destination site up in the rankings.
The spammers use search engines to find blogs, and then post repeated comments which often appear innocuous enough (e.g. “Great site!”), but have links pointing to the spammer’s site.
A similar thing is done by spoofing referrers, so that sites which show recent referrers end up advertising dodgy sites. I keep my web stats unlinked from my site, but have noticed a bunch of spoofed referrers recently.
For the uninitiated, every time you click on a link, your web browser sends the address of the page holding that link to the destination site when it requests that page. Most web servers can record the referrer address, which can provide useful information about where visitors to a site are coming from. Some sites process the referrer logs and display the results on the site, hence the benefit of spooking the referrer field in a request. It’s done by using a program to act as a browser, which sends false referrer data in the request.