#2 Aug 26, 2005 00:28
Comments are already checked against the ban list, but only the linked url. As you've noticed, the body of the comment isn't INITIALLY checked. Guess what! The body of a comment is rechecked if you do a "recheck" from your antispam list.
That doesn't address your immediate problem, so I will recommend whoo's trick: rename your htsrv folder. Call it whatever you like - something like chocolatecoveredbumblebeesdippedinwax maybe. You then have to edit ONE line in your conf/_advanced.php file. In it find "$htsrv_subdir = 'htsrv';" and replace the htsrv part with chocolatecoveredbumblebeesdippedinwax.
To be honest, ccbbdiw is a bit long. You might want to be a bit more generic and dip all chocolate covered bees in wax.
Seriously, it's super-simple to do and will flat-out stop automated comments aimed at your htsrv folder. If the spammers happen to be real humans clicking links and typing words then it won't work, but nothing other than the blacklist will work against humans.
Update often, recheck everything, and report new spammers like your blog depended on it.