the recent problems with comment spam were made worse by two bugs in movable type 3. the movable type people have fixed these in an upgade. all MT 3 should upgrade if they are using the comment features.
more details below.
Movable Type 3.14 released
We have just released Movable Type v3.14 which fixes the issue of extreme loads witnessed on servers under the strain of a massive spam attack. Because these attacks are increasing in both frequency and severity, we strongly recommend that all Movable Type users install this update. This is particularly important for any installation that is visible to the public on the web.
This release is a free update for Movable Type v3.x users and has been thoroughly tested both in-house, by our ProNet members and also by many of the web hosting companies initially affected by the problem. If you already purchased Movable Type or downloaded the free version, you’ll be able to download the new release from your Movable Type account.
The main changes in this new version are explained in detail below, but in summary, you can expect these updates:
- Unnecessary rebuilds upon comment moderation are eliminated.
- Generation of internal bookkeeping data for dynamic pages is not performed when using static pages.
- New weblogs default to having comment moderation enabled.
We have also attempted to use our response to this issue, both in communicating with our end users and with our partners who host web sites powered by Movable Type, to set a baseline of expectation for our future communications about vulnerabilities in our software.