Movable Type came out with a new
release today. Changes in this
version:
1. New mt.cfg parameter: ThrottleSeconds
From the changelog):
Comments are throttled based on IP. The new config parameter ThrottleSeconds gives
the number of seconds which must pass between comments before the same IP can post again.
From the documentation:
Movable Type uses IP-based comment throttling to provide some protection against
comment flooding. ThrottleSeconds sets the number of seconds after which a visitor
has posted a comment that he/she will not be allowed to post another comment.
For example, if Alice posts a comment at 30 seconds after the minute, she will not
be allowed to post another comment from the same IP address for the number of seconds
set in this setting. You can increase this setting if you don't get too many people
commenting often on your weblog.
This setting is also used to determine the amount of time after which an IP address
will be automatically banned from commenting on your weblog. Default value: 20
Example:
ThrottleSeconds 60
I was just thinking the other day that MT could really use some sort of throttle so
comment spambots would not be able to post hundreds of spam comments per hour to a weblog.
User who are upgrading will have to manually add this parameter to their mt.cfg file.
Update: MT-Blacklist version 1.62 is reported to not be compatible with this
parameter (the parameter has no effect if MT-Blacklist is installed). Ben Trott
says
this is because MT-Blacklist overrides the comment posting process, which I take to mean
that the MT code where this parameter was added is bypassed by MT-Blacklist.
2. Change in the behavior of <$MTCommentAuthorLink$>
From the changelog):
Author links are now served by meta redirect, so that commenters' links don't appear
directly on the comment page.
From the release announcement:
Also in 2.66, we've changed the behavior of <$MTCommentAuthorLink$> to use
redirects when linking to URLs given in comments. The goal of this is to defeat the
PageRank boost given to spammers by posting in the comments on a weblog.
I'm not sure if I like this one or not.
Update: Okay, now I like it less. The new comment author URLs do not
validate because the & characters used in the redirected URLs are not encoded.
Update 2: This probably won't be needed for very long, but here's the
fix to make the comment author URLs valid XHTML...
The fix needs to be made in lib/MT/Template/Context.pm, line 1189 -
Original code:
return sprintf(qq(<a target="_blank" href="%s%s?__mode=red&u=%s">%s</a>),
Change "&" (encode it) to "&":
return sprintf(qq(<a target="_blank" href="%s%s?__mode=red&amp;u=%s">%s</a>),
3. Improved email address validation in mt-send-entry.cgi.
Good for those who use this script; I do not and disabled it back in November
(set file permissions to 400) when it became known that spammers were abusing it.