Hosts Disable Movable Type as Comment Spam Slows Servers

Comment spam attacks on Movable Type weblogs are straining servers at web hosting companies, leading some providers to disable comments on the popular blogging tool. The issues are caused by bugs in MT, forcing publisher Six Apart to recommend configuration changes while it prepares fixes.

The server load issues have affected "a number of web hosts," according to Six Apart's Jay Allen, and are "especially evident in shared hosting environments." Allen said the problems are tied to two bugs that cause Movable Type to rebuild posts even when no pages are being changed, allowing comment spam attacks to tie up server resources. Six Apart is promising a fix within 48 hours.

Comment spam, also known as link spam, is believed to boost a site's ranking in Google, which uses inbound links as a measure of a site's popularity. Spammers are using automated scripts to bombard weblogs with comments that include links to sites offering prescription drugs or porn. While weblogs on all platforms have been affected, Movable Type and its mt-comments.cgi script have become a particular target.

"Over the past two weeks, five hosts have in some way disabled MT or MT comments because of the server load they were creating," writes MT blogger Reid Stott. "Not five little Mom & Pop hosts - at least three of them I’d consider serious to top-notch hosts." Other bloggers also reported web hosts disabling MT scripts. One said their host, XO Communications, disabled MT after seeing 100 active connections to mt-comments.cgi, suspecting a denial of service attack was underway.

In shared hosting, dozens and even hundreds of sites can share the same web server, meaning that overactive scripts on a single site can impact many other customers. As a result, hosts will disable resource-hogging scripts, usually by changing their permissions so they can't be executed. Repeated problems can prompt a hosting company to ban a script or application from its servers. Movable Type users fear continuing comment spam problems could prompt such a "death sentence" from more hosts.

Six Apart, which also operates the TypePad blog hosting service, says it is working with web hosts on a resolution. "We have learned a lot from running TypePad, and we're working on a way to share that information out with the hosting community at large," says Anil Dash of Six Apart.

While they await a fix, some bloggers are collecting tips and strategies to help reduce comment spam and server load. Six Apart says it is determined to fix the software, and develop broader solutions to the comment spam problem. "There is no higher priority to us than making sure that our customers and their websites are protected from the effects of these malicious attacks," said Allen.