Hi folks. You may have noticed that comments have been disabled on the site. They are now re-enabled.
With the help of Evariste from the excellent teamblog Discarded Lies, we have taken other measures to combat the 20,000 comment spam attempts we've seen in the last 2 weeks. For reasons we're still trying to figure out, the spams are causing problems for our hosts at Total Choice Hosting due to server load. At present, we will NOT require TypeKey registration. We're hoping these moves, plus the possible addition of this "type in the numbers you see and prove you're human" system will provide adequate defenses, while still allowing our valued readers to comment.
If you're considering an upgrade to Movable Type 3.x and you use MT-Blacklist to protect your site, or you're wondering what forced our hand, read on...
Lots of changes on Winds in November - moving hosts, record traffic (over 200,000 visits in November) then a couple weeks ago we upgraded to Movable Type 3.x from 2.x. It offered many benefits, but also came with a hidden price - a required upgrade to MT-Blacklist 2.0.
MTB 2 is a step back from version 1.6 in many ways, from interface to capabilities. It was put together as an emergency measure when MT3's TypeKey alone failed, and this shows. While more efficient in certain ways, overall it's a big jump in administrative overhead time. Over the last 2 weeks, Blacklist may have blocked 18,000 spams, but it also forced moderation of another 2,000 or so, and in many cases they were already-blacklisted items that got through due to a flaw in the system.
Blacklist also changes in one more important way. Instead of comparing new comments against a text file blacklist, it stores the blacklist items (in our case about 2,750 items and 60 programmed "catch alls" for various things, and we aren't unusual) in MySQL. This forces MySQL database calls whenever a comment is submitted. 1500 database hits a day may not mean much, but if you get 100 from various IPs in about 10 seconds, is that a problem? I don't know what's happening elsewhere, but it has been a problem for us at Total Choice Hosting.
So if you're unhappy with your present setup... the grass isn't always greener.
MySQL is pretty fast, but the question of how much additional load this sort of thing creates on shared servers with multiple bloggers, who could all be attacked in the same burst, is definitely worth investigating. I hope some qualified people will do so, and share the results.
For now, the bottom line is that taken some measures we can't tell you about, and others may follow that could add some additional steps for our commenters. Unfortunately, until we have a better option we're going to have to take that hit.
Meanwhile, if you're considering following in our recent technical footsteps, a word of friendly advice:
DON'T.
Not yet, not now. I wouldn't wish the aggro on anyone.
Testing re-enabled comments.
On behalf of your readers (well this reader anyway), thanks for putting the time into this upgrade, JK.
Hey this is first good news during a long week.
Thanks for the post. I'd suspected as much on MT3.0 and Blacklist 2.0, but hadn't heard first-hand from anybody.
I just switched to TypeKey login. I didn't like the idea behind MT Blacklist, and heard stories of posts being deleted accidentally. And the install was confusing, I just gave up. Plus I had a problem with someone using another commentor's identity, which upset some people. Blacklist and other methods are no good at stopping this.
I figure if people really want to comment, they'll get the TypeKey login, and they can use it at other sites as well.
Sigh.