As Anil said over at Six Log, there's been a lot of talk about comment spam and Movable Type lately and we've been listening. We're constantly weighing the pros and cons of sharing information before we're completely sure about solutions for our users, but we do realize that more information is better.
When you're receiving 10,000 obscene comments in the span of an hour, it's completely understandable the amount of frustration that mounts. We waited to communicate all the issues until we had better idea of what was happening. And, because we waited we were able to delve deeper into the issue.
Thankfully, our message to our users evolved from "there *are* ways to solve the issue" to, "actually, we made a mistake."
The sort of bugs we discovered were significant, but we were extremely relieved to have found them -- really because they were addressable and it wasn't necessarily a case of the spammers winning.
The upcoming release (scheduled for tonight) will focus on these improvements:
- No longer rebuilds on moderated comment
- No longer performs database connections related to dynamic templates (to maintain the FileInfo table) if dynamic templates aren't in use
- Default to moderate unregistered comments in schema for new weblogs
We hope that these changes are beneficial for both individual users and web hosts. Results have been incredibly positive from the various hosts and users who have been running the updated release and we're pretty confident that significant loads are reduced.
All of the noise around comment spam reminded us at the office of a joke:
Two backpackers are hiking through a jungle and come upon a tiger. One of the backpackers takes off his backpack to which the other backpacker observes and exclaims "You can't outrun a tiger!" To which his fellow backpacker replies "No, but I can surely outrun you."
That sort of mentality among weblog vendors won't accomplish much in the long run. For that reason, we've already started talking to other weblogging tool vendors who are experiencing these scale of attacks. We've got a common goal, that is platform neutral -- to get spammers out of our space. We're hopeful that we can share enough data about these sort of attacks to solve the problem on a larger level.
Once again, thanks for your patience and please remember that there are a lot of smart people working incredibly hard on finding solutions and alleviate the problems hosts and users are seeing.