Movable Type v2.66 »
I've just finished updating the site to Movable Type v2.66. The primary difference in this version of Movable Type is that it offers more protection for comments.
First, the ThrottleSeconds parameter in the mt.cfg file, which is used to only allow comments to post every N seconds, where N is defined by this setting. If not defined, this value defaults to 20 (seconds). This works pretty well and you don't even have to add an entry to your mt.cfg file unless you want to change the time window. In my experience, 20 seems to work fine.
This value is also supposed to be used in the automatic banning of those who post a number of comments within a particular window, but this behavior probably won't work unless the poster of the comment is right on in their timing. For instance, in testing, I posted comments 25 seconds apart. The 8th comment, therefore, was posted at 200 seconds. According to the code, any 8 (or more) comments posted in N times 10 - 1 (20 * 10 - 1, or 199) will result in an automatic IP banning. Only if I cut it even closer, and posted at 24 seconds each, would I have hit that window. This isn't necessarily bad. I'm not sure I like the automatic banning of certain IPs, and I suspect that the ThrottleSeconds parameter should work wonders.
Next, the behavior of the <$MTCommentAuthorLink$> tag has been changed so that those clicking on a URL provided by this tag are redirected through the mt-comments.cgi script first, which should hopefully cut down on the use of comments for referrer spam contained in the author's URL. This has no effect on URLs placed in the body of the comment. Email addresses are not affected by this change.
Finally, there were some pretty massive changes to the Comments.pm module, meaning if you are using MT-Notifier that you will need to recustomize it to include the changes made previously. The instructions are the same, but the string you are searching for now occurs on line 234 instead of line 157.
