Movable Type Fixing Bug as Spam Clogs Blogs

The popular Weblogging tool readies an update to help stem a recent flood of comment spam that has hit blogs and clogged Web-hosting servers.

Six Apart late Monday planned to release an update to its Movable Type Weblogging software to combat a recent surge of blog comment spam.

Movable Type bloggers began informing the company early last week that comment spam had reached levels that were knocking out servers at Web hosting companies and wreaking havoc on affected bloggers.

Comment spam, which Six Apart officials said first appeared in fall 2003, occurs when spammers attempt to dump Web site links into the comment sections of blogs.

The spammers often use automated bots with the goal of trying to game search engines such as Google by increasing their link popularity, said Anil Dash, vice president of Six Aparts professional network.

Comment spam came to a head for Six Apart because of a bug in Movable Type 3.1, which led spam comments to still cause a load on Web servers and databases even when the comments were blocked from appearing on blogs, Dash said.

Since Version 3.0, released earlier this year, Movable Type had included additional tools for moderating comments and authenticating comments using its TypeKey service.

But the bug came to light following an upswing in comment spam and the ferocity of the attacks over the past few weeks, he said. The blogs targeted most often were the ones with high rankings on Google.

/zimages/2/28571.gifIn his weblog, Sean Gallagher discusses measures bloggers are taking in the fight against comment spam, and blames Googles PageRank system for encouraging spammers.

"Spammers have massively increased the volume of attacks, the number of comments in an attack and the frequency of the comments," Dash said. "In combination with that, there was a bug in Movable Type."

Six Apart rushed to offer details about the bug and fix it last week, sending out a test version to developers by the end of the week.

Movable Type 3.14, which includes a patch, was expected to be available by the end of Monday as a free download for users of Movable Type 3.0 or later, Dash said. The company is advising users of pre-3.0 releases to upgrade.

Web-hosting companies reported servers becoming unresponsive under the load of the comment-spam traffic, leading some to cut off all comments on Movable Type blogs.

One such company was TextDrive Inc., of La Jolla, Calif. The company hosts blogs across multiple platforms, from Movable Type to the open-source Word Press blog tool.

The volume of comment spam to Movable Type blogs clogged one of its servers, leading it to shut down comments across Movable Type blogs for about four days, said TextDrive president Jason Hoffman. TextDrive posted a notice on its user forums about the issue and also worked with Six Apart to resolve it.

"What was happening was that [spam] got to a certain point that the Movable Type comment script itself would never let go of the database and would look like it was constantly rebuilding," he said.

About 10 percent of 2,000-some Movable Type blogs hosted by TextDrive were hit with the comment-spam rush, Hoffman said.

Next Page: Creating a blacklist of sites.