Anti-Spam Rationale
Essentially we’re working diligently to stop the spam in any way possible, but without impacting negatively legitimate users. If we stop the spam before it gets to comment and trackback processing, we keep the server’s load where it should be, versus having the load averages skyrocket because anti-spam scripts cannot cope with such a heavy influx. Movable Type authors have admitted to serious bugs with their commenting/trackbacking systems that have brought webservers to the ground as a result of comment/trackback spam.
It may be difficult to imagine that spam can cause such havoc, but it really does. When there is a spam attack focused on multiple hosted websites (as is almost always the case), there are hundreds of comments coming in at that very second, every second, for an extended period of time. The server will do its absolute best to process every request, even if that request ends up hitting the rejection queue of a content management system. This in turn drives the server’s load up to fantastic levels.
Under normal load, that is when people are actually looking at websites and making comments versus automated scripts, the system runs well under capacity. It is only when these attacks happen, which brings about a denial of service, that problems begin to occur. In order to have the processing power to keep the system active during an attack, nearly every website would need its own dedicated server as powerful as this one, capable of running hundreds of sites at once.
At this time we are not banning usage of Movable Type versions prior to 3.x. The commenting/trackback systems in 2.x versions are known to be problematic, but we also know that upgrade/license fees may be prohibitive to some. It is our firm recommendation that users of Movable Type either purchase their upgrade licenses to version 3.x or consider migrating to another system such as Wordpress. At this time there have been no recorded incidents of comment/trackback attacks on a Wordpress site severe enough to cause Apache to fail; the same cannot be said of Movable Type.
