I was the victim of a significant blogspamming attack about a week ago, just after I upgraded the version of Moveable Type this blog runs on to the latest version, 3.121 (see related stories at Slashdot, Moveable Type, and Netcraft). A few days after the upgrade, my host had to chmod 000 my mt-comments.cgi after there were over 30 concurrent processes hitting the script and it was maxing out the co-hosted server I’m on. I’ve no idea whether I was the only victim of this attack, but given the nature of my host (Logjamming, who I recommend highly, BTW), I’d guess not.
Ever helpful, Josh at Logjamming emailed me to make sure I knew what had gone on and pointed me at some resources to help me out with increasing security on my blog.
So, now I’ve installed MT-Blacklist as a first measure. I’ve had no spam since, so it seems to be doing its job. I guess now it’s wait and see until the blogspammers write bots that can get around MT-Blacklist.
I’d like to implement some sort of captcha as well, but I haven’t found one which plays nice with MT-Blacklist yet.
Ideally, I’d switch the blog over to run on a CF-based blog such as Ray Camden’s Blog-CFC, but I don’t have access to a host charging a reasonable amount for the sort of CF-hosting I want. I wish I could remember who Sean Corfield was with so I could investigate them…