MT Approval 1.1.0 is a product of the not-obviously identified blogger at jayseae.cxliv.org, who also has a load of other bloggy goodies on offer. If you squint, you can see the outilines of the antispam solution Which Must Not Be Named.
I’ve closed old entries to trackback, which bums me out. If TB had the same UI and publish-only-on-approval setup that comments under MT 3.x and MT-Blacklist offer, I would not have had to do that. I bums me out, actually.
Ruiners!
MT-Close2 is a plugin to close old entries to comments and trackback.
Via this useful site, which includes a host of other promising links such as a trackback-script-name randomizer. So far, I have not found links to references about an approach which an unnamed smart person shared with me sometime last month. I think of it as the spam-fighting tactic Which Must Not Be Named.
Learning Movable Type, the site that hosts the resource page above, looks interesting to poke around.
For best effect imagine me waving my hands around as you read the next sentence
But dang, I don’t have time to dink around with this stuff anymore!
This morning’s spectacular time-waster was an accidental DDOS attack, which was probably intended to be a comprehensive trackback-spam attack. The designers of the attack actually weren’t even hammering the box nearly as hard as an intentional DDOS attack would have – it appeared that there were about four IPs involved, and the actual frequency of post requests sent to tb.cgi was under five per minute.
What they couldn’t know is what happens to perl on my creaky old antique here when even one page-rebuild request hits MT. The processor pins for about 30 seconds; so for each request sent that actually got through, the estimated time to completion is greater than 30 seconds. As the requests piled up, the machine began to buckle, with GUI input crawling and eventually displaying lag of up to four minutes from click to event and shell commands queueing up for a similar wait time.
Initially I began disabling sites and web-side apps that I regarded as unlikely suspects just to get them out of the way, but as soon as I looks at the MT apache logs I could see what was going on. I eventually just physically removed the comment and trackback scripts from the served directory, which immediately removed the load on perl and eventually allowed the server to settle down.
So, I guess, tonight I look for a widget to allow me to deal with trackback more effectively. The best solution would be to globally turn off trackback and then turn it on for a few appropriate entries. Setting expiry on old posts would also be great.
Any of you out there with MT3.x who have implemented some kind of trackback control mechanism, feel free to, uh, email me.
Comments should be restored and operational this evening.
My server is undergoing what appears to be a comment-spam variety DOS attack. I’ve turned off comments and just noticed that MT 3 appears to have no global on-off switch for trackback. I don’t have time to do the hard work this morning (I’m already 2 hours late for work). More info as I learn it.
UPDATE: it is a DDOS, probably accidental as the requests are only about 4 times a minute, against the MT trackback cgi. I yanked both the comments script and the trackback script and that seems to have helped. Off to work (3 hours late, now).