Version 2.66 Released

In recent weeks, open comment systems, and Movable Type weblogs in particular, have become a target for comment spam and comment flooding (automated scripts that send many comments at a time to a weblog entry).

As a stopgap before we release comment registration in Movable Type 3.0, we've released version 2.66 of Movable Type, which includes some protection against comment flooding. We've included a throttling measure so that comments from the same IP address can only be posted every N seconds, where N is configurable (documentation on the setting that controls N). We've also added a measure to automatically ban an IP address based on an abnormal number of comments from the same address in a short period of time. Of course, there are no perfect defenses, and if you're truly concerned about the comments on your weblog, the best defense is prevention by closing old comment threads.

Also in 2.66, we've changed the behavior of <$MTCommentAuthorLink$> to use redirects when linking to URLs given in comments. The goal of this is to defeat the PageRank boost given to spammers by posting in the comments on a weblog.

You can download the 2.66 upgrade from the download page and follow the standard upgrade instructions.

Update: We've released 2.661, an update to 2.66, to fix a problem with invalid XHTML in the comment redirect script, along with using comment IDs instead of URLs to fix an open redirect problem.