Hello guys, I did a search on the forum to see if someone had this issue before but it looks like I cant find anything similalr to this.
Basically, we have been using Movabletype for 1 year and had no big problems in the past.
Now, we had to turn down all the comments from all the weblogs and authors because it looks like we are getting atacked everytime we turn on comments on our blogs. As soon as the comments are ready for use, the server remains active for a little as 1 day before it completely crashes and we have to reboot our server manually -and that is a problem since we have our server on a remote location outside of the country-.
Is there any guideline or recomendation for the security settings or plug ins we have to use in order to avoid spam or hackers attack with the comments system of Movabletype 3.2? If so, can someone post a link?
If this information is not available, can someone please post a strict or recomended security settings (including configuration for the HTTP or setttings with the MT conf files) to ensure a safe operation of the comments?
Thank you so much.
Full Version: Problems (probably Hacking) On The Comments
Are you on 3.2? It hasn't been released for a year.
This article gives some good suggestions.
You can also change the ThrottleSeconds directive in mt-config.cgi (or mt.cfg).
This article gives some good suggestions.
You can also change the ThrottleSeconds directive in mt-config.cgi (or mt.cfg).
Yes, Im in 3.2
What do you mean that it hasnt been released for a year?
Let me check the documents you just posted. Is 3.2 the recomended version for everyone to use? I mean, I dont have a license, I have the free unsupported version, is there any difference if I decide to upgrade or get a license?
Thanks
What do you mean that it hasnt been released for a year?
Let me check the documents you just posted. Is 3.2 the recomended version for everyone to use? I mean, I dont have a license, I have the free unsupported version, is there any difference if I decide to upgrade or get a license?
Thanks
QUOTE (lisa @ Jan 3 2006, 11:26 PM)
Are you on 3.2? It hasn't been released for a year.
This article gives some good suggestions.
You can also change the ThrottleSeconds directive in mt-config.cgi (or mt.cfg).
This article gives some good suggestions.
You can also change the ThrottleSeconds directive in mt-config.cgi (or mt.cfg).
3.2 was in beta for a while but it went live in August. It's our only supported version (meaning it's the only version you can get paid support on). The version you download from the site now is the same whether you purchase a license or not. 
We are running 3.2 version...
So, besides from the links yoou provided me is there any other important imformation about the settings for the server that may help to improve the security in terms of the comments system?
As far as I understand, the elements we have to check are:
-Plug ins from MT that help us in terms of junk
-Configuration of the apache server.
Is that it?
Is there the possibility that maybe our instalation process or the permissions in the directories where the cgi´s are located are configurated in a wrong way?
Thanks
So, besides from the links yoou provided me is there any other important imformation about the settings for the server that may help to improve the security in terms of the comments system?
As far as I understand, the elements we have to check are:
-Plug ins from MT that help us in terms of junk
-Configuration of the apache server.
Is that it?
Is there the possibility that maybe our instalation process or the permissions in the directories where the cgi´s are located are configurated in a wrong way?
Thanks
QUOTE (lisa @ Jan 4 2006, 11:14 PM)
3.2 was in beta for a while but it went live in August. It's our only supported version (meaning it's the only version you can get paid support on). The version you download from the site now is the same whether you purchase a license or not.
QUOTE (akirareiko @ Jan 5 2006, 07:56 PM)
As far as I understand, the elements we have to check are:
-Plug ins from MT that help us in terms of junk
-Plug ins from MT that help us in terms of junk
These don't exist yet.
QUOTE
-Configuration of the apache server.
Good to check.
If your CGIs are working, then it seems that your server and permission are probably ok.
I use this plugin to help with comment spam: MT-Keystrokes. That may also help you.
I've just had the same problem - MT changes to directory and file permissions. I'm looking for a way right now to determine how to prevent this from happening.
Check the following settings in mt-config.cgi:
HTMLUmask 0133
UploadUmask 0133
DirUmask 0022
HTMLPerms 0644
UploadPerms 0644
Those are my settings and they're less open than the defaults. If you have those entries but the "#" is in front of the line, be sure to remove the "#".
HTMLUmask 0133
UploadUmask 0133
DirUmask 0022
HTMLPerms 0644
UploadPerms 0644
Those are my settings and they're less open than the defaults. If you have those entries but the "#" is in front of the line, be sure to remove the "#".
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.