MovableType Comment Vulnerability | January 26, 2005

Apparently a large vulnerability in the way Movable-Type handles comments has just been found. This vulnerability allows spammers to use your MT comment script to send unsolicited email, and servers all over the world are feeling the brunt. To stem the flow many hosts (including my own) have shut down commenting for the time being. There is a patch available in the form of an MT Plugin, so I advise all you MT owners out there to grab it now.

Unfortunately most people are slow to upgrade and I’m guessing my hosts won’t be turning comments back on in a hurry. As such, I’m wondering if this could be the tipping point that causes a mass defection to other systems such as Textpattern, Wordpress or Expression Engine. I know I’ve been thinking of changing systems for a while so this may be the push I need.

Posted at January 26, 2005 11:38 PM


Andy Budd said on January 29, 2005 4:19 PM

Sorry for the brief outage. Comments should be back on now.

Adrian said on January 29, 2005 6:25 PM

So, what is on your shortlist for a possible replacement to MT or are you thinking of holding the fort for a while yet?

Andy Budd said on January 31, 2005 2:38 PM

I’ll probably hold the fort for a while. Switching CMS’s can be an almighty pain in the arse and I kind of understand MT, quirks and all.

I played around with Textpattern and generally liked it, but wasn’t totally convinced. Expression Engine sounds interesting but I haven’t had chance to give it a try yet. I’m probably going to discount Wordpress as I know absolutely nothing about it, although it does seem to have a large and growing following.