Not a developer? Go to MovableType.com

Ask an Expert

mt-comments.cgi vulnerability?

Asked by doggone
Posted April 19, 2014.

My site host provider contacted me regarding very high cpu usage that seemed to be centered around mt-comment.cgi.

I am in the process of updating, but the active site is still MT 5.2.2.

I have turned off commenting for the main blog to see if that resolves the issue.

In looking through the release notes at movabletype.org, I am not seeing this as a particular vulnerability.

Thanks.

Back

4 Answers

Heideldesign.

Heideldesign. on April 21, 2014, 9:40 a.m. Reply

It’s possible that the file is being pinged by an automated script like a spambot. It would be worth the effort to rename the file to see if that reduces the traffic (don’t forget to update the config file and rebuild - see CommentScript).

doggone

doggone on April 21, 2014, 9:55 a.m. Reply

Thanks for the answer, and I am glad that renaming the script is a possibility, however, I don’t see what that has to do with the config file as there is nothing there regarding scripts. Or are you saying that I somehow need to log that change in mt-config.cgi.

Or… are you saying that when I rename the script, I can put that in the config file as CommentScript mt-commentsnew.cgi?

There is nothing on the link page that says WHERE one would make such changes; however, that is a GREAT tip.

Charlie Gorichanaz

Charlie Gorichanaz on April 21, 2014, 10:36 a.m. Reply

Hi there,

I added a block just under the page title that will automatically show up on any configuration directive documentation to make it clearer what the purpose is for people who land on the page via inbound links or searches.

Hopefully that helps!

doggone

doggone on April 21, 2014, 11:42 a.m. Reply

Thanks Charlie. Your block is not showing up yet, but that would be helpful. A lot of times folks will suggest links, but where those are within the overall documentation can be tricky to figure out. If you didn’t put it there, I would suggest placing it in the template for scripts if that is possible.

Heideldesign.

With over 15 years of dedicated web development experience, Heideldesign helps clients brand, build and benefit from content-rich websites.

Website: http://heideldesign.com
Twitter: @heideldesign

Ask An Expert