« The Style Contest is Live | Main | MultiBlog 2.0 Fundraiser »

Comments.cgi and Server Loads

A few weeks ago I got a telephone call from my web host letting me know that "one of your Movable Type CGI scripts is using up half the resources of the server and would you please disable the script before we find it necessary to close your account?" Don't you just love news like that? Fortunately, it all got sorted out within a couple of hours; here's the scoop.

If you've had your MT blog for a while, since before version 3.2, you may have upgraded your MT installation, but didn't bother to make changes to the code in your templates. In the templates for one of the earlier versions of MT, if you use Typekey authentication, the Individual Entry Archive Template calls the comments.cgi script to invoke a javascript file that reads back to the commenter their name. Turns out that every time a page displays that includes a Typekey-authenticated comment, the CGI script will run. One of my sites is fairly high traffic, and starting some time last year I was getting over 25,000 requests to the comments.cgi script each day.

This is the line of code that can bring your server to its knees:

<script type="text/javascript" src="<MTCGIPath><MTCommentScript>?__mode=cmtr_name_js"></script>

The solution is easy. Really easy.

1 Make sure you have a version of mt-site.js on your server, in the directory of the blog whose code you are editing. If you don't, follow these instructions from the Six Apart Knowledge Base.*

2 Put the following line of code in the header section of your Individual Entry Archive Template:

<script type="text/javascript" src="<$MTBlogURL$>mt-site.js"></script>

3 Remove the following code from the comments section of your Individual Entry Archive Template:

<script type="text/javascript" src="<MTCGIPath><MTCommentScript>?__mode=cmtr_name_js"></script>

4 Save and rebuild your Individual Entry Archive.

Many thanks to Jay Allen, who suggested many months ago that the comments.cgi was invoking the javascript causing that huge amount of pings to the cgi script, and to Arvind who figured out exactly what was going wrong and then fixed it for me. (Arvind, I love you, if you were only 20 30 years older...)

*In case the 6A site is down, the instructions are the following:

1. In your weblog, on the Templates > Indexes tab, select Create New Index Template.
2. Specify Site JavaScript as the Template Name, and mt-site.js as the Output File.
3. Make sure that "Rebuild this template automatically when rebuilding index templates" is checked, and then click SAVE.
4. Click Templates in either the left sidebar or the breadcrumbs menu to return to the Templates listing.
5. Select the new Site JavaScript template you just created.
6. Select Refresh Template(s) from the More Actions dropdown menu, and click GO.

This will create a new Site JavaScript template with the default code, as well as a "backup" template which can just be deleted (since it will be empty).

After creating this new template, you'll need to rebuild it to generate the mt-site.js file in your blog path.

Make sure you spell and capitalize the name exactly as shown (i.e., JavaScript, not Javascript).

Comments (8)

I'm having a similar problem with my mt-tb.cgi trackback. Would this solution potentially apply also?

Thanks for this, Elise. I note that for my blog the script still gets called because my CGI scripts are not in the same exact location as my blog url. (One is at www.jackvinson.com and the other at blog.jackvinson.com.) Have you heard of a solution from the powers that be?

Hi Chris - I don't think this relates to trackback spam. TB spammers have been very active lately, however, and are doing mass floods of spam. See Trackback Spam for more ideas on how to fight it.

Hi Jack - The following was posted to the 6A ProNet list by Mark Carey, in response to a similar question:

My solution was to use PHP instead of perl to check for the cookie. My javascript looks like this:

if ('www.markcarey.com' != 'www.stanthecaddy.com') {
document.write('<script src="http://www.mark' +
} else {
commenter_name = getCookie('commenter_name');

(off topic: I broke up the URL to the script to prevent spiders from
following that URL)

The file cmtr_name_js.php is very simple, contain only one line:

var commenter_name = '<?=$_COOKIE['commenter_name'] ?>';

After making this change, my load went down considerably. I recommend this approach for anyone who has a high-traffic site that resides on a different domain (or sub-domain) than the MT installation domain.

This issue has been fixed in Movable Type 3.3!

Henrik, it has not been fixed in 3.3. I am using 3.33 and on Saturday my host killed my site until he could talk to me.

And now I can't remember all the places I need to change the name of the comment script, so I am sans-comments. However, unless this problem is solved by MT in a new update soon, I will be forced to switch platforms -- something I do not want to do.

Hi Henrik and Stephen - I'm not sure what issue it is to which you are referring. If it is the issue I am addressing with this article, all you need to do is bring your templates up to date as explained in the article. The problem is having old js and old template code with a new version of MT.

If the issue you are addressing is the one of the blog URL in a different location/domain from the CGI script, then I'm not sure what you can do other than Mark's PHP solution.

Oh my gosh... I can't believe I FINALLY found this post!!!! I was pulling my hair out with the system load issues related to MT.

I actually thought it was comment spammers killing my server. Why in the HELL is this fix not set up as a default????


@Vic -

Actually this is a default.

The problem with a default is that it's only good when you're creating a new blog.

Once you've done that, it's in place, and it's virtually impossible to catch all the customized templates that are out there, so from time to time an old one might slip through, which is why this was posted: To let people know how to fix the problem. Aren't you glad it's such an easy thing to fix?

Post a comment

(If you haven't left a comment here before, your comment may need to be approved before will appear on the entry. Thanks for waiting.)