Skip to the Main Content

Note:These pages make extensive use of the latest XHTML and CSS Standards. They ought to look great in any standards-compliant modern browser. Unfortunately, they will probably look horrible in older browsers, like Netscape 4.x and IE 4.x. Moreover, many posts use MathML, which is, currently only supported in Mozilla. My best suggestion (and you will thank me when surfing an ever-increasing number of sites on the web which have been crafted to use the new standards) is to upgrade to the latest version of your browser. If that's not possible, consider moving to the Standards-compliant and open-source Mozilla browser.

January 30, 2004

What Will They Think of Next?

I have no idea what the crapflooders are up to these days. They’ve gone on to greener pastures, or easier victims, or maybe Mommy finally discovered what they were doing during those long hours in front of the 'puter. I don’t know and I really don’t care.

But the MovableType Search facility is a processor-hog. It would be trivial to write a “searchflooding” script which would deluge your blog with search requests. To keep this from DoS’ing your server, it seems best to impose a throttle of 5 simultaneous searches at any one time. Here’s a patch to do that. If running patch is too difficult, here’s a drop-in replacement for lib/MT/App/Search.pm .

Share and enjoy.

Posted by distler at January 30, 2004 11:03 PM

TrackBack URL for this Entry:   http://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/304



12 Comments & 1 Trackback

Re: What Will They Think of Next?

I know I’m just dreaming, but it sure would be nice if MT was a typical, community-based open source project and we could get some of these nice patches committed into their CVS repository. Have you ever tried submitting patches to Ben?

Posted by: Scott Johnson on January 30, 2004 11:23 PM | Permalink | Reply to this

Dreaming

I’ve submitted all of these patches to Ben.

The situation would be totally different if MT were open source.

It’s not. So we’re reduced to … this.

There are other blogging systems which are open source. But none which, at present, fill my needs.

Posted by: Jacques Distler on January 30, 2004 11:29 PM | Permalink | Reply to this

Re: Dreaming

On the subject of Open Source weblogging tools, Roberto Antonio Ferreira De Almeida has Mathml/itex2MML support in his pyblosxom based weblog.

This prompted me to start playing with pyblosxom to see if I can get it to work in the way that I want (i.e. mathML + itex2MML, none of the “dates based on file modifcation date” nonsense and various other bits). It seems to be quite flexible, albeit much less sophisticated than MT.

Incidentially, do you have any idea why my copy of itex2MML has decieded to convert \partial to &partial; rather than ∂? The online version works in the way that I expect and other symbols seem to work in my copy.

Posted by: jgraham on January 31, 2004 6:25 AM | Permalink | Reply to this

itex2MML

The version of itex2MML available from Paul Gartside is way out-of-date, and has numerous bugs which have been corrected in the version available with my plugin.

Grab that instead (you can throw away the MT plugin, and just keep the itex2MML executable). And let Roberto know he should do the same.

Posted by: Jacques Distler on January 31, 2004 9:53 AM | Permalink | Reply to this

Re: itex2MML

Well I thought I had done this, but it turns out I’d missed most of the mportant steps - like remembering to actually recompile the executable. I’m such an amatuer.

Posted by: jgraham on January 31, 2004 12:27 PM | Permalink | Reply to this

Re: What Will They Think of Next?

Can the replacement search.pm file be dropped-in to any version of MT [beyond whichever version first had the integrated search]?

Posted by: David on January 31, 2004 5:56 AM | Permalink | Reply to this

Older versions

I don’t know the version-history of that file, so I can’t say. However, my comment-throttle and trackback-throttle patches definitely assume you are using the latest version (see also here).

Since there’s not much point in protecting yourself from search floods, while leaving yourself vulnerable to comment and trackback floods, I would say that an upgrade is in your future.

Posted by: Jacques Distler on January 31, 2004 9:44 AM | Permalink | Reply to this

Re: What Will They Think of Next?

Thanks for the search throttle. I’ve been needing something of the sort anyway, since MT’s built-in “multiple searches from one IP” throttle return an error on all search attempts, so I’ve had to comment it out. I’ve no idea why it does this, and should probably dig into it someday, but meanwhile this looks to be a solution.

Posted by: pericat on January 31, 2004 12:21 PM | Permalink | Reply to this
Read the post FeedDemon & Search Throttling
Weblog: Eclectic Echoes
Excerpt: Finally found a few dollars to purchase Nick Bradbury’s FeedDemon. I tested a number of other feed readers out during the past couple of months, and while there are a few things some of them had that I would like to see integrated into FeedDemon&...
Tracked: February 1, 2004 11:36 AM

Throttle me? Throttle you!

Since mt-throttle.db lives in $cfg->TempDir, which defaults to /tmp, on a shared server with several MT installs, the patch actually can work as a DoS: keep banging away on your own search, so mt-throttle.db always has too many entries, and nobody else with a patched Search.pm can use their search.

Posted by: Phil Ringnalda on May 21, 2004 10:26 PM | Permalink | Reply to this

Re: Throttle me? Throttle you!

A DoS is a DoS is a DoS. If you’re on a shared server, and one MT installation is executing many simultaneous searches, chewing up server resources, that adversely affects everyone.

If you have N MT installations, each simultaneously executing n searches, you’ll have the same problem.

Presumably, the latter is an issue for the System Manager, rather than the end-user. Each end-user can, at best, be responsible for ensuring that his own MT installation does not consume an untoward fraction of system resources (nor stomp on other people’s quotas, as you suggest).

It would be simple to change the default value of $cfg->TempDir to /tmp/username, so that each user’s MT installation has its own mt-throttle.db.

Posted by: Jacques Distler on May 21, 2004 10:49 PM | Permalink | PGP Sig | Reply to this

Re: What Will They Think of Next?

Forgive my ignorance, but do I just copy this: http://golem.ph.utexas.edu/~distler/blog/files/search_throttle.patch

and stick it somethere in my existing mt-search.cgi? Or do I save it as something else and stick it in a directory?

Thanks!

Posted by: Nick on May 24, 2004 10:12 AM | Permalink | Reply to this

Patch

The patch is to be applied to lib/MT/App/Search.pm. If that’s too confusing, you can just install a drop-in replacement for lib/MT/App/Search.pm

Posted by: Jacques Distler on May 24, 2004 10:33 AM | Permalink | PGP Sig | Reply to this

Post a New Comment