mt-comments.cgi worm?

I host a couple of MT sites for customers one here at PVPS and another at a terrible host and have been getting slammed with mt-comment.cgi spam. The process will spiral out of control until the box almost shuts down. My only option has been to chmod 000 mt-comments.cgi. Attempts to rename it were useless as that script gets detected in about 30 seconds.

When doing a TCPdump, hundreds of hosts from all over the world are calling it so putting the hosts in iptables wouldn't work. My bandwidth is through the roof.

Any suggestions?



I'm going to ask the folks at MoveableType but I wanted to hear what you guys thought from a server perspective.

[KARanden]

Someone told me this problem is "gone" with the 3.2 version of MT?

Here is a link to some advice: Learning MT

Yeah, I've requested my clients running 3.17 to upgrade to 3.2 but I don't see how that will stop the millions of GETs for mt-comment.cgi that are coming from the internet and sucking up gobs of bandwidth. It will probably help with resource usage though. The spammers aren't actually getting through to leave spam, it's just their constant calling for that script.