i have been searching for a matching thread, but i could not find any...

i can't believe that nobody asked this before:

are there actually no restriction settings available for the comments input system?
such as: limitation of the number of letters in a word, limitation of the number of words per comment?

as far as i can see, everyone is able to attack the comments system easily by overflowing it with text or to ruin the layout by using looooooong words without spaces.

...have i been overlooking something...?

In the comments and rating section of the admin panel, there is a checkbox that lets you specify that "owner approval is required before comments and ratings are published".

I would think that prevents what you describe to your layout from happening.

thank you benoit, i know this, but actually i would prefer to let the software execute limitations of number of words, number of characters, bad words etc.

for a photoblog/photolog it's quite unusual to set an owner approval demand before publishing comments.
at photoblogs.org, for instance, i have not seen one single photoblog so far with an owner approval demand.

for a photoblog/photolog it's quite unusual to set an owner approval demand before publishing comments.
at photoblogs.org, for instance, i have not seen one single photoblog so far with an owner approval demand.

you can't always tell that owner approval is required from the outside when looking in... it is possible that there are more owner approval sites than you think... the first thing that comes to mind for wanting owner approval is spammers who use scripts or groups to load your comments areas up with links to their spammy sites... i just read, recently, of a concerted attack against a phpBB site that insisted on allowing guests to post messages... it wasn't pretty and took three moderators several hours of fighting to regain control over the spammers and prevent them from continuing in their "attack"... they were doing exactly what i just spoke of, too... spamming their site's url all over the messages so that they would show up in the search engines and raise their ranking... in this case, these spammers site was also one of those bad ones that installs spyware software without you knowing about it via holes in mickey mouse's... errr... ^H^H^H^H^H^H^H^H^H^H^H^H^H^H^Hmicrosoft's stuff...

I tend to agree with Wkitty on that one. I help a friend maintain a blog and 2 days ago, we had to deal with a spam attack in the comment section. End result was many hours lost deleting over 1000 spam messages.

They had no nasty words, no url's to other sites, and they didn't even come fast enough to use - for example - a timer block. They were from so many different IPs that it became clear that individual IP blocking wouldn't work either.

In the end, just to stop the attack and have time to consider filtering options, I ended up blocking *.*.*.* for IPs, meaning nothing could come in. And just for the record, turning off comments in Movable Type didn't do squat to stop it.

I wish I had an idea on something effective to block such spams, but the only ways I've seen work so far is either compulsory registration or moderated comments. At worse, my email gets hit, but I don't have hours of fixing to do on the site afterwards.

i understand what you mean, and agree with you both, but what you are talking about is the worst case of a spam attack.
my intention was not to discuss security problems in general. i'm just focusing the very simple case of breaking the layout of an ExhibitEngine powered site by using excessive long or numerous words...