Posting here for my own reference …
Avo pinged me last night that he was unable to post a comment to my blog, getting a 403 error (Forbidden). Hrm. Weird. He could read the page, but not click the post or preview buttons.
Was having the same problem this morning. And he couldn’t see the little editing button graphics, either.
Hmmmm. That sounds like something’s blocking access to the MT executable directory (the editing button graphics are put out there via JavaScript, and the buttons obviously execute .cgi scripts).
Hrmmmm.
I knew I had some banning bits in my .htaccess file. I’d glanced at it last night, but hadn’t seen the IP address (via the 403 error) that Avo mentioned in there. I looked again this morning and … bingo. It was in there, put in by MT AutoBan.
MT AutoBan is a plug-in I use to ban IP addresses from junk commenters and junk trackbackers. It’s pretty spiffy, as it keeps spam attacks from executing the the MT code after more than (configurable) 1 junk comment/trackback is put in. That reduces the server burden substantially (even if MT would still block it, it avoids the MT code from having to be executed again). The ban holds true for (configurable)
48 hours.
Went to the MT AutoBan configuration to confirm those settings, then seeing that it was driven by Junk settings, I went to Junk comments (being certain that Avo wasn’t sending in Trackbacks). And there it was — a comment he’d put in for the Humor Test over on BD’s blog. And since I host BD, it went against my Movable Type configuration.
It was showing as Junk because he’d copied in the whole results from the Humor Test, which has a very large number of internal links in it — enough links that MT’s SpamLookup system flagged it as junk (comments, generally, only have a few link in them at most — the Humor Test has several).
(And the lesson here, for my readers, is watch the number of links in what you put into a single comment; on these sorts of things. I see this most likely in doing responses to these sorts of memes/personality tests.)
Solving the problem at that point was trivial. I told MT the comment wasn’t junk, and MT AutoBan rescinded the ban, automagically. I also tweaked the settings a little bit to lend more weight (hopefully) to “trusted” and previously approved commenters.
The system actually worked the way it was supposed to — I wasn’t just quite clear where the glitch was initially, nor was Avo (he had seen the problem occur after the comment gave him a message about moderation — but that was on a different blog than mine, where he was seeing the problem, so ).
Filed for future reference …