If you or your one of clients are hosting a blogger via ftp on your account, commenting needs to be disabled for now..
See the following article:
"...an attacker may inject executable code into
the archive page by posting a comment to the weblog because, while
Blogger automatically strips most HTML from comments, they do not strip processing instructions."
I directed a couple of my less tech-savy clients to use blogger as a blog, so they would not have to go through manually updating their scripts every ~3 weeks... As cpskins is not all that great about keeping upto date with the latest releases of the scripts they provide.
See the following article:
"...an attacker may inject executable code into
the archive page by posting a comment to the weblog because, while
Blogger automatically strips most HTML from comments, they do not strip processing instructions."
I directed a couple of my less tech-savy clients to use blogger as a blog, so they would not have to go through manually updating their scripts every ~3 weeks... As cpskins is not all that great about keeping upto date with the latest releases of the scripts they provide.