If you’re wondering why the site has been slower than snot today, it’s because of jackass comment spammers. I’m running this site on a meaty Pentium4 2.8 with a gig of RAM, and when I ran “top” via an SSH command line (once I was actually able to get onto the server), I realized what the hell was happening: I was the victim of a Denial-of-Service attack, of sorts. The load in “top” was pushing 60+ (an overloaded server is anything higher than 5 or so anybody who doesn’t know). From my estimation, about 150 connections per second were hitting my comment script (which has since been renamed, meaning comments won’t work on many older posts until I rebuild the site). Not only that, they were hitting my e-mail form on the right side of this script (which has also been renamed as well). The connections were coming from dozens of different IP addresses, meaning they were coming from spyware/virus-infected zombie PCs (I’ll check out my logs later to see if there was any pattern to it all).
After the end of it all, not a single comment spam actually made it on my site, thanks to MT-Blacklist and SpamLookup. It did make my server, cry, however, saying no to that many connections running a CGI script.
Anyway, comments will be working again later tonight after a rebuild (they should work on this entry, however).
Comments
Yep, damn those comment spammers. With MT Blacklist it’s nice to know they don’t get on the site, but geez what’s the point of these spammers? These days we run so many spam filters on email, comment spam blockers on blogs, what’s next? Why does mass marketing like this have to be so lame? Do people actually buy anything from these? Sure I could go around town spraypainting my website address on buildings, houses, cars, whatever to gain more exposure or attract attention, but then what? Would people really want to give me anything good after I’ve pissed them off?
Ah yes.. the comment and trackback spam. That was a heck of a load… I’ve had my humble machine choke under a load of 10~20. My blog seems to handle the hits pretty well but it’s still majorly annoying. I turned of the notifications because there were too many (which increased the load as mail had to traverse spamassassin and clamav)
I would recommend mod_security. The thing with MT plugins, as you found out, is that they prevent the spam appearing on your weblog but the load still kicks up.
With mod_security, it blocks spam the minute someone hits the post button so the cgi script isn’t called at all so no load whatsoever beyond mod_security.
I’ve got zero comment spam plugins on MT as mod_security is doing all the heavy lifting and the top processes aren’t mt scripts!
In my experience, the spammers only hit my older posts. i have implemented captcha (currently on everything, but will be restricting it to anything 2 weeks or older when I get the time) and havent had a single comment spam since.
I am sold on captcha.
Rick: As Arvind said, a captcha wouldn’t help me. The jackass was directly hitting my comment script, bypassing the form, with hundreds of connections. A captcha wouldn’t have helped there at all (as my other plugins stopped his spam from showing up on the site anyway).
Arvind: I had mod_security in place at one point using blacklist to modsec. The problem was that with all those rules, my Apache processes were running really high usage and slower than normal. After removing all those rules that that script created, it runs fine (I’ve also heard that mod_sec runs far better in Apache 2.0, and I’m running Apache 1.x because it better supports the hosting control panels and such that I use). I still am running mod_security, but just with its default small list of rules.
I’m thinking about re-implementing a more industrial-strength mod_sec setup for this site only in the .htaccess file (my rules before were done with includes in the httpd.conf file — if includes were supported in .htaccess, life would be MUCH easier). Do you have a config file you use for your blog that you could send my direction?
My site was getting hit on my “contact” page a couple of nights ago.
I think spammers are moving on to contact forms as the next spamming page. Strange thing is that the comment posted is only seen by myself. So what’s really the point?
My site was getting hit on my “Contact” page a couple of nights ago. The rate at which I received the comments were too fast for it to be a person hand typing comments into it. So I figured it had to be a script. I changed the name of the page and they stopped.
At the same time I was hit by over 250 comments spams in less than 30 minutes. I use WordPress and we have a really nice spam program called Spam Karma that does a wonderful job of nailing them. So it’s just a matter of verifying them in SK’s interface pages.
I’m guessing that Contact page spam is going to be the next big thing for spammers. That’s going to really suck!
Sorry about the double post there. I thought your spam filter had stopped the first one because I was using Google’s new Web Accelerator. 🙂