Referer Spam DoS

Over the last couple of days my servers have been suddenly getting extremely slow and non-responsive at times. The system load averages climb to the hundreds and nothing responds. This has lasted from a few minutes to a few hours (the night before last). I found nothing out of the ordinary coming into the system and was having trouble figuring out the source of this DoS, until late last night.

I was watching the server logs while working on some code and noticed that I was getting referer spammed. As I continued to look (and log) in amazement, a handful of machines made a large number of requests to my server, all with the tell tale referer spam clues (there were about 10,000 total requests in that attack). My understanding is that when the spammer requested such a large number of pages in quick succession, the server buried itself in trying to keep up with the dynamic pages being built. Since WordPress does not protect against rapid multiple requests from the same host, the spammer was effectively administering a DoS.

Referer spam is harder to stop at the php level and instead of trying to stop the attacks, I figured I would put a plugin in place that would alleviate the negative effects of a large number of requests. You guessed right, this blog now uses Staticize 2.5 to thwart DoS referer spammers. Since I do not advertise referers anywhere, the only damage sustained is some loss of bandwidth. I could ban their IPs but that would require constant maintenance. I have thought of some other output buffering and filtering, but thats in the works.

So if your server has recently exhibited some of these symptoms, it might be time to take a closer look at referer spamming and adopt some measures to stop them. Thanks Photomatt for Staticize!