Referer Spam DoS

February 13th, 2005
Web Ethics, WordPress Hack

Over the last couple of days my servers have been suddenly getting extremely slow and non-responsive at times. The system load averages climb to the hundreds and nothing responds. This has lasted from a few minutes to a few hours (the night before last). I found nothing out of the ordinary coming into the system and was having trouble figuring out the source of this DoS, until late last night.

I was watching the server logs while working on some code and noticed that I was getting referer spammed. As I continued to look (and log) in amazement, a handful of machines made a large number of requests to my server, all with the tell tale referer spam clues (there were about 10,000 total requests in that attack). My understanding is that when the spammer requested such a large number of pages in quick succession, the server buried itself in trying to keep up with the dynamic pages being built. Since WordPress does not protect against rapid multiple requests from the same host, the spammer was effectively administering a DoS.

Referer spam is harder to stop at the php level and instead of trying to stop the attacks, I figured I would put a plugin in place that would alleviate the negative effects of a large number of requests. You guessed right, this blog now uses Staticize 2.5 to thwart DoS referer spammers. Since I do not advertise referers anywhere, the only damage sustained is some loss of bandwidth. I could ban their IPs but that would require constant maintenance. I have thought of some other output buffering and filtering, but thats in the works.

So if your server has recently exhibited some of these symptoms, it might be time to take a closer look at referer spamming and adopt some measures to stop them. Thanks Photomatt for Staticize!




  1. Dave M. (2 comments.) says:

    I found an interesting solution to the referral spam problem. Instead of modifying .htaccess to block referral spams, I added a small .PHP file that redirects referral spam attempts back to the site that the referral spam is referring to. So they just spam their own sites. :)

    I posted a link to the info here:

  2. Mark says:

    Good method to prevent spam, but it will require constant maintenance, which is something I do not want to spend much time on. :)
    Thanks for the link, I am sure a lot of people will find that useful!

  3. Ozh (88 comments.) says:

    Ah, I was to suggest to give a try to my script, but Dave did it first :)

    Actually it’s fairly easy on maintenance. Every 3 or 4 days I’m adding a new keyword or URL, that’s about it.
    (I have encountered the same problem with one referral DoS’ing)


Obviously Powered by WordPress. © 2003-2013

page counter