Spam floods and Performancing Problems

Comments

1. Mark (5 comments.) says:

   1/15/2007 at 10:56 pm

   I feel your pain. In fact, I’m living it too. We’ve had to upgrade our hosting and it’s still not enough at some times during these floods. These people are idiots. They are taking down all the little guys.

   I am not a programmer but if there is anything you think I can do to help, I would be more than happy to do so.
2. Matt (1 comments.) says:

   1/16/2007 at 12:56 am

   I feel your pain too, my meagre blog was/is being hammered consistency with requests that were more than enough to cause a kernel out of memory exception to be thrown, which then kills of whichever processes it feels need to die, in my case mysql and apache.

   Bad Behaviour didn’t help, neither did Spam Karma 2 or Akismet, as the problem was not the spam getting onto my blog, but the severe number of requests coming through that was crashing my system.

   I’ve found renaming my comment page and then blocking all requests to the old wp-comments-post.php file using Apache’s mod_security has so far been a successful bandaid, as well as some IP blacklisting of the most common offenders.

   I’d love to hear a real solution for this too.
3. Ajay (72 comments.) says:

   1/16/2007 at 1:15 am

   Mark, I think spammers are trying to hit the wp-comments-post.php to try and post their comment.

   One solution could be to change the name of this file and all references to it and then block access to the wp-comments-post.php file to throw up 403 errors.

   This is a workaround like Matt suggested above, but it may help curb the attack a bit.
4. Everton Blair (7 comments.) says:

   1/16/2007 at 5:45 am

   I was having the same problems, and I renamed my comments post file and all has been well since.
   http://www.connectedinternet.c.....1/01/1263/

   Some spammers caught on, so I just changed the name again -takes 1 min to do.
5. Chris Garrett (1 comments.) says:

   1/16/2007 at 7:46 am

   Sorry about that, am hoping our server woes are behind us
6. Michael eh? (2 comments.) says:

   1/16/2007 at 1:07 pm

   One sure fire way that got rid of spammers from newsgroup alt.binaries.pictures.anime was to track down the site that the spammers were spamming for and complain it off the server. Some ever track down info 3 to 4 links up to the hosts main trunk. Within 2 weeks, spamming in that newsgroup was dead after I made the comment ‘if the spammers have no site to spam for, what would they spam for?’

   I love moderation function though I’m not sure if it blocks the user IP when it is marked for spam. Maybe wp-comments-post.php should check who references it, maybe a parameter from wheither it’s inside the site or externally linked.

   I seen enough multilink spam that an upper limit should be set for URLs in a comment. Since spam is automated, it’s pointless for warnings.

   I also wonder if RSS feed is being used to aid spammers.
7. Raj says:

   1/16/2007 at 2:31 pm

   Could there be a script that can get the IP of spammer and add it to the .htaccess file for certain duration of time to completely deny access to the domain? I thought about doing it many a times, but with my limited knowledge of coding, I could not go any further than just dreaming about it.
8. Michael B (1 comments.) says:

   1/16/2007 at 2:43 pm

   My site got hit yesterday morning hard, harder than I’ve ever seen. Luckily, SK2 got everything, some 1000 comments. Not being very familiar with how most of these work, I guess I was lucky. I don’t know if while it was happening the site suffered any, but nothing seemed out of the ordinary. I’ve seen a plugin that uses some JS to manipulate the wp-comments file’s name, I’ll look for it.
9. Michael (19 comments.) says:

   1/16/2007 at 6:50 pm

   I frequently advocate the use of John Sinteur’s Block-Lists anti spam measures.
   Find it here http://weblog.sinteur.com/index.php?p=8106 (The Daily Irrelevant).
   In combination with Akismet and Bad Behaviour it has prevented all but three spam comments from penetrating my site.
10. steve (1 comments.) says:

    1/17/2007 at 3:39 am

    on my end, i regularly update my mod_security filters and overall, works quite well. filtered spam doesn’t even reach WordPress at all – and for those keywords/phrases that do get through, i’ll let SK or BB handle them – just a simple and elegant 412:precondition failed. however, mod_security is not for everyone.
11. ColdForged (2 comments.) says:

    1/17/2007 at 11:11 am

    They were getting me again as well. I couldn’t test the efficacy of my mod_security SK2 plugin — mentioned in a comment the last time you posted about these floods — as my host had left mod_security out of the installation when they rebuilt the server.

    I refer to these as “Maxthon floods” as the culprits have user agents containing “Maxthon” which isn’t too common. As such, I tried to help stave off the attacks with this bit of htaccess ruleset:

    # Maxthon killing
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{HTTP_USER_AGENT} Maxthon
    RewriteRule .* - [F=412,L]
12. Michael eh? (2 comments.) says:

    1/17/2007 at 4:46 pm

    While checking my 404 errors I notice some strange file requests. Since my blog is in another directory than root these attempts didn’t work and were logged.

    /xmlrpc.php twice
    /xmlrpc/xmlrpc.php Once
    /xmlsrv/xmlrpc.php Once
    /blog/”” Once
    The actual file was accessed 8 times this month alone.

    Obviously spammers are using this file maybe as an access point. The question is of what use is it? No doubt spammers are taking apart WP to find openings to hack their way in. Though this points to a file other than wp_comments_post.php. Maybe those who are having problem should check their logs on this howmany times this file is being accessed.
13. Charles says:

    1/18/2007 at 1:15 pm

    My business site’s blog has a new wrinkle in blogspam today. The spam has flooded in daily for months, but my assistant moderates it by marking it as spam & it disappears. Today there are 4 comments that will not go away – they remain in the queue for moderation, even though we have deleted them repeatedly, marked them as spam, even repeatedly tried to singly delete them. Nothing has worked. They persist in the queue. Here’s the URL for one of them:
    http://ws.arin.net/cgi-bin/who.....225.177.14
    If anybody has any ideas, we’d appreciate it.
14. Charles (1 comments.) says:

    1/18/2007 at 11:31 pm

    OK, Never Mind! My main site’s host server was down yesterday and software issues unrelated to WordPress turned out to be the culprit in my ‘undeletable blogspam’ – but many thanks to Everton Blair for your suggestion – I did rename my blog file today & will do so regularly. Cheers.
15. Shaw (1 comments.) says:

    1/4/2009 at 10:15 pm

    Wow, I hadn’t considered the load draw on resources caused by spam attacks. I just thought they were a hassle. and…I had bad behavior installed, and thought it would take care of that…guess I better keep looking! Come on…bust out that comment script please Shaw

Trackbacks/Pingbacks

1. Rugjeff’s Blog About Blogging » Blog Archive » How Can We Control Blog Spamming says:

   1/16/2007 at 3:22 am

   […] For some strange reason, my blog is being bombarded with spam comments.  This has always been a minor issue but this past week the spam comments on my blog have tripled.  At first I thought nothing of it, then I came across a post from Weblog Tools Collection. […]
2. Fudeblog by Cesar Cardoso » Normal, para um valor x de normal says:

   1/21/2007 at 11:32 am

   […] Parece que tivemos mais uma botnet entrando no ar, porque o Weblog Tools Collection notou um aumento no flood de spam de comentário. Particularmente só notei um ou dois falsos positivos a mais que a média, mas teve gente que notou aumentos maiores. […]