During this latest sustained spam attack, this blog has been a little less responsive than I’d like. I’m thinking it’s related to Akismet’s need to talk to the mothership to verify each comment. As an experiment, I’ve switched back to Spam.module, disabling Bad Behavior and Akismet. It’s a bit of a risk, switching spam blocking strategies in mid-attack, but whatever. That’s what backups and phpMyAdmin are for.
Already, the site feels slightly less unresponsive. I’ve never been really happy relying on an active network connection to the Akismet Mothership to check each and every comment, and Spam.module is a completely self contained solution. It’s closer to Spam Karma 2 - the best spam blocking plugin for WordPress. Bayesian voodoo checking the content. Link counting, IP checking, etc…
So far, only a few snuck through in the short time between disabling Bad Behavior and Akismet, and enabling and configuring Spam.module.
In poking through the spam log, it looks like one particularly persistant roach just won’t get a clue. None of his crap has gotten through, but he just keeps coming back. Googling a portion of his automatically generated names turns up a list of 818,000 comments this person (or group) have flung onto the blogosphere. Almost a million spam comments. There’s a brand new inner circle of hell opening up for this clown.
Of course, I’m setting myself up here. If Spam.module falls over, I’m wide open to potentially thousands of automated spam comments. This should be interesting. I’m debating requiring comment previews before submission, so Spam.module can kill spammers before anything touches the database, but I’ve never liked making anyone jump through any more hoops than absolutely necessary (no CAPTCHA, no confirmation words, etc…).
Update: Well, it hasn’t been 100% bulletproof, but I only woke up to find 3 comment spams that needed removal. The sustained attack continues, though, so hundreds of other attempts were successfully blocked. Not bad. I may turn Bad Behavior back on to try the combo of BB+Spam.module…
Update 2: The spammers are getting frustrated. It looks like 2 separate attackers. One is using a single IP address, which was easily blocked via .htaccess. The other apparently commands a zombie network with an unknown number of computers from various networks. Hard to block via a simple htaccess deny access directive. But spam.module cleaned it out pretty quickly.
Now, they’ve resorted to simply salting the earth. If their links can’t get onto this blog, they’ll settle for just polluting it with as many garbage nonsense random ascii comment filler as possible. It’s either to vandalize for vengeance, or to confuse the Bayesian magic that filters incoming comments. Either way, I had to spend half an hour manually nuking the garbage that got past the filters. What a waste of time.
The spam.module log database table currently has over 25,000 entries. And it’s only been turned on for just over 24 hours.
Entries (RSS)
I personally enjoy moderating all of my comments. Often people feel like they’re done something wrong and that is not to say that now and then I don’t see comments, but for the most part its been pretty good. Also getting a module that locks sending any more comments after a certain period of time can be useful, however limiting in the conversations… They’re rats, whatchu gonna do but try to block them..? A week ago some guy decided I guess it would be funny to send thousands of bots to a particular page about a particular president’s policies. I deleted the page, the bot attack went away after quite a bit of time may I add after I deleted the page.
I used to disable comments after 30 days, but that prevents long discussions, or picking up a conversation after a break. I’ve avoided moderating comments, because I always feel unsure when I submit a comment to a moderated blog. Will the moderator see it? will it be buried in a pile of spam? when will it be approved? etc… it breaks down the fluidity of a conversation. But it’s one of the more effective anti-spam strategies. Stupid spammers, wrecking everything again…
Maybe it would be worth looking into some .htaccess magic and/or mod_security if this stuff doesn’t relent. Just a thought. All of those requests to apache, php, and mysql eats up a lot of cycles even if you can keep them unpublished…
Got this as an error message at the top of the page after I posted my first comment btw:
user warning: Table ‘drupalblog.spam_surbl_cctlds’ doesn’t exist query: SELECT ccid FROM spam_surbl_cctlds WHERE cc = ‘highervisibilitywebsites.com’ in /home/.cruncher/dnorman/darcynorman.net/includes/database.mysql.inc on line 121.
I’ve added some .htaccess directives to disallow ip addresses, but at least one of the attackers has access to a zombie network, with hundreds of different IP addresses from various networks all sending the comment spam attempts.
The spam blocking got effective enough that they appear to have given up on posting actual link content, and are just salting the earth with complete nonsense (and no links).
What a waste of resources (theirs and mine). I stepped away from the computer to have supper with the family, and play some games with my son, only to come back to a couple hundred vindictive crap comment posts. Nice.
and thanks for the heads-up on the error, Caleb. I wasn’t seeing that because I’m logged in, and that part of the spam blocker is turned off for logged-in users. It should be fixed now.
No problem dnorman. There are other htaccess methods than ip banning. This article can get you going in the right direction and then if you want to know anything more may start googling:
http://diveintomark.org/archives/2003/02/26/how_to_block_spambots_ban_spybots_and_tell_unwanted_robots_to_go_to_hell
And then there is always mod_security which is much more robust:
http://atomicplayboy.net/blog/2005/01/30/an-introduction-to-mod-security/
Hey darcy,
You might take a look at these two options:
http://isc.sans.org/diary.php?storyid=1836
-hidden form fields
http://www.kittenauth.com/
- a new drupal module
hidden form fields only work until the bot wrangler decides to check the form and add some code to lookup/generate values for those. I’d tried that long ago, back when I was using WordPress. It didn’t work for very long.
Kittens? Really. It’s cute, but seems like a rather gimmicky hoop to make people jump through.