So, we have been getting a fair amount of comment spam for the last several months. Once I installed Jay Allen's "MT-Blacklist", it has really only been annoying. When I got home from work today, however, I noticed that my machine was thrashing. It was working so hard, that the console was unresponsive. A reboot later, and I was back in control of the thing. Doing some initial investigation, it looked like somebody (or somebodies) was jamming on the comment system for the blogs that are hosted here. I disabled it quickly, so that I could get on with my life.
Later (after dinner & "The Daily Show"), I found that as soon as I re-enabled the "mt-comments.cgi" script, the box was immediately hammered again. I managed to narrow all of the spam traffic down to 4 IP addresses, being served by an ISP called SAVVIS. Looking in DNS, it looks like these IPs are being used by a company called "Marketscore". From their website, it is hard to tell if they are legitimate or not. For the time being, I have firewalled them off, and fired off an e-mail to the abuse department over at SAVVIS. But in 2005, I'm going to have to do two things:
- Come up with a better anti-spam solution for the blogs hosted here.
- Tune my FreeBSD machine -- because getting pounded with HTTP CGI requests shouldn't hork the box to the point that I can't login on the console.
-Andy.
Wow, that's bad. Good working mailing the ISP.
This is only semi-related but take a look at this site: http://www.aa419.org/ladvampire.html
It's just a table of images from phoney bank sites used in 419 nigerian scam schemes. the site reloads them constantly so it runs up their bandwidth. I know these aren't the same people spamming your machine but I consider them part of the same class of web trash.
Posted by: Mark at December 16, 2004 08:24 AMYou could upgrade your MT installation and turn on TypeKey authentication. Then you'll only get TrackBack spam, but no comment spam. So far it has worked for me (for the last 3-4 months).
best,
Carl