[wp-hackers] SOS (Formerly 'Referrer Spam')
Roy Schestowitz
r at schestowitz.com
Wed Oct 12 16:25:19 GMT 2005
_____/ On Wed 12 Oct 2005 13:25:20 BST, [Amit Gupta] wrote : \_____
> Roy Schestowitz <r at schestowitz.com> wrote:
> | Getting back on topic, the scale of the attacks is beginning to
> become scary,
> | not just worrying. As I said at the start, it continues to grow by
> the day
> | (nearing 2 weeks now) and it's reaching the point where I get tens of
> | thousands
> | of page requests from a variety of UIP's. This still gets worse by
> the
> | hour and
> | I am running out of bandwidth (although I re-directed to reduce it),
> not to
> | mention the speed penalty that the shared server is susceptible to.
> |
> | These attacks can wind up costing hundreds of pounds, not to mention
> | the time I
> | spend/t trying to stop them. I have no root access to the Web server.
> Any
> | suggestions? I would rather not tell the hosts and ignite some sort
> of
> | reputation of a trouble-maker
>
> I think it would be wise to block the offending IPs for some time(using
> .htaccess). If they similar, then block their entire C class block. I
> had an
> attack of this kind sometime back & blocked 2-3 C class blocks that were
> the repeat offenders for sometime. this might loose out on some
> legitimate traffic but its worth it in my opinion.
The spammy traffic is getting violently high at the moment, so I am forced to
act upon it quickly. AWStats has been running for a long time (still does)
processing the logs of the past 3 hours. I have just downloaded today's log
(over 15 MB since midnight, but traffic peaking drastically this
afternoon) and
my worst fear is a reality. The IP addresses of the offenders are so
well-distributed that you could barely ever isolate ham from spam using IP
blocks as a criterion. Blocks A-D vary a lot.
> also, if your host is not an idiot, they wouldn't label you as a trouble
> maker
> if you go to them with this problem. it would be wise as well to let
> them
> know of the problem, as they are better equipped to handle the situation
> than you are, as they too don't want someone sniping away at their
> server, possibly a DoS attack!! :)
I'll tell them immediately, thanks for the suggestion. I wish I had done that
when it all got started, but I was on vacation. I wonder what trick a host
could possibly pull off the sleeve. If they cannot filter successfully, the
site might have to go down. Spammers should be shot.
Roy
--
Roy S. Schestowitz | Useless fact: Sharks are immune to cancer
http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
5:15pm up 48 days 5:29, 4 users, load average: 0.16, 0.61, 0.59
http://iuron.com - next generation of search paradigms
More information about the wp-hackers
mailing list