The PoliBlog
Collective


Information
The Collective
ARCHIVES
Monday, February 12, 2024
By Dr. Steven Taylor

If anyone out there has any experience with running their own server, I need some advice on dealing with attacks on my site. The concentrated attempts by bots to spam my site have been causing the place to shutdown (i.e., to timeout). I am something of a novice at running the site (it is on a VDS) and I need some advice or some pointers as to where to learn how to deal with these problems.

I have managed to radically cut down the amount of comment and trackback spam that actually makes it to the site (even before it is harvested by Askimet or is otherwise stopped from being actually posted for public consumption).

I would recommend highly the auto-close comments plugin and especially the trick of renaming wp-trackback and tweaking the code in two WP files to fool bots into not being able to leave TB spam. The instructions comes via Peter’s Useful Crap:

1) In your base Wordpress directory, rename wp-comments-post.html to something like wp-comments-roller.html, and rename wp-trackback.html to something like wp-trackback-hockey.html.

2) Edit your WordPress files that reference these two files. For most with WordPress 2.0, this means editing one reference of wp-comments-post.html each in your theme’s comments.html and comments-popup.html files (found in the folder wp-content/themes/yourtheme/); wp-trackback.html is referenced once in comment-functions.html and twice in template-loader.html (found in the folder wp-include/).

So far it is clear that the bots seeking wp-trackback are being stymied by this move. I have had no TB spam on PoliBlog Main or any of the sideblogs since I made this change on Friday evening.

However, it still appears that the very act of the bots looking for the file were overloading my server and causing timeouts (too many 404s, I guess). I have IP blocked the offending IPs (from St. Petersburg , Russia, of all places), so I will see if that helps. However, since I can still see their attempts in the logs, I have to wonder if even when they are blocked if they can somehow slow down the system.

Of course, every time this happens, I think back to this ‘toon.

Lousy spamming b*stards.

Sphere: Related Content

Previous Related Posts

Filed under: Blogging, Computer Stuff | |

4 Comments

  • el
  • pt
    1. I don’t run my own server, but I have seen many comments and noticed a substantial number of wp blogs running Dr Dave’s Spam Karma. After some backups and app maintenance I am going to try it. It is a simple wp plug-in and you may care to try it while seeking the best solution.
      Cheers

      Comment by Stanford Matthews — Monday, February 12, 2024 @ 7:20 pm

    2. I used to run SK, and it is impressive, but doesn’t solve the problem I am having. The problem with SK is that it takes up huge amounts of MySQL database space over time (at least it does if you get a lot of spam).

      I have handled (for now, it would seem) the spam problem but need to find a way to fend off the bots.

      Comment by Dr. Steven Taylor — Tuesday, February 13, 2024 @ 7:54 am

    3. Preventing TrackBack Spam and Bad Robots

      Steven Taylor passes on some good suggestions for derailing trackback spammers.
      He’s also soliciting advice for keeping pesky robots from visiting. Clearly, the robots in question have not been programmed according to Asimov’s specificat…

      Trackback by Outside The Beltway | OTB — Tuesday, February 13, 2024 @ 8:28 am

    4. Use the Trackback Validator plugin. I turned Askimet off completely, since my blog is only suffering from trackback spam, and Trackback Validator handles them perfectly. In the years I’ve been using it, it’s allowed ONE spam trackback through into the moderation queue (the spammer set up a pseudo-blog which had a legitimate link back to my blog).

      Security-through-obscurity may work for a while, but eventualy one of the 10-cent-per-post humans willl find it, and will force you to change it again. And again. And again. Trackback Validator simply checks to see if the linked page legitimately comes back to you…something spammers almost never spend the time doing.

      Comment by Charlie Summers — Tuesday, February 13, 2024 @ 4:30 pm

    RSS feed for comments on this post.

    The trackback url for this post is: http://poliblogger.com/wp-trackback.html?p=11443

    NOTE: I will delete any TrackBacks that do not actually link and refer to this post.

    Sorry, the comment form is closed at this time.




    Visitors Since 2/15/03
    Blogroll

    Wikio - Top of the Blogs - Politics
    ---


    Advertisement

    Advertisement


    Powered by WordPress