Comment spam robot using up bandwidth
kdebaas - June 27, 2008 - 15:46
Hi! Our site is being hit by a comment spam bot. While its attempts to post comments are succesfully blocked by mollom, it is taking a toll on our available bandwidth and diskspace. We have had 12.484 attempts to post a spam comment yesterday, and that is just one day!
Our modest mysql database grew from 3 Mb to 120 Mb because it is filling up our logs.
Switching off comments does not deter this bot, who just keeps on going. Here's a little snippet from the Apache log:
212.158.129.18 - - [27/Jun/2008:17:35:23 +0200] "POST /es/comment/reply/300 HTTP/1.1" 302 5 "http://zombies.parallelports.org/es/inhoud/foto/dsc118001jpg#comment-87" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.1 (build 00975))"
202.7.176.132 - - [27/Jun/2008:17:35:23 +0200] "POST /es/comment/reply/348 HTTP/1.0" 302 0 "http://zombies.parallelports.org/es/inhoud/foto/dsc085401jpg#comment-79" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
91.89.86.14 - - [27/Jun/2008:17:35:23 +0200] "POST /en/comment/reply/439 HTTP/1.1" 302 5 "http://zombies.parallelports.org/en/inhoud/foto/dsc01664#comment-99" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)"As you can see, the bot uses different IP addresses, and different user agents, so I can't see any obvious way to block him with rewrite rules in the .htaccess file.
Have you had any experiences like this, and did you do anything to stop it? Please share.
Thanks
Klaas
Such things are scary. I
Such things are scary. I really don't like it happening to my site. Have you not taken some pre-cautions? Have you tried using CAPTCHA module or any other similar modules?
Try putting your site in maintenance mode while resolving the problem.
I wish I could be more of help.
Well, mollom is taking care
Well, mollom is taking care of that the comments don't actually get published. However, I'm worried about the fact that at the rate this bot is going (for three days now), he'll use up my monthly bandwidth in less than ten days. I would have thought that the spammer would stop at a certain point, after realising his comments are not being published.
I'd be interested to compare experiences with the amount of spam people are getting on average. I anticipated about 500 a week when our site would be up and running, and properly indexed by the search engines. But this is way more then I expected.
Thanks
Klaas
Glad to see Mollom is taking
Glad to see Mollom is taking care of the spam. Looking at the Mollom logs, it looks like we're blocking thousands of comments a day for your site. :-)
Are you using Drupal 5 or Drupal 6? In Drupal 6, we've made several improvements to the watchdog system. You could use syslog.module and rely on Linux/Unix log rotation functionality to clean up big log files. Or you could the dblog.module and configure the size of the log file at "Administer › Site configuration › Logging and alerts › Database logging". The latter should help you control the size of the database.
I'm using Drupal 5. I have
I'm using Drupal 5. I have set the watchdog to discard entries older than three hours for the moment, to keep its size a bit under control. It's still over 180 Mb in size though.
The spammer is still going strong, at over 10.000 attempts per day. I'll be looking into ways of banning him later this week. Any ideas, pointers?
Thanks
OK, setting the log to
OK, setting the log to discard entries older than three hours back did not in fact shrink my database, as that only counts for recent hits and referrers. I will flush the watchdog table instead.
On another note, I installed Bad behavior and an eerie silence has settled over our site. The comment spam bots are now greeted with 403 responses by the server.
However, nothing is logged by the Bad behavior module, for which I have posted a bug report.