[typo] Spam DoS
arsptr at internode.on.net
Wed Oct 25 04:36:04 EDT 2006
My Typo blog has been so heavily spammed of late that my hosting
provider took it off the air. I only convinced them to reinstate it
after getting them to block the IP address ranges that were
responsible for the bulk of the spam.
The problem was excessive CPU and database usage. I have a shared
hosting plan and it was, according to the hosting provider, "creating
a 30-50% spike in CPU usage for a period of 10-40 seconds".
So even though i had the Akismet spam detection active, and it was
quite effective at marking incoming comments as suspected spam, it
was the database hit that killed me.
1. Does the RBL prevent the comment from going into the database in
the first place? If the incoming spam were blocked by the RBL, would
it have been an effective alternative to blocking the incoming
connections with Apache configuration (which I don't have control over)?
2. Does it make sense to contribute the spammer's IP addresses back
to an RBL? If so, how could this be done?
3. Can I do anything to help speed up the redevelopment of spam
protection measures? I'm on double-secret probation with the hosting
provider, and need to get some better protection in place (the IP
block isn't going to hold them for long, dammit).
4. I thought I read somewhere (perhaps on this list) where someone
had done an analysis of the amount of database traffic that resulted
from a single comment, and that it was currently way too high. Does
anyone else recall this? Is there any point analyzing this further?
More information about the Typo-list