[typo] Spam DoS

Alastair Rankine arsptr at internode.on.net
Wed Oct 25 04:36:04 EDT 2006

Hi Guys,

My Typo blog has been so heavily spammed of late that my hosting  
provider took it off the air. I only convinced them to reinstate it  
after getting them to block the IP address ranges that were  
responsible for the bulk of the spam.

The problem was excessive CPU and database usage. I have a shared  
hosting plan and it was, according to the hosting provider, "creating  
a 30-50% spike in CPU usage for a period of 10-40 seconds".

So even though i had the Akismet spam detection active, and it was  
quite effective at marking incoming comments as suspected spam, it  
was the database hit that killed me.

Some questions:

1. Does the RBL prevent the comment from going into the database in  
the first place? If the incoming spam were blocked by the RBL, would  
it have been an effective alternative to blocking the incoming  
connections with Apache configuration (which I don't have control over)?

2. Does it make sense to contribute the spammer's IP addresses back  
to an RBL? If so, how could this be done?

3. Can I do anything to help speed up the redevelopment of spam  
protection measures? I'm on double-secret probation with the hosting  
provider, and need to get some better protection in place (the IP  
block isn't going to hold them for long, dammit).

4. I thought I read somewhere (perhaps on this list) where someone  
had done an analysis of the amount of database traffic that resulted  
from a single comment, and that it was currently way too high. Does  
anyone else recall this? Is there any point analyzing this further?


More information about the Typo-list mailing list