Drastic Measures

Over the last month, I started getting a trickle of comment and referer spam on this blog. It seems to always come in on the day view page for December 7, 2003. At one point, the blosxom community figured out that comment spammers were googling on common text in the default writeback. The writeback for one specific post that day got comment spammed over and over until I just made that particular file read only. It seems like that list got out, and then I’ve been getting more and more refer spam for the same 10 or so sites over and over, always on that same page view. I’ve got all the sites that they are using already in my blacklist, so none of them will show up. However, the constant onslaught is becoming a drag. I’ve had several hundred pageloads of that day today, each of which loads the whole 30K just to hit me with the refer URL. For the time being, I’m just redirecting that URL to the “page not found” error page. We’ll see if that reduces the load of these things eventually, or if they just keep stupidly trying to spam the 404 page over and over indefinitely.

The spread of boxes from which this spam is coming is getting large enough to make me believe that these are all machines that have been ownz0r3d by some scumbags, who are using them to bounce this crap off of. Either they’ve got a lot of friends, or there is some automated script managing this from many different IP addresses. I wouldn’t be at all suprised if one of the recent worms left a trojan that was doing this.