The refer spammer scumbags have been at it all day. They have a new tactic which defies my strategy. Even after I changed to running my script twice an hour, which adds the IP addresses to my .htaccess file, it wasn’t helping. They were bursting, hitting me 100 times in a minute or two, and then moving on to a different IP address (probably an open proxy.)
I installed mod_throttle into my Apache instance, and set it to only allow 15 hits per minute for one IP address. I also changed the script to run every single minute, so now the most any specific IP address from a spammer can hit me is 15 times. It will either be locked out or added as a forbidden user before it can do more than that.
This crap sure is annoying, but ultimately is probably for the best. Now the mod_throttle will also prevent abusive crawlers and the like from hammering my websites. I just hope this doesn’t affect any legitimate users.
How big is your .htaccess file? It must be getting quite large.
i think they attacked teedlo too, i had to go through and delete some referrers with like 1000 hits to the site.
Just some thoughts, Dave. I don’t imagine that these would solve your problem today, but they might help alleviate it down the road, by making you less of an attractive target.
First, the “nofollow” attribute proposed by Google
http://www.google.com/googleblog/2005/01/preventing-comment-spam.html
seems to be gaining some support. It is supposedly already supported by blosxom, though I couldn’t find a direct link at the blosxom site. (Google “nofollow blosxom” shows some links, though, and it shouldn’t be that hard to hack in anyway).
Also, while I was thinking about that, I was looking at the page HTML, and pondering…”how are they finding him anyway”? Not that EGC isn’t the bee’s knees…but surely some of those things are automated. I noticed the div id, “menurefer”, which appears to be standard for the blosxom referer plugin (I won’t swear to that, since I only did some basic checking…but it appeared to be). Now, it would take some grepping in the app, no doubt, to update all the places that it’s um, referred to *grin*…but maybe if the div was identified differently, it might fail some automated tests, and drop you off of some lists.
Just some thoughts. Good luck with the throttlin’, dude! Looking forward to listening to the 13th’s podcast on my way to work in the morning.
Later!