Some scumbags bouncing referer spam off of open proxies brought down this site for a while yesterday. Unlike most referer spammers, these guys are hitting at a load of multiple times a second, so often that the blosxom processes couldn’t keep up with them. I was out of town yesterday (which is fricking always when these things happen) and when I got home the load on the server box was over 100. Nice.
Luckily for me, I have a script that will parse my http logs, find referers out of a list I set and then add those IP addresses into the .htaccess file as forbidden. As bad as this sucked, all I had to do was add a few of the referral URLs into my script and rerun it and bingo – about 500 IP addresses were added in as forbidden. Even though I’m getting bursts of a dozen hits a second from the scumbags, it takes a fraction of the resources to route them to the forbidden page than for blosxom to create the page.
Apologies for anyone trying to get to the site when it was inaccessible. The arms war with the scumbags is temporarily tilted in my favor.
Some more IPs from the 4776 referer spam http requests I got yesterday – in case you missed some: http://andrewu.co.uk/pix/webtech/referrerSpamIPs_20050214.txt [3.77KB text file]