{"id":3129,"date":"2005-02-08T07:50:40","date_gmt":"2005-02-08T15:50:40","guid":{"rendered":"http:\/\/michaelhans.com\/eclecticism\/2005\/02\/08\/the-spammers-have-won-for-now\/"},"modified":"2019-12-13T09:00:10","modified_gmt":"2019-12-13T17:00:10","slug":"the-spammers-have-won-for-now","status":"publish","type":"post","link":"https:\/\/michaelhans.com\/eclecticism\/2005\/02\/08\/the-spammers-have-won-for-now\/","title":{"rendered":"The Spammers Have Won (for now)"},"content":{"rendered":"<div class='__iawmlf-post-loop-links' style='display:none;' data-iawmlf-post-links='[{&quot;id&quot;:8822,&quot;href&quot;:&quot;http:\\\/\\\/click.linksynergy.com\\\/fs-bin\\\/click?id=xLsJkztrnNY&amp;offerid=78941.10000002&amp;subid=0&amp;type=4&quot;,&quot;archived_href&quot;:&quot;&quot;,&quot;redirect_href&quot;:&quot;&quot;,&quot;checks&quot;:[],&quot;broken&quot;:false,&quot;last_checked&quot;:null,&quot;process&quot;:&quot;done&quot;}]'><\/div>\n<p>Until I have time to get in and do some rather major work on my webserver, I&#8217;m afraid that comments and TrackBacks are turned off. I <em>really<\/em> don&#8217;t like doing this &#8212; I like the interaction aspect, both getting into discussions and just knowing that people stop by here from time to time &#8212; but the attacks on the server have been too severe and too regular, and I&#8217;m tired of battling them.<\/p>\n<p>I&#8217;m pretty sure that there have been three major things causing my problems.<\/p>\n<ol>\n<li>My server is just too old and slow to handle the attacks.\n<p>Rather than paying for hosting space somewhere, I run my own webserver out of my apartment. This has quite a few advantages, in that I don&#8217;t have to worry about how much disk space I use, there are no bandwidth caps, and it&#8217;s allowed me to host websites for friends and family on the same server. However, the downside is that the server itself isn&#8217;t terribly powerful by today&#8217;s standards &#8212; only a single-processor 350Mhz G3.<\/p>\n<p>Now, really, that&#8217;s not that bad of a machine, and for general purposes &#8212; that is, serving static pages, which is what I started with years ago &#8212; it works wonderfully well. However, when I&#8217;m in the midst of getting hit by a spam attack, it just can&#8217;t handle the load, and it slows to the point of a virtual crawl. It&#8217;s never actually gone down &#8212; right now it&#8217;s showing a reported uptime of 197 days, 17 hours, and one minute &#8212; but there&#8217;s so much for it to process that it might as well go down.<\/p>\n<p>The issue is that comment attacks these days take the form of an automated script, or &#8216;bot&#8217;, that repeatedly and rapidly submits comments to the comment script on a weblog, sometimes hundreds of submissions per minute. While I have anti-spam measures such as MT-Blacklist installed, they still need to look at each submitted comment in order to determine whether it&#8217;s spam (and reject it), an actual user-submitted comment (and accept it), or something indeterminate (at which point it&#8217;s put into a moderation queue for me to look at).<\/p>\n<p>When I&#8217;m getting flooded with hundreds of comment submissions at a time, though, my server just can&#8217;t process the information fast enough to be able to respond, and my server essentially stops responding until it can work its way through everything.<\/p>\n<\/li>\n<li>\n<p>Renaming the comment script is pointless.<\/p>\n<p>One of the accepted methods of combatting the spam attacks is to rename the script that MT uses to accept and process comments, on the theory that the &#8216;bots&#8217; that the spammers use then won&#8217;t be able to submit anything. This used to work, but now it&#8217;s painfully obvious that the spammers have upgraded their bots to parse through the HTML code of a page to find the name of the comment script. At this point, I can rename my comment script, and the attacks start again within a minute or two after I rebuild my site. So much for that idea.<\/p>\n<\/li>\n<li>\n<p>I made a mistake a while back that&#8217;s now biting me in the ass.<\/p>\n<p>The last time I set up my server, I made what in retrospect was obviously a mistake, though I didn&#8217;t think about it at the time. Each of the three primary accounts on my server &#8212; me, my dad, and Kirsten &#8212; use the same MySQL database for their MT data. Because of this, whenever a comment spam attack starts, it doesn&#8217;t matter which domain they&#8217;re aiming at &#8212; as the bot generally attacks by submitting a few comments to one entry ID number, then increments that by one and sends a few more comments, as it steps through entry IDs on the database it will end up hitting entries on every weblog in the database. A single comment attack on any single domain on my box can affect all three domains.<\/p>\n<p>Okay, yes, in retrospect, that was fairly amazingly dumb on my part. Of course, six months ago the comment spam attacks weren&#8217;t anywhere near the level that they are today, so it&#8217;s taken a while for this mistake to start showing the consequences. Things like this, however, are a big reason why I only provide hosting services for a few select friends and family, and I make sure they know that there may be occasional issues: as a sysadmin, I&#8217;m essentially learning as I go, which isn&#8217;t always the safest or most effective way to go about it. Kind of the webmaster&#8217;s version of driving by braille.<\/p>\n<\/li>\n<\/ol>\n<p>What I need to do now, then, is break everything down and start over. Luckily, I shouldn&#8217;t have to do a full nuke and pave on my server &#8212; just the MT systems. I need to do a complete export of all entries and comments for each weblog on the system, nuke the MySQL database that MT is using, then create three separate databases, reinstall MT, and re-import the weblogs. Not a fun process, but I think I should be able to do it fairly transparently, without losing all the various design tweaks and customizations we&#8217;ve made to the weblogs. It may result in anywhere from a few hours to a few days of downtime for the sites I host, but I&#8217;ll do my best to keep that to a minimum once I start.<\/p>\n<p>Once I&#8217;ve done that, I&#8217;ll experiment with turning comments back on. I&#8217;m not entirely sure how that will go, as the spammers will still be able to attack, but at least at that point they&#8217;ll be limited to attacking one domain at a time instead of attacking one and getting two more in the process. This may or may not be enough to keep comments open&#8230;we&#8217;ll find out when I get to that point.<\/p>\n<p>This has been a rough couple of days, and yesterday I skirted dangerously close to just pulling the plug on my server entirely. I started hosting my own websites back in 1995 because it was fun to do, and the project has grown over the years, always because I enjoyed it, and it&#8217;s fun to find all these neat new things that can be done. Installing MovableType, opening up comments to the world, hosting sites for Kirsten, Phil, and my dad &#8212; I love the fact that I can do this.<\/p>\n<p>But these spam attacks have been taking all the fun out of it. Each time I see the server get hit and stop responding it gets more and more frustrating. Yesterday I was ready to just completely throw in the towel &#8212; at one point, even checking to see if it would be possible to import all my old entries into my LiveJournal account (it isn&#8217;t). Thankfully, after a couple hours of Prairie and Phil putting up with my whining and tossing ideas at me over IM, I just figured that even though I don&#8217;t like to do it, at this point simply turning off comments until I have a chance to rebuild the database and the MT installation was the best way to go.<\/p>\n<p>So that&#8217;s where things stand at the moment. Feedback is still a good thing, so feel free to drop an e-mail my way if there&#8217;s something you&#8217;d like to toss my direction. Until I get the chance to spend a few hours\/days doing maintenance on the box, though, this is how things stand.<\/p>\n<p><a href=\"http:\/\/click.linksynergy.com\/fs-bin\/click?id=xLsJkztrnNY&amp;offerid=78941.10000002&amp;subid=0&amp;type=4\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" width=\"61\" height=\"15\" alt=\"iTunes\" src=\"http:\/\/images.apple.com\/itunesaffiliates\/logos\/iTunes_sm_bdg61x15.png\"><\/a> &#8220;<a href=\"http:\/\/click.linksynergy.com\/fs-bin\/stat?id=xLsJkztrnNY&amp;offerid=78941&amp;type=3&amp;subid=0&amp;tmpid=1826&amp;RD_PARM1=itms%253A%252F%252Fphobos.apple.com%252FWebObjects%252FMZSearch.woa%252Fwa%252Fcom.apple.jingle.search.DirectAction%252FadvancedSearchResults%253FartistTerm%253DBlues Brothers, The%2526albumTerm=Blues Brothers, The%2526songTerm=Sweet Home Chicago%26partnerId%3D30\">Sweet Home Chicago<\/a>&#8221; by <a href=\"http:\/\/click.linksynergy.com\/fs-bin\/stat?id=xLsJkztrnNY&amp;offerid=78941&amp;type=3&amp;subid=0&amp;tmpid=1826&amp;RD_PARM1=itms%253A%252F%252Fphobos.apple.com%252FWebObjects%252FMZSearch.woa%252Fwa%252Fcom.apple.jingle.search.DirectAction%252FadvancedSearchResults%253FartistTerm%253DBlues Brothers, The%26partnerId%3D30\">Blues Brothers, The<\/a> from the album <em><a href=\"http:\/\/click.linksynergy.com\/fs-bin\/stat?id=xLsJkztrnNY&amp;offerid=78941&amp;type=3&amp;subid=0&amp;tmpid=1826&amp;RD_PARM1=itms%253A%252F%252Fphobos.apple.com%252FWebObjects%252FMZSearch.woa%252Fwa%252Fcom.apple.jingle.search.DirectAction%252FadvancedSearchResults%253FartistTerm%253DBlues Brothers, The%2526albumTerm=Blues Brothers, The%26partnerId%3D30\">Blues Brothers, The<\/a><\/em> (1980, 7:51).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Until I have time to get in and do some rather major work on my webserver, I&#8217;m afraid that comments and TrackBacks are turned off. I really don&#8217;t like doing this &#8212; I like the interaction aspect, both getting into discussions and just knowing that people stop by here from time to time &#8212; but the attacks on the server have been too severe and too regular, and I&#8217;m tired of battling them.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2040],"tags":[13,812,599,25],"class_list":["post-3129","post","type-post","status-publish","format-standard","hentry","category-blog","tag-life","tag-movabletype","tag-weblogs","tag-website"],"_links":{"self":[{"href":"https:\/\/michaelhans.com\/eclecticism\/wp-json\/wp\/v2\/posts\/3129","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michaelhans.com\/eclecticism\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michaelhans.com\/eclecticism\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michaelhans.com\/eclecticism\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/michaelhans.com\/eclecticism\/wp-json\/wp\/v2\/comments?post=3129"}],"version-history":[{"count":0,"href":"https:\/\/michaelhans.com\/eclecticism\/wp-json\/wp\/v2\/posts\/3129\/revisions"}],"wp:attachment":[{"href":"https:\/\/michaelhans.com\/eclecticism\/wp-json\/wp\/v2\/media?parent=3129"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michaelhans.com\/eclecticism\/wp-json\/wp\/v2\/categories?post=3129"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michaelhans.com\/eclecticism\/wp-json\/wp\/v2\/tags?post=3129"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}