[support] Spammers filling sessions table

[Boerland, Bert]

-----Original Message-----
From: support-bounces at drupal.org [mailto:support-bounces at drupal.org]On

> Bad behaviour and spam are blocking almost all of the comment spam
> from publication, but the site is choking in the meantime.

> I've tried session_limit module, but the spammers are spoofing random
> ips and ignoring the sessions, so it doesn't seem to have any effect.

> Any suggestions welcomed.

I host at a pentium 166 at home and have simular problems. Blocking the spammers with bad_behaviour doesnt really help since the zombie networks out there dont check to see if it was a succesfull post or not or even what the HTTP answer was. 

Note that spoofing IP addresses is nearly impossible on the internet with all ingress filtering (see rfc2267). So the request come from dozens and dozens of "real" hosts, mostly zombie bots. I ended up in dropping them in my iptables. I dont think it is a good thing to do, bu then again most of the admins of the zombie networks dont behave as well. 

If you turned on captchas and bad_behaviour, that is the only thing you can do (apart from upgrading your host/bandwith/io capacity etc)