When we initially converted our site to Drupal, we were getting lots of spider hits on old URLs, and I put into our .htaccess rewrite rules based on http://drupal.org/node/53523 These redirect to "GONE", rather than using "access denied". Maybe not any more helpful for a spambot, but any legit bot should get the hint. example: #some rules to block requests for old pages from search engines RewriteCond %{REQUEST_FILENAME} !-f RewriteRule .*\.htm$ - [G,L] I also like the idea of redirecting to the loopback address- does that really work? -Peter Date: Mon, 18 Sep 2006 11:14:49 +0800 From: "Augustin (Beginner)" <drupal.beginner@wechange.org> Subject: [development] My site is under attack (trackbacks, spam and cpu usage). To: development@drupal.org Message-ID: <200609181114.49182.drupal.beginner@wechange.org> Content-Type: text/plain; charset="us-ascii" Hello, I am curious: is anyone using the trackback.module and allowing incoming trackbacks? Spammers have a vicious script designed for Drupal, that submits spam trackbacks in a loop, every few minutes, 24/24h.