[development] My site is under attack (trackbacks, spam and cpu usage).

Augustin (Beginner) drupal.beginner at wechange.org
Mon Sep 18 03:14:49 UTC 2006


I am curious: is anyone using the trackback.module and allowing incoming 

Spammers have a vicious script designed for Drupal, that submits spam 
trackbacks in a loop, every few minutes, 24/24h.

Even though not ONE of their trackbacks has EVER been published on the site, 
once your site is entered into their registry, they'll never bother take it 
off. It seems the only human intervention is to ADD new sites to spam in the 
robot's registry, never to remove any.
Even though I have disabled the trackback.module weeks ago (!!!), my logs are 
still flooded with "warning  page not found  trackback/$nid not found. " 

In such a situation, I wonder how anyone could be using the trackback.module 
for any length of time.

My particular concern at this time is server resources. I know there is a spam 
module that can automatically delete spam trackbacks, but it won't solve the 
resources problems. 

My site hasn't had any new content for a week, and the Drupal cache should be 
working at its best, and the CPU load should be at its lowest. 
However, the opposite is true. 

          |  For the week  | For the day    |
          |  rank  -  %    |  rank  -  %    |
cpu       | 86th  - 0.216% | 190th - 0.107% |
hit       | 504th - 0.032% | 543th - 0.030% |
Bandwidth | 404th - 0.045% | 370th - 0.030% |

See the high cpu usage compared to hits and bandwidth. The relatively lower 
cpu rank for the day is only due to a server upgrade which rendered spamming 
Now, I have already noted a few weeks ago that the cpu usage of a Drupal site 
is higher than the cpu usage of other sites. Another Drupal site I have and 
which has never used the trackback module (and therefore never been entered 
in the spammers' registry) is showing the same pattern of a higher cpu usage. 
However, it is not as bad as this site.

For the sake of the other web sites co-hosted on the same server, I'd like to 
drastically cut down on cpu usage. 
I'd like to add a directive at the top of .htaccess that ends straightaway any 
request to trackback/$nid (so that Drupal never gets bootstrapped).

Would that work? 
What would I need to add to .htaccess?

If you have some insights on the wider spam issue and trackback spam in 
particular, please do share.

I repeat that the spam.module is not an option: it would increase even further 
the cpu usage when I want to minimize it.



Because we and the world need to change.
Intimate Relationships, peace and harmony in the couple.

More information about the development mailing list