[development] My site is under attack (trackbacks, spam and cpu usage).

Jeremy Andrews lists at kerneltrap.org
Mon Sep 18 03:40:58 UTC 2006 

Hi Augustin,

  I had a similar problem some time ago, and ended up writing
the very simple 'trackback_blackhole' module which solved the
resources issues for me. The module is distributed with the
v2 spam module, available here:
  http://kerneltrap.org/jeremy/drupal/spam/#downloads

  You can download the whole tarball, and then just install
the trackback_blackhole module without installing the spam
module.

  I hope that helps.

Cheers,
 -Jeremy

On Mon, 18 Sep 2006 11:14:49 +0800
"Augustin (Beginner)" <drupal.beginner at wechange.org> wrote:

> 
> Hello,
> 
> 
> I am curious: is anyone using the trackback.module and
> allowing incoming trackbacks?
> 
> Spammers have a vicious script designed for Drupal, that
> submits spam trackbacks in a loop, every few minutes,
> 24/24h.
> 
> Even though not ONE of their trackbacks has EVER been
> published on the site, once your site is entered into their
> registry, they'll never bother take it off. It seems the
> only human intervention is to ADD new sites to spam in the
> robot's registry, never to remove any. Even though I have
> disabled the trackback.module weeks ago (!!!), my logs are
> still flooded with "warning  page not found  trackback/$nid
> not found. " 
> 
> In such a situation, I wonder how anyone could be using the
> trackback.module for any length of time.
> 
> My particular concern at this time is server resources. I
> know there is a spam module that can automatically delete
> spam trackbacks, but it won't solve the resources problems. 
> 
> My site hasn't had any new content for a week, and the
> Drupal cache should be working at its best, and the CPU
> load should be at its lowest. However, the opposite is
> true. 
> 
> ---------------------------------------------
>           |  For the week  | For the day    |
>           |  rank  -  %    |  rank  -  %    |
> --------------------------------------------|
> cpu       | 86th  - 0.216% | 190th - 0.107% |
> hit       | 504th - 0.032% | 543th - 0.030% |
> Bandwidth | 404th - 0.045% | 370th - 0.030% |
> ---------------------------------------------
> 
> See the high cpu usage compared to hits and bandwidth. The
> relatively lower cpu rank for the day is only due to a
> server upgrade which rendered spamming impossible. 
> Now, I have already noted a few weeks ago that the cpu
> usage of a Drupal site is higher than the cpu usage of
> other sites. Another Drupal site I have and which has never
> used the trackback module (and therefore never been entered
> in the spammers' registry) is showing the same pattern of a
> higher cpu usage. However, it is not as bad as this site.
> 
> 
> For the sake of the other web sites co-hosted on the same
> server, I'd like to drastically cut down on cpu usage. 
> I'd like to add a directive at the top of .htaccess that
> ends straightaway any request to trackback/$nid (so that
> Drupal never gets bootstrapped).
> 
> Would that work? 
> What would I need to add to .htaccess?
> 
> 
> 
> If you have some insights on the wider spam issue and
> trackback spam in particular, please do share.
> 
> I repeat that the spam.module is not an option: it would
> increase even further the cpu usage when I want to minimize
> it.
> 
> thanks,
> 
> Augustin.
> 
> 
> 
>

More information about the development mailing list