[development] My site is under attack (trackbacks, spam and cpu usage).

Gabor Hojtsy gabor at hojtsy.hu
Mon Sep 18 14:14:30 UTC 2006


On Mon, 18 Sep 2006, Augustin (Beginner) wrote:
> For the sake of the other web sites co-hosted on the same server, I'd like to
> drastically cut down on cpu usage.
> I'd like to add a directive at the top of .htaccess that ends straightaway any
> request to trackback/$nid (so that Drupal never gets bootstrapped).
>
> Would that work?
> What would I need to add to .htaccess?

We have some .htaccess directives at weblabor.hu to cut down on pointless 
CPU usage. One is denying requests based on referers (which is trackback 
related too).

SetEnvIfNoCase Referer ".*(casino).*" BadReferrer
SetEnvIfNoCase Referer ".*(pharmacy).*" BadReferrer
SetEnvIfNoCase Referer ".*(gambling).*" BadReferrer
SetEnvIfNoCase Referer ".*(poker).*" BadReferrer
SetEnvIfNoCase Referer ".*(pills).*" BadReferrer
deny from env=BadReferrer

Also if you would like to send a proper(!) "Gone" HTTP code to user agents 
who try to request your previously available trackback URLs, you can do:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^trackback - [G]

This sends a "Gone" HTTP status to the requester. This is better then an 
"Access denied" status, since you explictly state that the resource does 
not exist anymore, and any reference to it should be removed. The actual 
difference in meaning is only relevant for well-behaving bots, not the 
spammers, but it is nice to accurately inform well-behaving bots about the 
situation.

> I repeat that the spam.module is not an option: it would increase even further
> the cpu usage when I want to minimize it.

Do not even think about loading Drupal modules in these pointless cases. 
The sooner you catch these requests the better.

Gabor


More information about the development mailing list