Comment Spam crashing Mediatemple dv Server

Question

I have a dv (Dedicated Virtual) server at Mediatemple where I am hosting over 700 Wordpress blogs. Lately I have been facing a problem with comment spam wherein my the server memory utilization shoots up and Apache crashes. I have resorted to using Plesk's firewall module to regularly detect spamming hosts and deny them. But knowing that spammers aren't bound to single IP addresses, I know that this is not going to be a feasible solution in the long run. Also Mediatemple has a cap of 200 IPs on the no. of IPs that can be blocked in this manner. I have already consumed 100+ in a week. And new IPs keep on coming daily. Everyday I have to check the sites comsuming most bandwidth, then check their Apache logs to determine spamming IPs (am relying on project honeypot for this). But I definitely need a better solution than this going ahead.

Can anyone kindly suggest an tool to combat such kind of a problem? Thanks in advance.

score 2 · Answer 1 · answered Aug 30 '10 at 21:17

2

Putting captchas up can really cut down on this level of abuse. Its a bit annoying to the users, but it may be a necessary step to take.

answered Aug 30 '10 at 21:17

Ryan Gooler

352
1
9

+1 - Captchas will definitely stop the automated spammers. It's those spammers with real people behind them that will be a problem in the long run. – vmfarms Aug 30 '10 at 21:23
Captchas ain't gonna work for me, as the problem I am facing is of high loads on the server because of hits from automated spammers. I want to block such requests from making their way to the web server in the first place. – paganwinter Aug 31 '10 at 08:18
If spammers see your blogs as a working target, you will become known as a good place to dump spam. If you use captchas, it is possible you will be removed from lists. Also, you will be cutting down a huge amount on the work done on your server. Before, you were taking up resources processing and saving a spam comment. If the spammers can no longer leave a comment because the captcha blocks them, that will be a huge reduction in time wasted. It's not perfect, but it is a great step. – David Sep 22 '10 at 22:12

score 1 · Answer 2 · answered Aug 20 '10 at 08:12

1

mod_security configured with anti-spam filters and/or RBL lookups is excellent.

answered Aug 20 '10 at 08:12

Janne Pikkarainen

31,852
4
58
81

Thanks a lot, will have a look. I was under the impression that mod_security was an Apache component. Didn't know about this. – paganwinter Aug 20 '10 at 08:24
Yes, mod_security is an Apache component but I think it might be able to stop the crashes by intercepting the traffic & stopping the spammers before the nasty requests actually reaches your blogs. – Janne Pikkarainen Aug 20 '10 at 08:38
+1 mod_security is definitely a good option as well. – vmfarms Aug 30 '10 at 21:24
@Janne Pikkarainen I have a doubt regarding mod_security. I am guessing it doesn't stop the spam request from being processed by Apache. Which will still consume some kind of server resource. I need a solution wherein I can stop the host from accessing anything on my server, like how iptables work. My issue is not really with the spam itself, but with the fact that these spammers are hogging on my server resources. – paganwinter Aug 31 '10 at 09:54
@Paganwinter: But I think the amount of work mod_security has to do is WAY lighter than the one your actual site has to do. If mod_security stops the request, then your site doesn't have to serve that particular request at all. Strip out the unneeded rules from mod_security and it does not add any significant overhead to Apache; same cannot be said from Wordpress, it is a quite heavy application. – Janne Pikkarainen Aug 31 '10 at 10:20
So if I go ahead with it, I have an option of specifying just a single rule (inside the optionals_rules folder I found this conf file: modsecurity_crs_42_comment_spam.conf) And from the rule it appears that it uses spamhaus.org for a Block list. but there are some rules in there which seem to be looking at the requests body and searching for links (and hence deducing that this might be spam) I really don't have much of a pattern for the spam, just that there's too much of it. My best option is to reply on some kind of RBL. So considering this, mod_security still is a good option? – paganwinter Aug 31 '10 at 10:37

score 0 · Answer 3 · answered Feb 28 '11 at 04:21

I am also encountering comment-spam on my server. In my case, the spam is a large number of submissions from a small number of IP addresses.

I think a good solution will be to add a .htaccess file to the root of each virtual server that responds with HTTP Status code 403 (Forbidden) from any request originating from a blacklisted IP address.

I think Apache should be able to respond very quickly and efficiently to these automated content-spam accesses. This should reduce the memory+cpu load.
With time, the spammers may give up and move on, reducing the load even more.

By the way, any experts on .htaccess, please feel free to help by providing the appropriate syntax to block blacklisted IPs in the comments below.

Comment Spam crashing Mediatemple dv Server

3 Answers3