Oh, *now* I understand why people mount DDOS attacks
Pardon me being self-indulgent on the blog comment spam thing again. At the time of writing, there have been 768 attempts since about midnight on Wednesday to post spam comments here. They’re all from Trojanned PCs, from different IPs (if you try to post a comment and get redirected mysteriously, your machine was possibly used to try to post here; its IP is automatically added to a do-not-comment list). So I can’t just ban the IP.
The annoying thing is that they’re also all for the same site, or group of sites. Which leaves one wondering: should I just feel triumphant? Or angry about this relentless waste of my resources? I have to say it’s hard to feel triumphant, seeing the seemingly endless list of auto-blocked comments, and the indifference with which the post attempts are made. One just feels like mounting a denial-of-service against the would-be advertised sites.
Go on, you spamming gits. Pay me $3,000 and you can put the ad here with my approval. Or is that too much like legally-sanctioned work?
Update 16:11: closer examination showed that the overwhelming majority of attempts were coming from just three computers, at Verio’s network. Added those three to .htaccess (the Apache file that would be better named “bouncer in sunglasses”). End of problem - 1460 attempts since last Wednesday - for now.
- These posts might be related (the database thinks..):
- That didn't last long: Lycos withdraws its spammer-DDOSing screensaver (6 December 2004; score: 34.04%)
- No, Google *isn't* because of MyDoom [though I could be.. I *am* wrong..] (26 July 2004; score: 32.95%)
- Lycos screensaver tackles spam websites.. if you can find it (1 December 2004; score: 28.42%)
![[Valid RSS]](wp-includes/images/valid-rss.png "Validate my RSS feed"){kind=small}
November 1st, 2004 at 9:50 am
But are the IPs all owned by the same company? In that case it’s probably a dynamically allocated cable modem or similar. The last trouble I had was from verio. A quick note to abuse@, listing the IPs and a bit of the log, is normally accepted as proof of trojan, and it’s twice worked for me. I didn’t get any acknowledgement, but the spam stopped within 24 hours.
I fear that your offer won’t otherwise work. $3000 to you reaches far fewer customers than $3000 spent on a high google ranking.
November 1st, 2004 at 11:38 am
Unfortunately they’re not from a single company - they’re from all over the place. Verio is one of them, though.
The “slow DDOS attack” is still going: 1400-odd since Wednesday. I’m building up a big “naughty IP” list. Yes, the point about some of them being floating IPs from dialup is valid (which is why I said “possibly used” above). I might create a different page that bad comment attempts are sent to where people can see their IP and compare it to a list (or have it compared) if they can’t comment.
This does seem rather odd, though. I may re-tweak my version of the Three Strikes Plugin (which I’ve turned into the Three Strikes And You’re In The Tarpit) to redirect to somewhere vanilla on the site. I think that because this comment spammer is getting (1) delayed up to five minutes before anything appears (2) redirected, when the page reloads, to a different site that he/she/it thinks something’s broken.
Which of course it is.
November 2nd, 2004 at 1:55 pm
Hi Charles,
Thought you might find this interesting re: system attacks -
http://www.macworld.co.uk/news/index.cfm?NewsID=10035
Source:-
http://www.mi2g.com/
Steve