May 20, 2006

Fighting My Way Back

The webmistress is not pleased. There's been a lot of 'unwanted' activity on ATU recently by 'nasty' people and 'people that don't know better'.

    nasty people = spammers
    people that don't know better = hotlinkers


I got the following warning from my hosting company a few days ago.



    Dear Polly,

    Recently your account alltangledup.com has been causing high load on the server. This is a serious problem as it degrades server performance for all of our clients whom you share the server with. High loads cause problems such as delayed e-mail and slow site loading times. I have created this ticket (#xxxxx) on your behalf to track this problem more efficiently. The following scripts appear to be causing the high load:

    - xxxxxxxxxxxxxxxxxxxx (Movable type comment script)
    - xxxxxxxxxxxxxxxxxxxx (Movable type trackback script)

    Spammers are hitting your site so hard in an effort to abuse these scripts that we have had to disable them by removing their permissions.


    (yada...yada... yada )

    We understand that it can take time to resolve these types of problems, but please take a moment to acknowledge this problem within 48 hours. If we do not hear back from you by then, or if the problem gets worse we may need to temporarily disable your account due to terms of service violation. If you have any questions please contact me. If I am unavailable feel free to contact our technical support department at xxxxxxxxxxxxxxxxxxxxxxxxxx.

    Best Regards,

    XXXXX XXXXX
    Jr Systems Administrator


    xxxxxxxxxxxxxxxxxxxx added for privacy


I don't really blame my host for complaining, spam has been raining down on alltangledup.com recently, inundating, Yvonne, Amelia, Stéphanie and me with offers for loans, appendage enhancement products, heating and flooring supplies, and some really unsavoury sites, that an accidental click, would render a need to wash the eyes out with soap! The latest attack was far worst, over 1000 comments/trackback per hour, crippling the server not just for me, but for all the other sites that I share it with (sorry dudes and dudettes!).

Clearly, I had a problem. For goodness sakes, this is a knitting site, so it is highly unlikely that I have been SANS trained... so if you need to tell to do something to fix it, don't send me a Jr Systems Administrator, send me the head honcho tout de suite!

All joking aside, something had to be done, fortunately, I had a few options.

    Option 1 - go to Google and see what other people have done.
    Option 2 - Write a few perl scripts to introduce CAPTCHAs
    Option 3 - Call Geek and throw myself at his mercy and beg (or bribe) him for help, because I can't understand what I found in Option 1 and am far too incompetent to do option 2

My pride said, do 1 and 2 and only do 3 as a last resort. Fortunately (for me) there are loads of resources out there and loads of generous people out there, willing to share their experiences and solutions

One of the best ones that I have found was Yoz Grahme's. Yoz offers lots of tips for outsmarting those 'nasty' bots. Now, I know that could upgrade to MovableType 3.xxx which offers a lot more in terms of protection, but upgrading is a lot of work, and at the moment, I'm just not up to it.

Another very good site is Tom Sherman, who offers serveral scripts to create moving targets and automatically rebuilding blogs in batch.

David Raynes offered a package to close comments to prevent older posts from being commented again, another very good defense for defeating those 'nasty' bots.

Added 2/6/2006
Found this to block accessing comment script directly... very smart

Here's what I propose to do to the nasties.



..Arrow..




Then there are the hotlinkers. The adage that 'a little bit of knowledge is dangerous' is certainly true here. Technical enough to create and write a blog, but not quite technical enough to understand the implications of hotlinking and what it means.

I was in such a foul mood with the nasties that I was thinking of modifying my .htaccess and dynamically swap all swiped images with this one,



..Arrow..



that I got from the photodude. However, it just seems wrong to punish people that don't know better (and most of the myplace users seem to be just children), so I just added some security to not allow the pictures to be displayed on blogspot, myplace, typepad, livejournal and a few forums. I'll monitor my referrer stats and email people to ask them to not link off my site, when I see the hits... I know I can be meaner, but I really rather spend my limited free time knitting, not exchanging heated emails with people from cyberspace.

Posted by atu at May 20, 2006 03:19 PM | TrackBack
Comments

I found that it wasn't all that difficult to upgrade to MT 3.X.

Have you got MT Blacklist installed for your version of MT? When I was using MT 2.6, Blacklist was a real life saver where the spam was concerned.

The other thing you can do that is relatively easy is to change the name of your comment script to something that doesn't look like what the spammers are trolling for.

There are also some nice plugins that help you shutdown the comments on old posts automatically. I found that when I was getting hit hard by comment spam, that most of it was coming to my older posts.

Posted by: Theresa at May 26, 2006 03:12 PM

you are such a softie :) Id have sent more than an arrow. Then again this job has made me that much more sparkier so you know fire has to be coming shortly after that.

Posted by: stinkerbell at May 23, 2006 07:30 PM

oh dear,
i am also a confused person .
i need to read a how to blog book-
so that i am not guilty of doing anything wrong

good luck.
love your blog.

Posted by: kathryn at May 21, 2006 10:23 PM

What a pain. You start a knitting blog to talk about knitting, not to deal with spammers! Still, one positive is you must be popular to attract their attention in the first place. Hope you get it sorted out without having to spend too much time on it.

Posted by: Mary at May 20, 2006 11:56 PM

Okay - I want to be sure that I understand about the bandwidth stealing thing and hotlinking in a bad way. I see remarks about it a lot but maybe I'm one of those stupid people who doesn't know what they're doing and haven't heard it explained properly or something.

When I show a button on my sidebar I save the button image to my own computer, upload it to my typepad account, and then put the web address in my softward somehow (it usually takes me several tries to get everything right), include the link to the button image that I saved onto my own file, and then when it's working properly a person can click on that button and go to the knitalong page or whatever I'm wanting to direct them to. I don't know any other way to do this - am I somehow stealing something from someone by doing this or am I so dumb that I don't even know how to do it wrong?

Best wishes for getting this problem cleaned up and upgrading your site to prevent spam.

Posted by: Laura at May 20, 2006 07:37 PM

Oh, that's terrible! I admire your DYI resolve. Thanks for linking to that David Raynes's page. I'm not at home, but when I get there you had better believe that I will be adding his package to my MT directory!

Posted by: colleen at May 20, 2006 07:16 PM

Polly is my hero!

Thanks for getting us back up and running - I've really missed my fix of blog comments. Wish I could understand 1:4 words of the explanation!

Posted by: Yvonne at May 20, 2006 06:47 PM

That makes my head hurt !
I am building up to upgrading but fear the time it will suck up. ;-]

Posted by: Emma at May 20, 2006 06:08 PM

I don't understand any of it, except that some how the bad guys have got to you - just hope you can sort it all out and that it doesn't cut into your knitting time too much......

Posted by: Jill at May 20, 2006 05:31 PM