So more spammy badness this morning. Nothing got through to the page — the application layer held up — but the attacks caused serious site problems as the applications spun into high gear to keep the Visigoths at bay. And, in this case, it was a comment script attack, rather than the more common (these days) trackback script.
I’m just damned sick of it. I renamed both scripts (twice), but it had a heavy enough impact that the kind folks at Hosting Matters sent me a note about it and took some interventions themselves.
Rrg.
I’ve pondered shutting down the trackback bits, even though I make a lot of use of them myself within the application (as an internal cross-reference). But as today’s attack showed, it’s still a problem on the comment side. Indeed, one of the key protections I have — TinyTuring, which has kept every single casual bot comment spam since August 2006 — probably made things worse in this case, as it meant that every faux comment attempt fired off the comment script before being blocked (and if it had hit the junk filters and been blocked, AutoBan would have pushed the IP address into htaccess and blocked further attacks from that source).
As it stands, I have a number of IP ranges generically blocked (sorry, all my potential readers in Russia and China); that doesn’t prevent IP spoofing, I suppose, but at the moment it’s the best I can do, on top of the other tools.
(Ironically, most people gripe about e-mail spam; I’ve gotten to the point where the majority gets filtered and the rest I can toss with as much ease as junk mail at home. It’s the blog spam that’s taking up too much of my time.)
A suggestion has been received that I bail on Movable Type and move over to WordPress or some other blogging tool (not that they’re immune to spam attacks, but the type of scripting that MT has means a lot more system resources are chewed up in defending against it). I can’t tell you how much I don’t want to do that for a variety of reasons (the vagaries of migration, learning a new platform, etc.). I’ve had a vague hope that MT4 will be a bit more robust in this, but I don’t recall reading anything about that one way or the other.
So time to crack the books again on MT and anti-spam. Just what I want to do on my Winter Vacation.
Any other thoughts out there?
Well, lots of resources out there, but no joy regarding a good solution. Best looks to be implementing FastCGI — but no luck revisiting that again. Need to focus on that over the holidays.