Just say “no” to blog spam

In an earlier blog post, I wrote about some of the benefits we’ve reaped from our facility move. Here’s a cool concrete example of those changes at work.

We’re deploying an all-new monitoring system that watches all sorts of stuff about our servers. Of course, part of such a system is tweaking the thresholds so that we hear about the real problems but the false alarms get dropped.

While working with this today, it started telling us that one Apache instance was consistently consuming an unusual amount of CPU. I checked it out, and found a bunch of parallel connections for the same trackback POST request on one of our members’ blogs. “Okay,” I thought to myself, “he said something popular and got Dugg.” That happens fairly often. But it was a little too weird, so I dug up the sources of all the requests, and found that “a bunch” was actually hundreds from suspiciously similar addresses. It was a massive attempt at blog spam.

Score one for the new monitoring!

Armed with this information, I looked up the source and they were all coming from what appears to be a rogue ISP in Russia. A few minutes’ research produced a list of the source IP address ranges. I dropped them into our new “bigger better faster easier” firewall, and sent all those requests straight into the bit bucket.

Score one for the improved firewall management!

Before our move, I’m sorry to say that this most likely would have gone on until (unless) that particular member wrote in to complain “good grief my blog is slow!” and it would have taken a lot longer for us to block it network-wide. Instead, we crushed it ourselves in a matter of minutes and I was able to send our member a message like “You probably didn’t know this was a problem yet, but it’s already handled.”

That was a couple of hours ago. Since then, the firewall has dropped 4,000 more blog spam attempts from those guys.

I want all of our network issues to be handled like that in the future!

5 Comments

RSS feed for comments on this post.

  1. I don’t have a clue how you do stuff like that, but I do know that it’s freaking awesome. Glad that I’m with you guys!

    Comment by Walt — September 27, 2007 #

  2. Irony of ironies, some idiots called NetMovieHost tried to pingback spam this blog entry and the ones before and after. Guess where they’ve ended up. 🙂 -jdw

    Comment by jdw — September 27, 2007 #

  3. Nice work, guys! Always satisfying to see spam vanishing into the bit bucket with minimal effort.

    Comment by James — October 2, 2007 #

  4. Did you see those guys attacking any other blogs? I’ve had some odd spam try to get past Akismet (for WordPress), and the blog has seemed slow at times.

    When we see stuff like this, we always contact the site operator to let them know about it. We also get spam and fake trackbacks past that sneak past Akismet on this very blog. It’s good, but not perfect. -jdw

    Comment by KC — October 13, 2007 #

  5. I agree there is too much spam out there. (Name removed) via (URL removed)

    Thank you for raising this issue.

    [b]This has to be the funniest comment spam of all time. -jdw[/b]

    Comment by Name Removed — October 25, 2007 #

Sorry, the comment form is closed at this time.

Entries Feed and comments Feed feeds. Valid XHTML and CSS.
Powered by WordPress. Hosted by NearlyFreeSpeech.NET.