For the past couple of weeks I’ve been spending much time away from news sources, computers, and the usual suspects, and actually trying to get out of the house once in a while and see actual human beings in person. So I haven’t written too much.
While I was out, some comment spammers decided to try their luck here. None of them succeeded in getting their garbage posted, but their attempts did create a noticeable impact on the server. While at the moment I believe it’s unrelated, a few days ago I had to completely reinstall this server from scratch. The blog lived on a backup machine (a Pentium 166 with 96MB RAM) for about a day. The reason for the reinstall is that the server’s filesystem was corrupted beyond repair. Fortunately, I was able to rescue nearly all of my files, and the blogs as well.
The Pentium 166 handles WordPress only with difficulty, and access to the site was slow at best during that time. Little of that was caused by spammers; mostly it was the age and capacity of the machine. It’s definitely somewhere below the recommended requirements for PHP-based software. Anyway, I only use it in cases of emergency, such as happened on Thursday.
It did get me to thinking, however. If the spammers had hit during that time, the site would have been completely crippled by denial of service. This is currently a problem without a solution; at this time nothing exists which can prevent or even mitigate a DoS attack by comment spammers. This is not unthinkable; almost two months ago Dr Dave was hit by such a DoS attack. His site was down for a day. I don’t think the spammers had intended to knock him offline, but the extreme load that they put on his Web host by hitting his site from multiple addresses at once forced him offline. That’s denial of service.
And even he can’t seem to stop them, and not from lack of trying. He did create Referrer Karma, which goes a long way toward mitigating one particular type of attack, but doesn’t do that much against comment spam, and still leaves many holes open through which determined spammers (and they are determined, if mostly stupid) can run right through.
That has to change, and I am going to change it. Look for updates here soon.
On that note, there’s someone out there, and you know who you are, who has subscribed to my RSS feed and is updating once a minute. Please do something about that now. I don’t write here frequently enough to justify once-a-minute updating, and it does have an impact on the site. Try an hour, or 30 minutes, or something. Thank you.