This morning, my server was the victim of a sustained DDoS lasting approximately 45 minutes. The entire flow of traffic came from the usual group of trackback and comment spam morons.

Now, the good news: b2evolution came through the event with flying colours. The antispam feature built into the product prevented ANY attempts by these morons at inserting comments and trackbacks from being successful.

I have added one more layer filtering to handle these morons. Since they use such a limited number of keywords in their REFERER fields, I just wrote a mod_rewrite rule to send them off to my infamous TCP Port 9080.

RewriteCond %{HTTP_REFERER} .*(pharmacy|poker|casino|blackjack|cialis|viagra| \
     porn|nude|girls|drugs|sex|animal|holdem| \
     stud|hydrocodone|vicodin|slut|anal|xanax|video| \
     oxycontin|russia|-online|online-).*
RewriteRule ^.*$ http://www.newestindustry.org:9080/ [R,L,NS]

This should deal with 90% of the morons. If I missed any keywords, drop me a comment.

Technorati: iptables, mod_rewrite, comment spam, trackback spam, DDoS

Related Posts

• Making PHP-to-MySQL Connections Persistent
• Bots from hell, and a plea for a free-to-use public “DROP” Port
• Opera Web Site: Hello? Anyone home?
• More Stupid Trackback and Comment Spammers
• More on the idiots at andresaluk.com — Comment and Trackback Spammers