This morning, my server was the victim of a sustained DDoS lasting approximately 45 minutes. The entire flow of traffic came from the usual group of trackback and comment spam morons.

Now, the good news: b2evolution came through the event with flying colours. The antispam feature built into the product prevented ANY attempts by these morons at inserting comments and trackbacks from being successful.

I have added one more layer filtering to handle these morons. Since they use such a limited number of keywords in their REFERER fields, I just wrote a mod_rewrite rule to send them off to my infamous TCP Port 9080.

RewriteCond %{HTTP_REFERER} .*(pharmacy|poker|casino|blackjack|cialis|viagra| \
     porn|nude|girls|drugs|sex|animal|holdem| \
     stud|hydrocodone|vicodin|slut|anal|xanax|video| \
     oxycontin|russia|-online|online-).*
RewriteRule ^.*$ http://www.newestindustry.org:9080/ [R,L,NS]

This should deal with 90% of the morons. If I missed any keywords, drop me a comment.

Technorati: iptables, mod_rewrite, comment spam, trackback spam, DDoS

Tags: app, evolution, HTTP, IE, IM, IP, ISP, it, keywords, Mac, Om, One, online, pr, server, spam, TCP, Technorati, traffic, video