Ok folks, I am tired of people spamming my captcha contact form. I need a better solution. Does anyone have an excellent, proven, and simple to deploy method for fooling the bots on a contact form?
Tags: CAPTCHA, contact form, spam
Over the last 3 weeks, I have been unusually quiet, even for me. I am taking a creative hiatus and doing a lot of reading, by real writers, not just technical books.
I am also in the office a lot more than I have been for the last two months. Getting back into that takes a little time as well.
As always, comments are open, and spam will be deleted.
Be good to each other.
This was in my mailbox just now. Huh?!?!?
NEW BBC SERIES
Thinking about having a baby?
We are looking for couples to take part in a new BBC series exploring the science behind getting pregnant and pregnancy. If you are thinking about trying for a baby or have already started trying and would like to find out more, please call us on 0141 204 6620 or e-mail: baby@mentorn.tv
PLEASE DO NOT REPLY TO THIS EMAIL ADDRESS - REPLY TO mailto:BABY@MENTORN.TV
We’d like to advise you that we got your email address from a mailing list company. Their lists are compiled from those who have agreed, when visiting relevant websites, to receive contact from third parties
If you would like to be removed from our list please reply to mailto:BABYLIST@mentorn.tv
I am trying to figure out what list I said yes to to get this email.
This morning, my server was the victim of a sustained DDoS lasting approximately 45 minutes. The entire flow of traffic came from the usual group of trackback and comment spam morons.
Now, the good news: b2evolution came through the event with flying colours. The antispam feature built into the product prevented ANY attempts by these morons at inserting comments and trackbacks from being successful.
I have added one more layer filtering to handle these morons. Since they use such a limited number of keywords in their REFERER fields, I just wrote a mod_rewrite rule to send them off to my infamous TCP Port 9080.
RewriteCond %{HTTP_REFERER} .*(pharmacy|poker|casino|blackjack|cialis|viagra| \
porn|nude|girls|drugs|sex|animal|holdem| \
stud|hydrocodone|vicodin|slut|anal|xanax|video| \
oxycontin|russia|-online|online-).*
RewriteRule ^.*$ http://www.newestindustry.org:9080/ [R,L,NS]
This should deal with 90% of the morons. If I missed any keywords, drop me a comment.
Technorati: iptables, mod_rewrite, comment spam, trackback spam, DDoS
Tags: app, evolution, HTTP, IE, IM, IP, ISP, it, keywords, Mac, Om, One, online, pr, server, spam, TCP, Technorati, traffic, video
I have been seeing these bursts of traffic, mainly from spambot morons, that have suddenly been crushing my server. The main cause: excessive database connections.
This was quickly remedied today when I changed all of the mysql_connect statements to mysql_pconnect statements. This allows PHP to use an existing connection to the MySQL database to serve requests from the same Apache child process.
Now the truly geeky among you are going “DOH! Wadda ya mean you were opening a new connection for every request?”. Well, believe it or not, I will bet you dollars to doughnuts that your blog app doesn’t persist database connections. Not a big deal if your database is on the same machine, and you are using local named pipes to make requests. However, if that database is located on another machine, if you do a netstat, you will see a large number of connection on port 3306.
Persisting database connections is particularly important for large hosted services. A great deal of TCP overhead, and kernel space memory can be saved by simply not letting the Web server saturate the database with individual database connections for every page request.
Without persistent database connections, eventually the TCP queue will be full of database connections and no one will be able to connect to the server, or they will get a lovely “can’t connect to database error”.
Technorati: a href=”http://www.technorati.com/tag/web+performance” rel=”tag”>web performance, PHP, MySQL, MySQL PHP, Apache
Tags: apache, app, blog, data, database, EAD, HTML, HTTP, IE, IM, IP, it, Mac, mysql, Om, One, performance, persistent, PHP, pr, server, spam, TCP, Technorati, traffic, web, Web Performance, Web server, Web+performance
Ok, started to notice a dramtic and sudden increase in traffic to my site yesterday. Turns out that all of these folks were headed to the same place at this host:
/index.php?disp=stats
So, when I checked this out, they were all indicating referrals from the usual illicit medication and adult sites.
<sigh> More trackback and comment spam.
Now, I know that this page exists in b2evolution, and it is a way for visitors to view my traffic stats. However, a link to this page does not exist in my main display page. The only link to my stats is to my StatCounter stats.
Enter mod_rewite.
A simple rule disposes with these morons.
RewriteCond %{QUERY_STRING} disp=stats
RewriteRule ^.*$ http://www.pierzchala.com:9080/ [R,L,NS]
Please do not attempt to load the redirected URL; you will get nothing. NADA! That port is set to be dropped by iptables, effectively hanging the client end as it attempts to make a TCP connection.
/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 9080 -j DROP
I use iptables to handle a lot of these morons. As the only people who view this page are infected with some virus or spyware, then I feel no shame in tying up their systems
Tags: apache, client, EAD, evolution, HTML, HTTP, IE, IM, IP, ISP, it, Om, PHP, pr, spam, TCP, traffic, visitors
Mailbox is getting a number of these requests on a daily basis, most are from automated trawling that I mark as spam.
A few haven’t bother to check that I am Canadian.
A few actually want to talk.
Anyone else seeing activity a la 1999 recently?
Hank Stringer has, of course…
Gotta love these: genaholincorporated.com
Thankfully the b2evo spam filters crush their comment and trackback spam.
However, had to add them to the filter script I run every minute to clean out extraneous hits. Luckily the bots have a unique browser string!
May your bots melt in the 10th Level of Hell.
The andrewsaluk.com is now a live server hawking online casino gaming. Oh, and it appears that the domain has been relocated to China; was previously in South Korea.
Looks like these morons are slamming a lot of sites. Thankfullt b2evolution has very effective anti-spam tools.
Someone else is posting on this. [here]
Oh look! Someone has come up with a nice .htaccess hack to nuke these bozos! [here]
Tags: .htaccess, app, bbc, China, evolution, HTTP, IE, IP, it, KOREA, live, Om, One, online, PHP, posting, pr, server, spam
