Skip to content
 

Comment Spammers Causing a DOS

Over the last few months the web/mail server running PlanetMike.com has locked up randomly, although usually at night. It always resulted in needing a hard reboot. My web host says it was simply running out of RAM. So I’ll be moving to an upgraded server shortly. Just now I noticed my site was coming up slowly, so I logged in quickly (or as quickly as I could). Everything looked ok, no funny or unknown processes in ps or top. For some reason, I checked the status of apache. httpd (pid 21358 21357 21355 21352 21351 21348 21329 21328 21327 21326 21322 21321 21318 21313 21312 21310 21305 21304 21303 21302 21299 21298 21296 21265 21264 21263 21262 21260 21259 21255 21244 21243 21240 21231 21230 21228 21226 21225 21224 21221 21220 21218 21211 21210 21207 21203 21148 21145 21142 21130 21114 21113 21112 21111 21100 21099 21089 21058 20870 20869 20867 20866 20864 20788 20787 20785 20780 20779 20777 20763 20762 20761 20757 20756 20726 20723 20576 20568 20428 20286 20223 20213 20190 20189 20186 20025 20024 20023 20022 20021 20020 20018 19987 19254 19215 19203 18190 18120 18119 18118 17926 17925 17924 17923 17310 17291 15245 15229 15191 14150 8091 7837 7832 7829 7769 5524 4181 1870 1860 1790 1437 1374 1295 1186 847 835 724) is running…

Whoa! What is all that? netstat showed a ton of connections. I stopped apache and looked through the web logs. It’s freaking tons of attempts to post comments to my blog. I renamed the wp-comments-post.php file to something else, restarted apache, and five minutes later, I already have 160 404 errors. (now up to 164). Idiot spammers.

What was happening is a DOS attack on myself via Akismet I would guess. I guess the next step in the comment battle was is to rename the comment submission page, and tweak WordPress to look for the new file name. Urgh!!!!

Now I’m up to 229 attempts.