Hi Olaf - what despicable abuse. These people seem to be involved in tracking
down spammers: <http://www.spamhaus.org/>.
Best of luck,
Phil
On 14:23, Olaf Greve wrote:
>
>Hi,
>
>Recently I found out that my webserver was acting weird: without
>apparent reason, the webserver software (Apache) started pulling the
>CPU towards 100%, around the time that "the USA wakes up" (i.e.
>around midday over here).
>Consequently, I took some measures to figure out where the issues
>came from, and using Apache's "server-status" handler, I noticed the
>script that caused Apache to choke up (i.e. grab an excessive amount
>of resources), was the TOPE "show entry" script, when specific
>entries were viewed.
>I wondered why, as this script never caused trouble before, and while
>checking the server status I did notice that the "store comments"
>script was called very often. Too often. I checked out the sizes of
>the comments files, and lo and behold: some of them were as big as
>18Mb! The main issue then becoming that these files are parsed as
>text by PHP when an entry is shown, and this either takes a long time
>to complete, or in the worst case causes such an excessive load on
>the CPU, that other server processes (like sendmail) went to a "stand-
>off" state. When checking the contents of those files, it became
>apparent that they were completely hammered with all sorts of typical
>commercial spam, referring to vi*gr* websites, etc.
>This is known as "forum spam" (I think), but TOPE uses custom
>scripts, so someone must have found the URL, and made use of it by
>manually figuring out the parameters and it's functionality.
>
>For now, I have configured the webserver so, that ANY call to the
>"store comments" script is forbidden, and will simply generate a
>standard server error (hopefully the spammers will signal these
>server errors, and will stop the hack attempt), while I am looking
>into a better solution (e.g. by having to type additional text (anti-
>spam challenges) when posting a comment). Therefore, for now the
>comments script doesn't work, so I kindly request you all to not try
>to leave any comments, until I indicate on the list that it is safe
>to use the script again.
>
>Unfortunately this has already caused me quite some time, and will
>cost me a good few hours more to completely correct the mingled
>comments files of the various entries (this has to be done manually),
>so I want to punish the resposible people as much as possible, and
>will go through the Apache access log to work out the IP addresses of
>the machines that were used for this, and I will report them to the
>proper anti spam authorities, such that they will be blacklisted
>Internet wide. If anyone knows of good places to do so (the more, the
>merrier), I welcome hearing about them...
>
>Then, this of course takes precedence for me over launching TOPE 30,
>and as I hadn't announced the end of the shooting season for that
>yet, I will extent that to include the coming weekend, after which
>the normal cycle of 2 weeks submission time, followed by the initial
>launch, etc, will take place.
>That should give me plenty of time to get the other issue fixed, and
>you then still have a few more days to take pictures for TOPE 30. :)
>
>Alrighty, over and out for now, but this is definitely to be
>continued...
>
>Cheers,
>Olafo
>
>
>==============================================
>List usage info: http://www.zuikoholic.com
>List nannies: olympusadmin@xxxxxxxxxx
>==============================================
==
==============================================
List usage info: http://www.zuikoholic.com
List nannies: olympusadmin@xxxxxxxxxx
==============================================
|