This morning, my server was the victim of a sustained DDoS lasting approximately 45 minutes. The entire flow of traffic came from the usual group of trackback and comment spam morons.
Now, the good news: b2evolution came through the event with flying colours. The antispam feature built into the product prevented ANY attempts by these morons at inserting comments and trackbacks from being successful.
I have added one more layer filtering to handle these morons. Since they use such a limited number of keywords in their REFERER fields, I just wrote a mod_rewrite rule to send them off to my infamous TCP Port 9080.
RewriteCond %{HTTP_REFERER} .*(pharmacy|poker|casino|blackjack|cialis|viagra| \ porn|nude|girls|drugs|sex|animal|holdem| \ stud|hydrocodone|vicodin|slut|anal|xanax|video| \ oxycontin|russia|-online|online-).* RewriteRule ^.*$ http://www.newestindustry.org:9080/ [R,L,NS]
This should deal with 90% of the morons. If I missed any keywords, drop me a comment.
Technorati: iptables, mod_rewrite, comment spam, trackback spam, DDoS
Leave a Reply