On Friday I got a call from a local non-profit whose Drupal 6 site had suddenly crashed. I volunteered to try and help bring them online.
The site was generating an error that suggested a permissions problem with the database. The database for the site was also a bit larger than the allocated space provided by the ISP.
My theory was that the once the database got too large the server prevented Drupal from making additional changes. As I began to try and figure out why the database was that large, I discovered that the site had been attracting as many as 1500 SPAM comments per day over the last week. A quick sampling of the comments found that they were for a garden variety of SPAM products and services - via_gra, designer hand bags, etc.
Makes me feel less bad about the 50 SPAM messages that I've sometimes received in a single day.
My questions:
1) Does this level of SPAM traffic suggest anything beyond the normal SPAM problems we all have to deal with?
2) This site has some controversial political opinions on it. Is it possible (or likely) that this might be an intentional attack on the site. Do hackers have a way of flooding a site with conventional SPAM traffic?
Thanks,
Tim Erickson
Comments
May not be all that abnormal
If the site is just hanging out there with no form of spam prevention, and it allows anonymous comments, you're probably just seeing the normal run of spam bots attacking it. I run a couple of sites that very commonly reject multiple thousand comments per day. So possibilities include:
On the worst site I host I run a mix of different spam control tools --- a script that runs on the varnish server that reads the logs and blocks IP's that post a lot (which takes down the worst of it and keeps the server load under control), a honeypot blacklist, and a few other tools. This keeps the spamming down to a dull roar most days, but some days 100-300 spam posts still sneak through.
It's unfortunately how life is on the internet these days.
Steve Hanson
Cruiskeen Consulting LLC - http://www.cruiskeenconsulting.com
Mollom
Comment SPAM is a scourge, but Mollom is a godsend for fighting it. For a few months last year Mollom was blocking 15,000 - 20,000 SPAM comments a day from my organization's Drupal 6 website (see https://dl.dropboxusercontent.com/u/1447021/MollomSPAMreport.PNG). It has since receded to a relatively reasonable several hundred per day.
Re: Mollom
On my site (mynichecomputing.org -- presently down) I use Mollom and also ask users to solve a math problem (captcha). With those 2 modules and with IP blocking of listed spammers (IPs seen via DB associated with making Anonymous Commenting moderated, before they are posted), I allow Anonymous Commenting to anything and allow Anonymous posting to 2 Discussion groups. The amazing result (which ALL should hear about):
Though there are 10-60 spam attempts per day, I have gone over 8 months without ANY spam getting through.
This truly may be of general interest.
Thanks for the Feedback
It's helpful, but frustrating, to know that this is not that unusual.
I just checked my own site and found over 500 SPAM comments on an obscure page, all posted yesterday. Clearly, I need to boost my SPAM prevention efforts. I'm using Mollum, but clearly not turned high enough.
Usually, I get 10-20 on a busy day. Curious, why yesterday I would suddenly get 500+.
:-(
Tim Erickson
Tim Erickson
Triplo