WordPress.org

Ready to get started?Download WordPress

Forums

DreamHost Terminating my Account (9 posts)

  1. Nick Momrik
    Member
    Posted 6 years ago #

    Today I received an email from DreamHost informing me they were terminating my account in 30 days. I guess my sites are using 100% CPU.

    I checked out one of the log files and wp-comments-post.php is getting bombed. On Monday the file had over 550,000 requests! The requests are coming from many different IP addresses and they just don't seem to stop from what I saw in the logs.

    I can prevent the spammers from accessing the file easy enough through .htaccess, but the requests are still hitting Apache on the server.

    I've done various searches through the forums here and various sites. It appears the ideal solution is to block these requests at the firewall so they don't get to Apache. It doesn't appear as if DreamHost wants to try anything else and at this point I think I'd rather move my sites to a host who will do a little more to help out.

    Has anyone else run into similar problems and found a host willing to help? For the traffic I get (usually less than 2000 hits a day for my sites combined), I don't need a VPS or dedicated server, but it looks like I do need the hosting company to provide some help and configuration with their firewall.

    I'm open to any suggestions...

  2. Nick Momrik
    Member
    Posted 6 years ago #

    It looks like DreamHost is going to work with me to resolve this now, so that's good.

    But I'm curious how others have resolves this on their sites. I'm using mod rewrite to return a failure when a reguest for wp-comments-post.php comes in without a referring page from my domain, but I've been told this puts even more load on Apache.

    Renaming or moving the file is not going to stop the requests from flooding the server and soon enough the spammers will find the new file location.

    How does wordpress.com or some of the larger sites. I'm sure there are others out there getting hit harder than I am.

  3. Nick Momrik
    Member
    Posted 6 years ago #

    Now they've started to attack trackback URLs and my sites are useless and unavailable. DreamHost now says they can't block these attacks at a firewall level.

    Does anyone know of a web host who can block these attacks?

  4. Rok
    Member
    Posted 6 years ago #

    Install SK2 and Akismet or SK2 and BB. In addition you can also try Simple Trackback Validation Plugin.

  5. Nick Momrik
    Member
    Posted 6 years ago #

    Rok, Thanks for the suggestions, but all those plugins do is stop the comments/trackbacks from getting to WordPress. I've done that through .htaccess, which eliminates the PHP load on the server. I need to stop these attacks before they hit Apache, because it's taking down the server.

  6. Rok
    Member
    Posted 6 years ago #

    Did you tried Ref Karma from Dave of SK2. It'll block all Spam bots etc. from accessing your site. In addtion, you also maintain your own Blacklist/whitelist i.e. you've the authority to blacklist/whitelist any URL.

    If you don't mind, I would like to know, what you've entered in your .htaccess to eliminate the PHP load on the server. I want to do the same.

  7. Nick Momrik
    Member
    Posted 6 years ago #

    I'm using this...

    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond ${HTTP_REFERER} !.*mtdewvirus.com.*
    RewriteRule .* - [F]
    
    RewriteCond %{REQUEST_URI} .trackback*
    RewriteRule .* - [F]

    The first 3 lines block all requests to the comments file from sources not referred from my domain. There are some browsers which don't report a referer, but they are rare, so I simply chose to block them.

    The second part blocks all requests to any URL containing "trackback".

    Both of these return a 403 status code.

  8. wwwoliondorcom
    Member
    Posted 6 years ago #

    Hi,

    Is it ok now ?

    What can I do if .htaccess file doesn't block the bots ?

    Thanks a lot.

  9. Nick Momrik
    Member
    Posted 6 years ago #

    The attacks still come and go and aren't something a shared web host is going to be able to handle...at least not the severity of the attacks I was getting. I'm in the process of moving to a dedicated server.

    This is the .htaccess I've been using which seems to have helped. At least it's stopping the attacks from accessing the files. Note: I've renamed wp-comments-post.php to wp-comments-post2.php in my WordPress install and changed the call to the file in my theme.

    RewriteCond %{REQUEST_URI} .wp-comments-post\.php.*
    RewriteRule .* - [F]
    RewriteCond %{REQUEST_URI} .wp-comments-post2\.php.*
    RewriteCond %{HTTP_REFERER} !.*domain.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule .* - [F]
    
    RewriteCond %{REQUEST_URI} .*/trackback/?.*
    RewriteRule .* - [F]

    The first two lines block all access to the old wp-comments-post.php file. The next 4 lines block access to wp-comments-posts2.php if the referrer is not my domain (change domain.com to your domain) or if the user agent is empty. The last two lines block all trackbacks no matter what.

Topic Closed

This topic has been closed to new replies.

About this Topic