Host shut down my WP blog because of spambots

editorb
(@editorb)

17 years, 4 months ago

My webhost (Midphase) shut down my site because of a “massive amount” of connections, presumably from spambots attacking my WP install. The volume was such that it was bringing Apache to its knees.

The tech admin’s exact words:

“There was huge numbers of connections to your wp-comments-post.php file. Probably the connection was generated by spam bots.”

They won’t restore my account until I “fix” it, and they advised me to ask for help over here.

I feel this is somewhat unfair, since my host offers WP as an autoinstall. However, I did install this version myself.

I think it was version 2.0.1. I was running Akismet, and it was catching a lot of spam.

Does anyone have any advice for me? Would upgrading to 2.0.5 help? Or do I just need to find a new host? (I hope not!)

Editor B

Viewing 15 replies - 1 through 15 (of 23 total)

1 2 →

Trent Adams
(@trent)

17 years, 4 months ago

There were a few security fixes with 2.0.5 and that will be a big improvement. As well, Bad Behavior is a huge saver of stopping unwanted traffic and spambots before they can do much to your site.

http://error.wordpress.com/2006/12/15/bad-behavior-208/

There is more information on that page. As well, if the spambots are commenting like crazy, take a look at Akismet. Just search for it in the forums.

Trent

vkaryl
(@vkaryl)

17 years, 4 months ago

Another option is Spam Karma 2 from http://unknowngenius.com/blog/wordpress/spam-karma/

moshu
(@moshu)

17 years, 4 months ago

There was another plugin update posted today:
http://wordpress.org/support/topic/84820?replies=7

vkaryl
(@vkaryl)

17 years, 4 months ago

Yup, forgot about that one, I like it too! Thanks for the update info, moshu….

Thread Starter editorb
(@editorb)

17 years, 4 months ago

Thanks for the help. I was using Akismet and Spam Karma, but it seems to me that such plug-ins only delete spam after the bots have already posted. This is good for the blogger but doesn’t reduce the load on the server. Bad Behavior might do the trick, though. I’ll post a note to follow let you know how it goes.

moshu
(@moshu)

17 years, 4 months ago

Yes, BB kills them before. ALthough the plugin at the link I’ve posted above also claims to stop them before reaching the wp-comments-post.php file.

Thread Starter editorb
(@editorb)

17 years, 4 months ago

Well, I installed Bad Behavior and thought that solved the problem. But now midPhase has suspended my account again.

They say: “I don’t see how we can enable it because every time I enable the account the server gets flooded with thousands connections to b.rox.com

“We cannot host this site on shared server, it puts down the whole server with hundreds users on it.”

They want me to upgrade to a VPS, which costs $50/month, a bit more than the $12 I’m paying now. I’m on the line with tech support now.

czimmerman33
(@czimmerman33)

17 years, 4 months ago

I’m having the same problem with my primary WP account on HostGator. They’ve moved me to a temporary server and are threatening to shut it down.

Akismet has caught over 83,000 comment spams in the last 9 days on this site. I have over 2,600 posts with comments enabled.

Anyone know of a way to easily disable comments on all the old posts?

vkaryl
(@vkaryl)

17 years, 4 months ago

There’s a plugin I think…. take a look here: Plugins – specifically in the comments plugins section.

Thread Starter editorb
(@editorb)

17 years, 4 months ago

I don’t know if disabling comments on old posts will do the trick though. I bet the spambots will (stupidly) keep requesting the wp-comments-post.php even with all comments disabled. I’d certainly be interested in hearing if it works for czimmerman33.

As for me, my host has shut me down. I found the customer service less than satisfactory. I am considering moving to another host. But what will I do if the spambot problem follows me?

I’m at a loss, completely mystified. I thought Bad Behavior would satisfy the overloading concerns. I’m quite sure I installed it correctly — it’s very simple to deploy, and it evidently was catching spam. But that didn’t stop the bots from overloading the system.

Any advice is welcome!

Thread Starter editorb
(@editorb)

17 years, 4 months ago

More follow-up: They let me look at the logfiles. There were over 10,000 requests for wp-comments-post.php in four hours. I suppose that is a lot. They said this was bringing the whole server down. I don’t know enough to know whether this was really caused by spambots or if it was somesort of DoS attack.

The more I think about it, I don’t believe any plugin or even removing the file or closingcomments would have helped. I suggested removing wp-comments-post.php but they said that wouldn’t help because it’s the requests themselves that are overloading the server.

whooami
(@whooami)

17 years, 4 months ago

thats alot, and I would definitely call that a DOS attack,

Is that the site that in your profile?

You dont by chance use that domain for any bouncers on irc or anything, do you? I used to use my domain for vanity host bouncers, and one Saturday, my T1 got hammered for about 5 hours while I slept.

Im positive that it was a result of having the domain on irc.

czimmerman33
(@czimmerman33)

17 years, 4 months ago

I installed this plug-in on a personal site to test it before trying it on the one that’s being attacked: http://codex.wordpress.org/Plugins/Auto_shutoff_comments

I changed the interval to 1 day since it’s set up for 21 days. It appears to work. There’s code for applying the same to pings if you need it too.

I’m going to try it on the site that’s getting hit so hard today. My hosting company “abuse” dept. sent me this note this morning: “Hello, While on temporary (server) it appears you had an attack hitting the wp-comments-post.php page. I have had to disable this to keep the server alive. You were getting over 300 hits a second to this page all from different IP’s. We apologize for having to disable the script, however we wanted to make sure we could keep your site up as you do the move. Thank You. If there is anything else we can assist you with please do not hesitate to ask.”

I’m in the process of moving to a new hosting company that may be able to provide some support for this issue.

Moderator Samuel Wood (Otto)
(@otto42)

WordPress.org Admin

17 years, 4 months ago

While this is not a perfect solution to the problem, it might help.

In your theme, look in your comments.php file (or it may be in other files in your theme). Wherever users can post comments will be something like this:
<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php"...

If you change the “wp-comments-post.php” to something else and then rename that file to that same thing, then they won’t be pounding hell out of your server anymore. In it’s place you can put a new wp-comments-post.php file which just does this:
<?php header("HTTP/1.0 404 Not Found"); ?>

You can then tell your host that since you no longer have any references to that file on your site, that anybody hitting it is DoS attacking you.

Ghidra99
(@ghidra99)

17 years, 4 months ago

Good call, Otto.

Furthermore, is this being addressed in future updates of WP? This seems to be a growing problem.

Maybe someone could make a sticky of all the links in the Codex that help make WP secure?