SQL: A Cautionary Tale subject logo: UNIX
2008-03-08
Posted by: badanov

You have may noticed the site just a few days ago loaded at a crawl.

You can thank html spammers. Those are the folks who use web crawlers on forums and other web social functions to advertise pr0n and penis enlargements, and are unwanted guests to be sure. Spammers currently infest Debbie Schlussel's comments archive, proving once again that God loves us all.

Rantburg has undergone these attacks intermittently both from spammers and is currently undergoing attacks by the Bad Guys.

What a spammer connects to your webserver, is it hard to tell you are undergoing an attack if you look at the server logs. It is just a connection or two. But in your logs you will see , if you have a database search program or page on your site, these fellas seem to launch searches into them to, I believe, check quickly whether the spamming attack has been successful.

As far as I can tell, spammers just send one query after the other into your database, just flooding it with search parameters and page requests the database cannot respond to. And apparently whatever program they are using to scrape the results just resends the same dumb query over and over again under the database slows to a crawl.

You can't rewrite the scripts for the search page to exclude all searches that include html hyperlinks; that won't stop them from trying. The database software I use for this site is just good enough to prevent anything but errors from being shown to the spammers.

The only solution is to kill the search facility completely; do not let the interface load with the page. It leaves the spamming crawlers a reduced avenue of attack and facility to check their very dirty work.

I'd personally would like to have an archive that readers can search but thanks to unsolicited advertising, that is not going to happen.

If you have something to add, Fire Away!

Number of Comments so far: 1

Click here for a list of stories in the Unix and Computer category