Migrate to subtext (http://www.subtextproject.com/) ;) We love you, and we have akismet

And we'll import from BlogML.

Consider upgrading to the DasBlog 1.9 Daily Build, we have Akismet as well, it's an easy upgrade. DasBlog also has a blockedips.config that's easier to configure than IIS rules. Feel free to email me. DasBlog 1.9 is also about 4x faster. Also, consider putting OutputCache on your permalink pages.

But us in subtext will fight scott for you custom. *grin*

A Phil and Scott cage match; now that could be amusing

I worry a lot about ASP.NET processing tying up the number of connections + CPU which is why I implemented the rules in IIS. And even then it seems IIS is getting overwhelmed which is why I'm considering doing it at the router. Akismet seems like it would make things worse not better since processing/tying up connections is my concern.

Right, Akismet helps with the trackback spam problem, but won't help with your CPU issues.

But even implementing rules on your router becomes a game of catch up. Trackback spam continually uses new IP addresses. You'll be reacting all the time.

Honestly, consider a hosting provider, which could be covered by a single ad or two on your blog.

The other idea is to use ReverseDOS. Not sure if it really deters trackback spammers, but it might.

In my opinion, trackbacks aren't worth saving. They're broken beyond repair, and other options (eg, Google backlink search) are fundamentally better and more automatic anyway.

http://www.codinghorror.com/blog/archives/000751.html

Also, I'd second the recommendation to pursue external hosting.

I've already disabled trackbacks and pingbacks. My server is getting brought to its knees just handing 403s.

Oh, I see. I had a similar problem with periodic spam storms (rejected spams, mind you) causing my virtual Win2k3 server to run out of memory. I'd have to reboot the VM periodically to deal with it. I tweaked the IIS application pool settings to extremely aggressive levels (1 minute timeouts, etc) and that helped immensely.. haven't had to reboot in 2 weeks now!

So I suggest playing around with the IIS application pool settings. It worked for me.

I just remoted in and checked the IIS app pool settings. Here's what I adjusted in DefaultAppPool.

Shutdown worker processes after being idle for *1 minute*
Recycle worker processes after consuming too much memory: Maximum virtual memory: 500mb, maximum used memory 192mb

I'm pretty sure the idle setting is what worked, but the memory limits don't hurt.

Oops, sorry to spam comments. I should have noted that this "fix" is peculiar to running Movable Type (PERL) on IIS. It spawns a perl.exe worker process per request.. so 500 spam comment requests = 500 instances of perl.exe. It ain't pretty.