March 15, 2007
@ 03:38 PM

My blog has been slow all day due to an unending flood of trackback spam. I've set up my IIS rules to reject requests from the IP address ranges the attacks are coming from but it seems that this hasn't been enough to prevent the trackback spam from making my blog unusable.

It looks like I should invest in a router with a built in firewall as my next step. Any ideas to prevent this from happening again are welcome.


Thursday, March 15, 2007 6:30:31 PM (GMT Standard Time, UTC+00:00)
Migrate to subtext ( ;) We love you, and we have akismet

And we'll import from BlogML.
Friday, March 16, 2007 4:58:52 AM (GMT Standard Time, UTC+00:00)
Consider upgrading to the DasBlog 1.9 Daily Build, we have Akismet as well, it's an easy upgrade. DasBlog also has a blockedips.config that's easier to configure than IIS rules. Feel free to email me. DasBlog 1.9 is also about 4x faster. Also, consider putting OutputCache on your permalink pages.
Friday, March 16, 2007 4:10:02 PM (GMT Standard Time, UTC+00:00)
But us in subtext will fight scott for you custom. *grin*

A Phil and Scott cage match; now that could be amusing
Friday, March 16, 2007 4:12:18 PM (GMT Standard Time, UTC+00:00)
I worry a lot about ASP.NET processing tying up the number of connections + CPU which is why I implemented the rules in IIS. And even then it seems IIS is getting overwhelmed which is why I'm considering doing it at the router. Akismet seems like it would make things worse not better since processing/tying up connections is my concern.
Friday, March 16, 2007 4:31:51 PM (GMT Standard Time, UTC+00:00)
Right, Akismet helps with the trackback spam problem, but won't help with your CPU issues.

But even implementing rules on your router becomes a game of catch up. Trackback spam continually uses new IP addresses. You'll be reacting all the time.

Honestly, consider a hosting provider, which could be covered by a single ad or two on your blog.

The other idea is to use ReverseDOS. Not sure if it really deters trackback spammers, but it might.
Friday, March 16, 2007 4:36:54 PM (GMT Standard Time, UTC+00:00)
In my opinion, trackbacks aren't worth saving. They're broken beyond repair, and other options (eg, Google backlink search) are fundamentally better and more automatic anyway.

Also, I'd second the recommendation to pursue external hosting.
Friday, March 16, 2007 4:50:28 PM (GMT Standard Time, UTC+00:00)
I've already disabled trackbacks and pingbacks. My server is getting brought to its knees just handing 403s.
Sunday, March 18, 2007 9:35:52 AM (GMT Standard Time, UTC+00:00)
Oh, I see. I had a similar problem with periodic spam storms (rejected spams, mind you) causing my virtual Win2k3 server to run out of memory. I'd have to reboot the VM periodically to deal with it. I tweaked the IIS application pool settings to extremely aggressive levels (1 minute timeouts, etc) and that helped immensely.. haven't had to reboot in 2 weeks now!

So I suggest playing around with the IIS application pool settings. It worked for me.
Sunday, March 18, 2007 9:43:15 AM (GMT Standard Time, UTC+00:00)
I just remoted in and checked the IIS app pool settings. Here's what I adjusted in DefaultAppPool.

Shutdown worker processes after being idle for *1 minute*
Recycle worker processes after consuming too much memory: Maximum virtual memory: 500mb, maximum used memory 192mb

I'm pretty sure the idle setting is what worked, but the memory limits don't hurt.
Sunday, March 18, 2007 9:45:39 AM (GMT Standard Time, UTC+00:00)
Oops, sorry to spam comments. I should have noted that this "fix" is peculiar to running Movable Type (PERL) on IIS. It spawns a perl.exe worker process per request.. so 500 spam comment requests = 500 instances of perl.exe. It ain't pretty.
Comments are closed.