I spent some of my time over the New Year’s weekend strengthening the jaws on the spider traps and filling the blogspambomber tar pits. The results were an eye-opening — I had no idea just how much my site was getting hit by unsavory types.
Previous to these changes, I would get about one automatic IP ban added to the blacklist weekly, with one or two manual additions thrown in for good measure. These were usually bots that immolating themselves on the fire hot talons of the badbot trap.
I kept seeing activity, though, that led me to believe that there were occassional attempts to post comments on the site from some automated agent. The activity wasn’t real significant, and these bots were frequently guessing the wrong name of files that would be significant if they existed, so aside from the humor factor in watching them flail and fail, there wasn’t much to see.
So, as an exercise, I decided to turn the fire on these beasties. The end result was that if something — human or bot — hit a file that had no need to be hit, and you’re flogged with the wet noodle of banishment from all the sites that run here. I thought I’d catch a couple more IPs a week. Wrong by a long shot.
How many skewered themselves today? 108. One hundred and eight attempts at files that, were they here, would be privileged files and could cause grief if accessed. Wow.
So, was this a normal number, and was I just missing it amongst the rest of the stuff in the logs? Well, yeah, kinda. The last couple of days have seen a bunch of this kind of activity, and it seems to come from all over the world. It’s almost like a zombie bomb went off, and many, many computers around the world have started trying to blogspambomb mine (and probably many, many other) WordPress-based sites.
Today’s attack — for lack of a better term — started just after 8am, and ran relentlessly until about 2.30pm, with a IP ban being triggered about every two to five minutes. The pattern was the same: try a blind POST (which triggers the ban), then try hitting a valid page, and then try again. If that didn’t work, then another IP was used. That’s what makes me think it’s a zombie-net out there somewhere.
So, while I feel as though I’ve won this battle, the war is far, far, far from over. However, I’ve got some other tricks up my sleeve that I’m working on….. 😉