18 months of spam fighting
I could never understand why web hosting companies were so terrible. No matter who I signed up with, my blog was always unstable as hell, regularly becoming unresponsive for no apparent reason. I'd decided this was the Way of Things until I moved over to Damian's hosting, and he quickly found the cause: wongaBlog is regularly nuked by spammers. I'm on some zombie list - heaven only knows why - and the botnets regularly flood the site with such voluminous garbage that it falls over.
This was more than Damian had signed up for, but he valiantly fought off what amounted to DDoS attacks on his server. We tried plenty of remedies, and eventually had the blog locked down so tight we had to watch for regular users blocked in the crossfire. But the nature of botnets means you can never predict where the next wave will come from, and it was a continual battle to respond. Each new attack would take out the machine until Damian got there1, which was far from ideal. He did a great job keeping up with them, but eventually the spamming scale became too great and I was causing problems for other clients on the same server.
On his recommendation I've now moved over to Lunarpages, who use stupidly powerful servers even for the little guys. Things seem ok so far, though I expect an admin somewhere has had an interesting week.
But Damian deserves huge thanks for 18 months of swarm-fighting. It was way beyond the pay grade, and very kind of him - I'm most grateful. Hopefully his servers are more stable now.
Hello!
Hey, thanks for coming! I'm Andrew, and this is where my headthinks come to breed. They often meander around humanism and photography, but they're flighty and you can't trust them, so anything is possible.
I tend to use the blog for larger thoughts - littler things go on Twitter or Google+.
Do feel free to email me - I get lonely:
Your hair looks swish, by the way - have you done something new?
Recent Comments
- Simone Meizner: I have never seen or knew anything about sea dragons until this morning. Very beautiful and truly amazing.
on Sea Dragons. - fastestcash, RobertS, ExploitingTrends: I always go check out the sites of the people who post comments on our blog and return the favor...
on Derren Brown – Mind Reader: The Evening of Wonders. - kizi: thanks admin cool article blog for and you
on Unhelpful backup software. - nick games: ery nice compilation, possibly the best on the web. Hope to see more useful information from this site
on Unhelpful backup software. - New Game: i bookmarked you in my browser admin thank you a lot i will probably be looking for your upcoming posts
on Unhelpful backup software.
July 24th, 2009 - 14:55
which level of service did you sign up for?
July 24th, 2009 - 20:48
At Slice? I think it was 512mb.
August 2nd, 2009 - 12:23
I was actually interested to see what you're now running at lunar pages….
July 27th, 2009 - 00:41
Thanks for the kind words, Andrew.
I certainly learned plenty from fighting the botnets, the main thing I found out, sadly, was that you can't beat a determined DDOS attack unless you too have an army of servers at your disposal.
(And, yes, Ed, Andrew's right, I have two Slicehost slices, which amounts to 512MB.)
July 27th, 2009 - 09:21
I'm confused. Why would someone try to take out this blog?
July 27th, 2009 - 15:21
It was targeted, but it wasn't personal.
Brace yourself for a jump into the strange world of referer spam… [It's an historical accident that this how the word "referer" is spelt when people talk about the Web, just as style sheets use "alternate" instead of "alternative".]
Many sites—perhaps, once upon a time, wongaBlog—use Web stats analysis programs to process logs of visits recorded by their Webservers, and, in turn, publish the results as new Webpages, at wongablog.co.uk/webstats/ say. A site proprietor like Andrew can then browse to that location and see real-time graphs and tables of the activity on his site when it suits him, without having to grep through lots of log files on the server itself.
One of the kinds of data that Web stats analysis programs almost always collect is on referers. Referers are the URLs of the pages whence people came to visit the site under analysis. Analysis programs almost always present lists of such referers as links to the actual referring pages.
Google responds to links. Pages that Google's bots record as having inward links climb up its search results.
[Perhaps you can see where this is going now.]
So, one way of improving a spam site's search ranking is to make it appear that lots of people are visiting a site that publishes its own Web stats analyses *after* they have visited the spam site. In this case, the attackers had recruited thousands of zombie PCs to (amongst many other dubious things, I suspect) hit wongaBlog with HTTP requests containing fake referer data that cited origins like "online-car-insurance-bargains.com" [though obviously not that particular URL] in the hope of having links to online-car-insurance-bargains.com pop up in Andrew's Webstats.
Co-ordinated and concentrated mass HTTP requests from machines scattered across the globe (possibly spoofing their IP addresses)—machines that changed anyway as old subpopulations were cleaned up by their owners or new subpopulations were recruited—is, effectively, a Distributed Denial Of Service attack.
Weirder still, I doubt the spammers made their money from online-car-insurance-bargains.com itself, but from the publishers of the Webpages that online-car-inurance-bargains.com pointed at.
Now, let's see if this comment makes it through Andrew's spam filters…
August 5th, 2009 - 15:44
http://www.squarespace.com/twit scale up very efficiently to demand. Might be interesting to give them a try.