Death To Referrer Spam
Last night I was trying to edit some of my IFR entries (which, for those who have been waiting, should start appearing this week), but kept running into errors with Roller Weblogger. Roller is the Java Servlet based application that I’ve set up to run our blogs and for the most part it’s been pretty stable. So I couldn’t understand why I was having issues. A quick check into the logs showed that Roller was exhausting the database connection pool, which also didn’t make any sense. That is until I checked the Apache logs and discovered six IPs hammerring the blog server (mostly Mike’s for some reason) with a dozen hits or so per IP per second. As a result, Roller couldn’t keep up and was throwing exceptions due to an exhausted connection pool.
The IPs that were hammering our server are now blocked by the machine’s firewall. And I’m looking into an Apache module that will also help with DoS type attacks, whether an attack per se or not. I did a reverse lookup on the IPs and most seem to be regular IPs assigned to ISP blocks. That likely means that most of the IPs doing this referrer spam are computers part of a so-called zombie network. While I can’t say for sure, I’d be willing to bet that the majority of all zombie computers are running the Microsoft Windows operating system.
I’m in awe that Microsoft can continue to ship software that is built such that exploits are easy to take advantage of and are hard for Microsoft to fix. I realize that there are exploits in Linux also, but Windows is a commercial product that people are paying for. And yet, despite the influx of cash and army of programmers, Microsoft is unable to come up with anything remotely close to Linux in terms of security or ease of patching exploits. On top of that, the default Windows setup for the longest time was open to the world in terms of exploits.
So for now, I seem to have repulsed the referrer spam attack but I know that they’ll simply regroup and attack again. But in the meantime, I’ll be looking for other defences and hope to repulse them all for good. One can only hope.
Mon, 16 Jan 2006 15:29 Posted in Technology
