Webmastering

If I know my Perl regex syntax, that will search and destroy all spam and spambots using a high-powered rifle. Unfortunately, I get the sense that my Perl regex syntax is a little off, as I learned in the past few weeks. We had a spambot infestation on of our development resources, our “pastebin” (a simple webform -> formatted post application that allows you to post, for instance, long error logs that would be unsuitable for an IRC chatroom.)

At first, the spam wasn’t so bad. A few ads for watches and “excellent vacation stock deals enhancement” about par for my email spam filter. However, the attacks became more prominent in the last few weeks, to the point where, last Saturday, our (dedicated) server choked on the load and gave up at about 2:00 AM. According to chatlogs, after it came back up, it was at a 1-minute load average of 16.47, meaning that over the past minute, the server was working at 1647% maximum capacity.

Naturally, this was a bad sign, and a sign that it was time to put on my Sherlock Holmes hat and determine why exactly my server was crashing at 2AM. Had I known the server was dying due to spambots, it would have been a simple process, but alas, I held hope that real humans were posting things into MySQL to the extent that the server was strained under the load, which would have been an OK problem to have.

I closed the pastebin and deleted its database, which held a single table with 1567 rows. We probably posted there 50 times or so.

Crazy spambots with their concentrated spam attacks…