How to prevent systematic attack

  • Last night I noticed a large amount of spam comments were being inserted into my database for different posts, all the same comment: same content, same email, same web site. The IP sometimes changed, though. This was occurring every few seconds. It was obvious someone was running a program to scan for every page on my site and inserting a comment automatically.
    I tried banning the IP address, but the assailant quickly changed their IP. This happened multiple times and the IP address did not have any obvious pattern to them, so I couldn’t prevent their access that way.
    I DID find a way to prevent their access into my site, but it’s at a page level, not a server level; they’re still (as of this minute) hitting each page (although they can’t post): their program is merely changing the post ID randomly in the URL: index.php?p=200
    WordPress’s anti-spamming features are great; however, I’m going to have to enhance them to prevent this type of systematic attack.
    I’m using WordPress 1.2. My site, Steel White Table, describes the history of the attack.
    Anyone else seen this type of attack? Any suggestions? Thanks.

Viewing 8 replies - 1 through 8 (of 8 total)

  • https://www.ads-software.com/support/4/13006
    see this thread

    What about someone trying to use up your bandwidth transfer on purpose? That would be a fear to me – my host charges x amount once you’ve gone past a specific amount of bandwidth. Any suggestions on that ? Otherwise, the spam is the issue and if I’m reading everything correctly, you can limit that with the script from Kitty’s site and also in the Admin panel?

    You could try slowing a spammer
    https://dougal.gunters.org/blog/2004/08/25/spammer-tar-pit
    One rather extreme option would be to use .htaccess and blanket ban IP’s for a few hours ? That does need the spammer’s IP to remain within the same top octet, but it’s certainly doable.
    If anyone has been the subject of a concerted attack and has taken any additional steps to combat it, I am sure that either a post back here, or sent to the hackers list would be gratefully recieved.

    Thread Starter jcairns

    (@jcairns)

    The thread moshu posted describes exactly what’s occurring with my site. I can’t ban all the IPs because they change when I ban them, and there’s no obvious IP pattern the attacker is using. I like the “tar pit” idea. I’ll post any solution I come up with.

    are the spammers using ascii code?

    Yep

    Here are SOME of the IP addresses the attacker has been coming from:
    38.113.198.9
    211.114.68.61
    65.112.194.26
    24.205.192.162
    24.209.107.129
    24.128.115.125
    66.7.35.42
    130.94.134.38
    81.118.4.4
    Interesting.

    banning ip addresses is futile, since they can easily be spoofed.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘How to prevent systematic attack’ is closed to new replies.