So far I’ve nuked comment-spam, by using embedded graphic security codes in my comments. It sucks to have to do this, but we all know that this is war.
Next up is referer-spam, which is at an all-time high. It seems that the developers of my stats analyzer, Awstats, either don’t care or don’t know how to set up an easy method for referer blacklisting. If anyone knows of a good way to do this with Awstats, or a better stats analyzer, let me know.
As Kayvan suggested, on Susi’s blog, “You could implement MT-Blacklist.”
MT-Blacklist did nothing to help me, during the comment-spam attack. The botnet connections occurred regardless of blacklisting. Server load was up to 110 — where 0.2 is normal — before DP stopped the Apache process. I removed my mt-comments.cgi script entirely, but the requests still came in from over 100 infected clients across the Internets.
I’ve disliked MT since the whole blogspam thing started, and I’ve hated it since 6Apart decided to screw everyone on licensing fees. It would not suprise me to see that they had a helping hand in some blogspamming, just to push people to pay the upgrade fee.
Phase B is now complete!
The import from MT to WP went very quickly. The only ‘gotcha’ is that PHP hates importing text files of over 1MB (unless you screw with the php.ini settings), so I had to manually split the import.txt file into several smaller chunks.
As you can see, a few minor cosmetic glitches remain. I’m still not sure what’s up with the post title, but I’ll work on that later.
Phase One of the move to WordPress is complete: all MT entries are imported, and the site is mostly active, although the main Index redirector still sends people to the MT page.
Tomorrow I’ll start working on the templates and such.
Not entirely sure what’s going on, but lately I’ve got a ton of fake referrer entries from various sites’ mt-comments.cgi — and they all come from one IP: 66.98.210.44 .
Luckily, I know the magic of .htaccess, so now nobody from “Everyone’s Internet” can read my page. And good damn riddance.
Here’s an example of the log files:
66.98.210.44 - - [02/Sep/2004:20:05:43 -0400] “GET /mt/archives/002005.html HTTP/1.1” 200 16969 “http://WWW.katiehood.COM/cgi/mt-comments.cgi” “Windows XP Internet Explorer 6.x”
66.98.210.44 - - [02/Sep/2004:21:22:24 -0400] “GET /mt/archives/001302.html HTTP/1.1” 200 17057 “http://zero12.securesites.net/cgi-bin/mt/mt-comments.cgi" “Windows XP Internet Explorer 6.x”
66.98.210.44 - - [02/Sep/2004:21:39:55 -0400] “GET /mt/archives/001981.html HTTP/1.1” 200 17365 “http://www.thoughtbomb.net/cgi-bin/mt/mt-comments.cgi" “Windows XP Internet Explorer 6.x”
66.98.210.44 - - [02/Sep/2004:22:26:51 -0400] “GET /mt/archives/001467.html HTTP/1.1” 200 16895 “http://www.graysathletic.co.uk/cgi-bin/mt/mt-comments.cgi" “Windows XP Internet Explorer 6.x”
According to my referrer stats, someone just came here via a Google search for “have to pee”.
Look, folks. I know that Google is a great invention and all, but you should know what to do if you have to pee. There’s no need to perform a quoted query in search engine.
Just go, already.
But don’t do it here.
Although I think the whole concept of ‘referrer spam‘ is stupid and a waste of time, here’s a quick fix for those of you running Analog:
REFEXCLUDE http://*jennifersblog.com/* REFEXCLUDE http://*malixya.com/* REFEXCLUDE http://*bongohome.com/* REFEXCLUDE http://*a-b-l-o-g.com/* REFEXCLUDE http://*kwalablog.com/* REFEXCLUDE http://*wr18.com/* REFEXCLUDE http://*mikesblog.com/* REFEXCLUDE http://*saulem.com/* REFEXCLUDE http://*akksess.com/* REFEXCLUDE http://*worldnewslog.com/* REFEXCLUDE http://*teoras.com/*
Ahh, Halloween.
It’s the perfect excuse for horrid color schemes.
Moved to a new server. Lots of things broken. Hooray for technology!
I’ve just moved the site to MoveableType.
Lots of things are broken.