Today was a Day« an older post
a newer one »Resolutions and Reading

A Surprise Awakening

Blog

So, as I do most mornings, I checked my email.

One of the emails read thus:

Hey there

Just a quick follow up in case you’ve missed my email. If you’re short on time
right now — no worries. I won’t bug you about it again. 

Thank you,

John.

On Tue, Dec 19, 2017 at 3:32 PM, John Hawthorne wrote:
Hello there

I noticed on http://example.com/node/383094 that you reference an article about 
caring for the elderly. I would like to get your feedback regarding an article that I 
just published which is about how to help seniors avoid social isolation.

You can read all the takeaways from my research right here: --- link deleted -- 

It would be great to know your personal opinion on the article. And if you find it 
useful please consider linking to it from that page of yours, or perhaps in your 
future writing. Also if you prefer you may republish the article.

Thank you very much,

John.

Note the URL he's referencing. node/383094 . That is 383091 pages more than I had on the site.

So, I click through on the link, and it’s a spam page. I poke around, and there are over 420000 spam pages on the site. He wanted to update the spam with different spam.

And I’m thinking WTF? Along with a lot of rage on this. Anger on the using of my server for spam. Anger on my part for not watching the site for such abuse. Anger that my server has been slow for my content because asshats are stealing from me. Anger because I left an old site up on it about 8 years ago and it is being abused now. The spammers have been having a field day on it.

So, I updated it. The 404 pages redirect the spammers and their visitors to the FBI.

Annoyingly enough, watching the site traffic, it is about 100x more popular than my site is. I might have to experiment with this.

This did it. Running this dropped my traffic from 10 hits a second to 1 every 10 seconds. Good riddance.

for d in `cat logfile | cut -f1 -d" " | sort | uniq -c | grep -v "1 " | cut -c9-100 | grep -v myIP`; do
  echo $d; 
  iptables -A INPUT -s $d -j DROP ; 
done