Pre-Emptive Warning: TYoH May Close For Business Temporarily
I just received the following from my webhost:
Our sys-ops have had to stop a CGI script inside your folder path [path removed]cgi-user/mt/mt-tb.cgi. This script was majorly degrading performance across our entire hosting cluster by using up all the CPU time on every machine. . . . Please do not attempt to use this script until it has been fixed so that it does not hog power on the servers. If this situation arises again, especially if a duty engineer has be called out of hours, you may be liable for charges from Gradwell.
Looking at what they have recorded for my bandwidth usage, this seems fair. I can't figure out why, but usage seems to have jumped around 700% in March. I guarantee you that this isn't because of increased readership.
The long and the short of it is that this is either a problem with the MT-Blacklist Connector plugin (I installed it last month) or the result of some serious spamming. (My trackback spam is up quite a bit.) I can't see that there's a huge increase in actual readership in the last few months, so that's not the problem. Then again, spamming hasn't gotten that much worse either. Either way, I simply don't have the time to deal with it, so if the issue gets worth, I'll just have to take the site down.
As some of my readers know, I also host Chris over at Law Dork. Even with this strange bandwidth situation, I have enough to keep his site going (I hope). With any luck, this won't affect him. In the meantime, I'm shutting down my trackbacks, and if things don't improve, comments shortly thereafter.
Update: Actually, the jump in bandwidth seems to have occurred last November. I guess my host has been pretty tolerant.
Update II: OK, this officially beats my pair of jacks. I can't see that there's enough spam to cause the huge bandwidth issues occurring here; on the other hand, I know my readership hasn't grown that much. I'd think maybe I installed some script that's hogging huge amounts of bandwidth, but I can't think what that might be. Any help my readers can give would be appreciated... comments are still running.
Update III: I've made a few minor changes that, hopefully, will solve the problem. Apparently about 20% of my traffic (and most of my bandwidth) are going directly to comments and trackback pages. Hopefully this will fix the issue.
Comments
Is one of the things you changed the name of the trackback script? If so, do you think this is a worthwhile change, and what do you have to change where in the rest of the scripts to make it work?
Signed,
ihipnhIn the same boat, I think (I just turned off the trackbacks altogether, which was kind of sad, but only spam ever came through anyway.)
Posted by: Cathy | April 5, 2006 06:40 PM
Cathy:
Is it worthwhile? I'm not sure. It seems to have temporarily cut spam back by about 75%, but I'm sure it'll pick up again.
The changes are fairly simple. You need to add some lines to your configuration file, then change the names of the trackback and comments scripts. Doesn't take long, but remember to do a full site rebuild.
bgqtgvpPosted by: A. Rickey | April 7, 2006 11:24 AM
The easy way to tell if changing the script name works is by checking your 404 logs (if you have access to them). The vast majority of of trackback spam bots are hardcoded to use $MTPATH/mt-tb.cgi, so you should see a large spike in 404s but a corresponding decrease in trackback spam...
ithrPosted by: Frankenstein | April 8, 2006 01:36 PM
Sadly, Paul, it looks like the majority of them aren't hard-coded that way anymore. After three days, it seems that I've gotten about a 25% boost in 404 logs and a corresponding number of spambots that have just figured out the new links.
There's a plugin that changes the script names automatically and daily, but that means rebuilding my whole site every day...
dsjmyPosted by: A. Rickey | April 8, 2006 08:05 PM