Is there anything I can do on the server level to keep spammer attacks from draining my bandwidth? My domain used to have a wordpress install on it and I get tons of automated shots to www.mydomain/wp-comments-post.php. It's totally getting out of hand. I woke up this morning and in a few hours time there was 123 different ip addresses sending automated queries to that link which drained me of another 3mbs. I wrote a little script that captures the IP of anyone who goes directly to that link but honestly, it's getting troublesome to enter each one into my IP deny manager one by one. My site must be on some comment spam trading forum or something.
Enable CAPTCHA module (Image verification) in your wordpress, that should help to prevent spammers to a big extend.
That's the problem, I don't have wordpress anymore, their bots are still hitting that link though. Draining my bandwidth, almost seems like a Denial of Service attack it's so bad.
What exactly is eating up the bandwidth ? Are you redirecting what is now a non-existing page to the index, which would eat the index-worth of bandwidth eachrequest ? Are you returning an elaborate 404 page ? What about having the server simply return a 403-Forbidden response for that particular URL ? I believe that response is less than one KB.
It's automated comment spam. I am now getting about three hits a minute from them. I would imagine their spam message hitting my server over and over is adding up over time just from the shear numbers. I didn't have anything there at first, now I have a tiny php script that captures the IP address and writes it to a database (so I can add that IP address to my IP deny manager later) I guess I'm just trying to find out if there is a more elegant, less time-consuming way to combat this crap.
If there's a way to handle it through CPanel I don't know it. I would alter my server configuration like so. Depending on the level of overrides on your server, this may or may not work in the htaccess of the directory the requests are comming to. <Files "wp-comments-post.php"> Order Allow,Deny Deny from all </Files> Code (markup):
I guess it must have worked. Forbidden You don't have permission to access /wp-comments-post.php on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Code (markup): I would imagine that is the expected outcome?
Kinda sorta. You should setup a document to be used in the event of a 403-Forbidden so that 404 encountered message doesn't display. If you're using CPanel, check out the "Error Document" section for how to do that.