This blog has been having some serious uptime problems, but with our move and starting our new jobs, I haven’t had time to look into the problem.
At completely random times the server would just spin out of control as if it was under a denial of service attack. I figured it was just someone’s home made, badly written spider, and it would just stop – but it kept happening.
Finally, I got a chance to sit down and see what might be going on with the box, and it looks like someone – well, several people, actually a lot of people – were using the OpenID plugin on wordpress (and the openid module on drupal (I have both on this server)) to either proxy porn and gambling sites, or to increase hits on their porn and gambling sites.
The apache error log was full – and I mean full – of things like this (where “…” is some porn or gambling site):
[Thu Oct 30 12:26:02 2008] [error] [client 212.116.219.52] Successfully fetched '...': GET response code 206, referer: http://robrohan.com/2006/12/02/pic-programming-on-mac-os-x-in-c-hi-tide/ [Thu Oct 30 12:32:38 2008] [error] [client 161.58.86.196] Successfully fetched '...': GET response code 206, referer: http://robrohan.com/2006/09/19/simple-mvc-asp-framework/ [Thu Oct 30 12:32:39 2008] [error] [client 161.58.86.196] Successfully fetched '...': GET response code 206, referer: http://robrohan.com/2006/09/19/simple-mvc-asp-framework/ [Thu Oct 30 12:37:10 2008] [error] [client 221.120.250.36] Successfully fetched '...': GET response code 206, referer: http://robrohan.com/2006/11/09/simple-mvc-php-framework/ [Thu Oct 30 12:37:11 2008] [error] [client 221.120.250.36] Successfully fetched '...': GET response code 206, referer: http://robrohan.com/2006/11/09/simple-mvc-php-framework/ [Thu Oct 30 12:38:19 2008] [error] [client 212.116.219.170] Successfully fetched '...': GET response code 206, referer: http://robrohan.com/2007/02/09/do-you-save-html-in-your-relational-database/ [Thu Oct 30 12:38:20 2008] [error] [client 212.116.219.170] Successfully fetched '...': GET response code 206, referer: http://robrohan.com/2007/02/09/do-you-save-html-in-your-relational-database/ [Thu Oct 30 12:38:25 2008] [error] [client 212.116.219.170] Successfully fetched '...': GET response code 206, referer: http://robrohan.com/2007/02/09/do-you-save-html-in-your-relational-database/ [Thu Oct 30 12:38:26 2008] [error] [client 212.116.219.170] Successfully fetched '...': GET response code 206, referer: http://robrohan.com/2007/02/09/do-you-save-html-in-your-relational-database/ [Thu Oct 30 12:38:31 2008] [error] [client 212.116.219.170] Successfully fetched '...': GET response code 206, referer: http://robrohan.com/2007/02/09/do-you-save-html-in-your-relational-database/ [Thu Oct 30 12:38:32 2008] [error] [client 212.116.219.170] Successfully fetched '...': GET response code 206, referer: http://robrohan.com/2007/02/09/do-you-save-html-in-your-relational-database/
What they were doing – I think – is using the OpenID authentication form and putting in the site they wanted to increase traffic to as the authority / verification site. OpenID would then try to verify them. The transaction would fail of course, but not before registering a hit on the fake verification site.
I shudder to think at how many porn and gambling sites now have my site in their log files. It’s no wonder I’ve been getting a huge increase in spam lately. Sigh.
Needless to say, OpenID comments are no longer allowed here.
(There could of course be other problems, but this was definitely not helping. Since I’ve turned it off, the server seems much more snappy.)
« Can’t load null | Home | iPhone Wallpapers »