1. James

    glad you’re back up and running


  2. Viper007Bond


    Also a caching plugin would have helped GREATLY in this case. Try WP-Super-Cache or W3 Total Cache. I use both (on different blogs) and each has it’s advantages (currently I prefer W3 as I’m using memcache and WP-Super-Cache’s memcache support is still in beta).


  3. Jeffro

    @Viper007Bond – I may have to pay someone to set that up on this site as those plugins are above my pay grade. Can you explain how caching would have helped in this case? Is it because it would have prevented Index.php from loading the same things over rand over again draining the CPU? Does it not matter if the thing calling Index.php is a bot or humans?


  4. Chris Jean

    I’m glad that you got the problem resolved. It’s definitely a crappy deal.

    This too makes me wonder if there could be a good solution for such a problem. Maybe a plugin could look for a massive influx of trackbacks and temporarily do the redirect trick to prevent site overload.

    I’ll mentally kick around the idea and see if I can come up with anything. The sad reality is that a solution today could easily be bypassed next week.


  5. Jeffro

    @Chris Jean – I wonder if it’s just the nature of how the Trackback/Pingback protocol was developed and the only way to attack the problem at the source would be to update those protocols to help prevent their use in a DoS.

    It’s even harder to come up with a plan when you factor in that the trackbacks were coming from different IP addresses and different domains.


  6. Viper007Bond

    @Jeffro – They’re actually fairly easy to install and come with great instructions. :)

    When someone hits any page on your blog right now, PHP generates the page and gets data from the database. Both of those actions use CPU power.

    Both caching plugins short-circuit that and instead serve a previously generated version of that page (which uses significantly less CPU). Two guests to your site will see the same content, so the plugin just generates the page for one and serves it to the second without using the CPU power needed to generate the page.

    New comments and such automatically invalidate the cache files, so it’s basically install and forget.


  7. Kimberly

    Hi Jeffro

    Sorry to hear about your issue with spam yesterday, there are some real low lives around.

    I was wondering about the Simple Track Back validation, but if the server is under load already, how much more load would a plugin checking each trackback put on the server?

    It would be interesting to see how the Track Back Validation performs under the same circumstances that you had.



  8. Jeffro

    @Kimberly – heh, quite a few people were telling me to install plugins but in the middle of an attack, it’s a bit hard to do, especially when the site is using up server resources causing everything to get suspended. My first course of action was to somehow eliminate the CPU overload from those two files which I did. I’m afraid to remove the code from the Config file as the attack may keep going.


  9. Tris Hussey

    Glad to see that you’re back up and running. I agree with Viper007Bond, either of the caching plugins would have helped tremendously. They both so the same thing as you did with the static HTML file, and both are dead simple to use.

    Neither of them require code ninja, skills, if you can do the static HTML trick, you can get either of the plugins running.

    I’ve also used both of the plugins and think WPSuperCache is easier to configure, but W3 is more powerful.

    I’ve been seeing a lot of trackback spam of late as well. I might have to resort to disabling them as well if they get bad.


  10. Ozh

    Seriously, trackbacks are cool when you begin blogging and are all excited when you get a new link back, but past this they are just worthless. Disable trackbacks, simple.


  11. Chip Bennett

    I disagree completely with the argument that trackbacks are useless and should be disabled. Trackbacks epitomize the inter-connectedness of the blogosphere, tying conversations together across sites. A trackback is, essentially, the extension of a conversation.

    Yes, they can be abused; yes, that abuse must be mitigated.

    No, they should not be disabled.


  12. Miroslav Glavic

    I know you can moderate comments, but I never knew you can moderate trackbacks.


  13. Haris


    For a site like wptavern which is a regular resource for wordpressers, cache should be a requirement.

    Actually, that’s a bit of exaggeration since its hosted on a shared enviornment and b/w is not a problem but still, it will reduce cpu cycles.


  14. Kenneth Younger

    Jeffro, I would say it is definitely worth the time to try either SuperCache or TotalCache.

    Most of the default settings are good enough, and I bet that folks in the Forums would answer any questions you might have :)


  15. Brad

    I think this is what Jeff did directly after this attack: http://qik.com/video/4550904


  16. Angelo Mandato

    This is an interesting topic. I turned off trackbacks/pingbacks on most of my blogs (personal and CMS ones). I agree no one seems to use trackbacks/pingbacks properly anymore. Almost all the trackback/pingbacks I see are from untrusted sources that I end up moderating as SPAM. There are occasional real trackbacks though, so I don’t necessarily recommend turning it off on all blogs, depends on what you’re doing.

    Thinking of DoS attacks, every page request for a WordPress blog requires PHP/MySQL to load, so depending on how much horsepower your server has it sometimes doesn’t take much to make a server go down. If you’re using shared server where you don’t have access install real caching such as APC on your server, then you’re only option is a caching plugin. Even if you use a caching plugin your blog still uses CPU/memory because PHP/MySQL still load. There are some caching plugins that do true caching with very complicated mod_rewrite rules in the .htaccess file, but using such caching means you cannot use a lot of the cool plugins that update dynamically (twitter and rating plugins come to mind).

    If you have full control of your server, you’re better off installing APC so you get true caching of PHP in memory. There are many other tweaks you can make to MySQL as well to facilitate caching of the most queried data. If you have the ability to do these things, there’s absolutely no reason to use a caching plugin since these applications like APC do the caching at a much higher level.

    For blog feeds, I wrote a plugin called Static Feed that lets you serve your primary feeds as static XML files. This gives you the advantage of being able to serve your feeds even if your PHP/MySQL fail due to a DoS attack. I use it to remove the extra CPU/Memory load from having WordPress dynamically re-create the XML feeds every time the feeds are requested. The Static Feed plugin works by saving an XML copy of your feed any time you edit, add or delete blog posts. If you’re only writing 1-3 blog posts a day, you’re only resulting in a handful of MySQL queries to your database and saving a lot of CPU/Memory usage from loading PHP. Best part is my Static Feed plugin can either be configured for permalink style feeds (e.g. example.com/feed/) or Moveable Type style (e.g. example.com/index.xml).


  17. Lynn Dye

    Jeffro, I’m a regular listener to your podcast and appreciate all the effort it takes for you to produce it weekly.

    Glad your site is back up and running – I was reading the comments and it brought to mind a question I’ve had that maybe you or your community can give me some direction on.
    From time to time I look at the comments in my que and wonder if they are spam or if the people commenting use English as a second language! Some of the comments are so strange – like these two…
    “I just love the way you write, its clear and easy to understand, and your posts are not fluffy and very informative, thanks for posting.” Or “After reading you site, Your site is very useful for me .I bookmarked your site!”
    What do you look for to determine if a comment is from a spammer or not? If I get a comment like the above with no links in the comment, but with a kind of spammy-looking email address, should I spam the comment?
    I don’t want to be rude to anyone – I’m thrilled when people comment, but I don’t want to do anything to help a spammer either.
    Anyone want to weigh in? Thanks.


  18. Chip Bennett

    @Lynn Dye – I’ve seen some of those, too. If you are unsure whether or not a specific comment is spam, check the name and (if any) URL included with the comment.

    If the comment text has no links, and the name/email doesn’t contain a URL, then it’s probably not spam.

    On the other hand, many WordPress blogs are configured to require moderation of all comments from commenters who have not had a comment previously approved. So, spammers may be taking the tack of posting one, innocuous comment in order to get around this first-comment moderation. So, for a borderline comment, just be sure to watch for any future, spam comments from the same email address (assuming such comments get past Akismet).


  19. Donncha O Caoimh

    Ouch. That happened to me once. My site was hit with 80,000 spam comments/trackbacks in one or two days. I switched off trackbacks shortly after. Most blogs use pings nowadays anyway.


Comments are closed.

%d bloggers like this: