遭遇TrackBack Ping Spam攻击

最近不知怎么了,Blog的TrackBack Ping Spam又泛滥成灾,即使加装了阿郎CCode and TCode,还是无法阻止接连不断的垃圾引用通告。为此,我暂时关闭了Postshow接收引用通告的功能,我本人在DreamHost的Blog,也收到了DH的邮件信息:

Hello,

I am sorry but your mt-tb.cgi was loading up your server to over 100:

top - 15:00:03 up 8 days, 12:42, 3 users, load average: 106.36, 74.61,
54.69

Simply by disabling it I was able to get the load back down quite a bit
(and it is still dropping):

top - 15:06:54 up 8 days, 12:49, 2 users, load average: 3.86, 43.62,
51.09

I am sorry I had to rename it but we can't let one user jam up an entire
server like that unfortunately.

竟然由于TrackBack Spam的攻击,导致虚拟主机的负载过高,被DH关闭了mt-tb.cgi的使用。

为解决此问题,我采用了以下几种方法,暂时抵御这可耻的TrackBack攻击。
  1. 安装CCode and TCode
  2. 修改mt-tb.cgi为其它文件名,并在mt-config.cgi文件中指定TrackbackScript为新文件名,然后重建Blog。
  3. 可能的情况下,将Movable Type转用FastCGI替代以 cgiwrap 或 suexec 方式运行的CGI,然后重建Blog。
  4. 关闭收到过多垃圾引用通告的日记,切断这些已经被Spamer列入重点攻击对象的日记继续被攻击的可能。

当然,这些方法不可能从根本上消灭Spam攻击,TrackBack这种实用的功能要想得到更进一步的推广,更好的发挥自己的效用,还要在底层设计上就考虑好Anti-Spam。