MT AutoIPBlock - Reduce the Spam CPU Load

Mark — 2004-12-15T13:31:04-05:00

This is a hack I began using recently, in an emergency situation. Blog comment spam was creating a huge CPU load on my web server, to the point that it was causing server crashes and CPU restrcitions from my (now former) web host. I have heard increasing report of web hosting banning the use of Movable Type on their hosting plans for the same reason.

This an MT-Blacklist hack that automatically blocks the IP address of someone trying to post commnent that matches your blacklist. It does this using htaccess, so repeated POSTs from that IP will never reach the MT scripts, thus saving your CPU.

First, let me be clear that I agree with Jay Allen and Adam Kalsey's comments about the drawbacks of IP blocking. And I recommend that you read those posts linked to in the previous sentence, before using this hack. I do disagree with the general notion that "IP banning is useless", because it can reduce the CPU load, and that it the only benefit of this hack. This hack will not reduce your blog spam. It may, however, reduce the CPU burden of MT and MT-Blacklist while spam is being checked against the (ever growing) blacklist and blocked accordingly.

Requirements:

MT 3.1+
MT-Blacklist 2.0+
Apache Web Server

Installation:

1. If you haven't done so already, read the 2 posts that I linked to in the previous paragraph. This hack is not perfect, and those posts do a job explaining some of the reasons why.

2. Open Submission.pm for editing, found in /mt/plugins/Blacklist/lib/Blacklist/App/.

3. Look for the following line:

$message = $app->translate("MT-Blacklist comment denial on '[_1]'. Author: [_2]; Email: [_3] [_4] matched: [_5]", MT::Util::encode_html($blog->name), $com_author, $com_email, $item_type, '<a href="'.$item_url.'">'.$matches->[0]->{item}->text.'</a>');

For me this is on line 552. After this line, add:

### AutoIPBlock
my $remote_ip = $app->remote_ip;
my $htaccess = ".htaccess";
open(DAT,">>$htaccess") || die("Cannot Open File");
print DAT "deny from $remote_ip\n";
close(DAT);
###

4. A few lines lower (now on line 561), find the following line:

$message = $app->translate("MT-Blacklist comment denial on '[_1]'. Author: [_2]; Email: [_3] [_4] blacklist items matched.", MT::Util::encode_html($blog->name), $com_author, $com_email, scalar(@$matches));

After this line, add:

### AutoIPBlock
my $remote_ip = $app->remote_ip;
my $htaccess = ".htaccess";
open(DAT,">>$htaccess") || die("Cannot Open File");
print DAT "deny from $remote_ip\n";
close(DAT);
###

5. Another few lines down (now at line 579), find:

$message = $app->translate("MT-Blacklist ping denial on '[_1]'. Blog: [_2]; URL: [_3] [_4] matched: [_5]", MT::Util::encode_html($blog->name), MT::Util::encode_html($remote_blog), MT::Util::encode_html($remote_url), $item_type, '<a href="'.$item_url.'">'.$matches->[0]->{item}->text.'</a>');

After this line, add:

### AutoIPBlock
my $remote_ip = $app->remote_ip;
my $htaccess = ".htaccess";
open(DAT,">>$htaccess") || die("Cannot Open File");
print DAT "deny from $remote_ip\n";
close(DAT);
###

6. Another few lines down (now at line 588 ) find:

$message = $app->translate("MT-Blacklist ping denial on '[_1]'. Blog: [_2]; URL: [_3] [_4] blacklist items matched.", MT::Util::encode_html($blog->name), MT::Util::encode_html($remote_blog), MT::Util::encode_html($remote_url), scalar(@$matches));

After this line, add:

### AutoIPBlock
my $remote_ip = $app->remote_ip;
my $htaccess = ".htaccess";
open(DAT,">>$htaccess") || die("Cannot Open File");
print DAT "deny from $remote_ip\n";
close(DAT);
###

Note: Steps 3 and 4 above are for comments, and steps 5 and 6 are for trackbacks. If you nwat to enable this hack for only comments or trackbacks, you can skip steps accordingly.

7. In your 'mt' directory (directory where your mt.cgi file lives), upload a blank file with the name of '.htaccess' (note the preceding '.')

8. Test it by posting a comment with a string known to be on your blacklist. If it works, you will be banned from posting. It will also ban your IP from accessing the MT admin area, so you need to go in via FTP and remove your IP from the .htaccess file.

That's it. This is a simple, very rudimentary hack, that should only be used in mergency situations, where CPU load has become an issue due to repeated spamming by spambots.

Note: I am not an expert when in comes to CPU load and such. I don't know how much CPU cycles are saved by this hack. I do know that it seems to help a lot when my old server was crashing frequently due to CPU load.

MT AutoIPBlock - Reduce the Spam CPU Load

Guerrillahase — 2004-12-24T04:58:52-05:00

Yeah, thatâ€™s great!
But as an expert for online guerrilla I tell you: You can change your IP :-)
Great idea, anyway!

MT AutoIPBlock - Reduce the Spam CPU Load

Annoying Old Guy — 2006-04-02T21:03:27-05:00

You might want to try AutoBan, which does the same thing using 3.2 junk and does not require any modifications to MT.

My experience is that it does reduce junk on your weblog. It doesn't stop it, but it sure cuts down many of the floods to trickles.

MT AutoIPBlock - Reduce the Spam CPU Load

Stan The Caddy — 2006-04-03T12:04:52-05:00

Thanks, AOG.

I saw that you mention AutoBan on ProNet, and it sounds interesting. Since I have many, many entries, spam floods often crash my (dedicated) server. AutoBan sounds like it might help quite a bit. Now if you can do the same thing, but add the offending IPs to iptables (linux firewall), that would be even better, as it would spare apache completely. ;)