Derek Barnstorm wrote on Sep 13
th, 2013 at 12:30pm:
So, the only things I can think of is to block the IPs at server level (.htaccess). If you opened back up your registration process, then you could install the StopForumSpam mod:
http://www.boardmod.org/yabb2/YaBB.pl?num=1315522544 - That mod has as setting to automatically add offending IPs to The Guardian to block them at server level.
The problem with blocks at the .htaccess level, is just that it' s at that level. Bandwidth is still being consumed.
I'm already doing iptables blocking. This works at the TCP level. Once blocked the server no longer exists to the requester.
There is no more effective mechanism!
The point of the post is that ultimately, in my case within 6 months, iptables blocking will effectively result in a denial of service.
In the event that the spam bot attempts increase at the apparent current rate, then sooner or later any kind of blocking has to consume all server resources! Given that iptables blocks happen at the lowest possible level. Doing anything at a higher level, logging, modifying .htaccess or whatever after the request reaches the server must amount to a denial of service eventually.
My calculations show iptables blocks WILL FAIL in 6 months. I've no idea how long it takes to generate an .htaccess files that become so big that the server spends all its time scanning to determine which IPs to block?
What we need is to slow down the number of fake requests. By definition, that cannot be accomplished from inside the firewall.
The immediate solution then appears to be reject all HTTP at the incoming router. Game over, sysadmins nil spam bots won