Thanks for all of your comments on… my comments. I got about a dozen comments and they were all great. I implemented the following:
1. Create content that sucks. That way, you aren’t a good target. (I thought I was already doing that, but will redouble my efforts.)
2. Block a set of IPs recommended by Dreamhost. This kind of sucks. I sure don’t want to block all of Poland, India, and China (where 90% of my attacks are coming from), but I’ve set up htaccess with a blocklist, and will continue to do check periodically for serious offenders.
3. Someone pointed me to some ways of using mod_security to limit who has access to the comment post script. Unfortunately, I can’t figure out how to do this (if it’s possible at all) on my shared server at Dreamhost.
4. Move the scripts from the default names. This is probably the most obvious one, and should have been done a long time ago.
5. CAPTCHA. I don’t know why Dreamhost suggested this, but I’ve done it. I had initially planned to do a “real” CAPTCHA, but I like Eszter’s approach much better. We’ll see how that works out.
Please let me know if you have any trouble commenting.
Oh, and Booo, Dreamhost Support for cutting off my comments and then not replying to my emails… Given that WordPress is a one-click install on Dreamhost, you would think they would set up their WordPress with some of these things already lined up.
When my hosting runs up, I’m going to set up a server at home instead.
Comments return
Thanks for all of your comments on… my comments. I got about a dozen comments and they were all great. I implemented the following:
1. Create content that sucks. That way, you aren’t a good target. (I thought I was already doing that, but will redouble my efforts.)
2. Block a set of IPs recommended by Dreamhost. This kind of sucks. I sure don’t want to block all of Poland, India, and China (where 90% of my attacks are coming from), but I’ve set up htaccess with a blocklist, and will continue to do check periodically for serious offenders.
3. Someone pointed me to some ways of using mod_security to limit who has access to the comment post script. Unfortunately, I can’t figure out how to do this (if it’s possible at all) on my shared server at Dreamhost.
4. Move the scripts from the default names. This is probably the most obvious one, and should have been done a long time ago.
5. CAPTCHA. I don’t know why Dreamhost suggested this, but I’ve done it. I had initially planned to do a “real” CAPTCHA, but I like Eszter’s approach much better. We’ll see how that works out.
Please let me know if you have any trouble commenting.
Oh, and Booo, Dreamhost Support for cutting off my comments and then not replying to my emails… Given that WordPress is a one-click install on Dreamhost, you would think they would set up their WordPress with some of these things already lined up.
When my hosting runs up, I’m going to set up a server at home instead.
Share this: