The Saga of the Texas Holdem Spammer

By Deane Barker on November 17, 2004

Yeah, I’m pissed. Really pissed. When does comment spam become a DDOS attack? There’s a fine line, and some a**hole crossed it this morning.

I knew there was a problem when I sat down to eat my cereal and read the news this morning and the Windows XP Home login screen told me I had 1,134 unread emails. Thunderbird confirmed it: we were under seige some some dumba** pushing “texas holdem poker.”

Gadgetopia essentially came down. He was firing spams at the site from a pool of IP addresses (probably a zombie network). The Movable Type admin interface wouldn’t respond (“ObjectDriver Error: too many connections” — MySQL was evidently in great pain). I tried to get through to phpMyAdmin to delete them through SQL, but that wouldn’t come up either.

When I got into the office, Joe and I got a command line on the box via SSH. It was ve-e-e-e-ry slow. “top” told us that it was running at about 50 times the normal load, and the process list was filled with “mt-comments.cgi” and “mysqld.”

We changed the permissions on mt-comments.cgi to 644, and killed all the existing processes. The load on the box slowly returned to normal.

The final damage was 1,710 comment spams from 173 different IP addresses. MT-Blacklist stopped virtually all of them from appearing on the site. It also prevented a rebuild of the pages, which helped a little too.

(The ironic thing was that he put the hyperlink in an A tag and I strip HTML, so even if the comments had appeared, the hyperlink wouldn’t have shown up.)

The final mess to clean up is my email account. I now have 1,700+
messages on an IMAP server which is none too pleased about it. Deleting 1,700 messages at a time isn’t a quick operation.

Comments are still down. We’re watching the logs and he’s still trying — we have an attempt as recently as 20 minutes ago. We’ll try to get them back up later today.

Gadgetopia

Comments

  1. You’ve really got to wonder about the intelligence of jerks like this; they think they’ve found a new way to “get their word out” and they hammer it so hard it brings the server the site is running on to its knees. What does that accomplish, other than alerting and majorly ticking off the site admin who wipes every shred of the jerk’s work from the site?

    I had a mail server get its anti-spam prefs accidentally wiped once; by the time I had put a stop to it spammers were pumping about 15,000 messages an hour out of the thing, which pretty much brought the server down. If not for the sheer volume going through it I may not have noticed that going on for quite a while; the way they did it only brought it to my attention more quickly, thus shutting down their “free” mail server.

    I guess it all goes back to the idiotic 0.01% who actually respond to these bozos. I’d like to get my hands on anybody who actually spends money on something they hear about through spam. Grrr.

  2. I’m having about 200 hits from this spammer AN HOUR the last weeks. I’m serious when I say this: if I ever get my hands on this guy, I’m gonna beat the crap outta him. Over 2 Gigs of expensive traffic last month went to Texas Bullshit poker – I’d kill him and rape his skull for sure…

    calmdown ;-)

  3. likewise, I would like to beat the effing ess out of this sob and his pos life. Forgive the overt irritation. Over two thousand comments from him, and medicine spam comments are a whole nother story.

  4. The same asshole has been hitting me and all the sites I have. I finally got stuff in place to stop the comment spam so now the shthead has went to making them trackbacks. I tried complaining to my domain provider to see if they could help me and they can’t. The site is registered through an anonymous domain registrar who has refused my request for contact information on the domain registrant. If you guys find him, let me know, I’ll join the mob and help you beat their as

  5. I looked up the site on the web and there are 2 e-mails in the comments area. I was thinking of signing them up for every porn site I could find. Maybe if we all do that they’d get the point?

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.