As such I have ripped mt-comment.cgi out of its stranglehold on that particular server and am now using the error_log as my new fan... Theres gotta be at least 10 requests a second for his "The Future of SVG" post from earlier today and while the IP's are definitely starting to show a recurring pattern theres gotta be at least 300 different machines making requests to make a comment on that same post... While I'll admit Kurt tends to be a popular guy at conferences, especially at SVG conferences, something tells me there are not 600 or so people every 60 seconds who are just dying to post a comment. In fact there is no actual POST requests, just GET so my recent check of Kurts comment log with hope of finding revealing hate mail or something of that nature reveals nothing but Viagra and Poker comment spam waiting to be approved. I'll get right on that... just wait right here.
[[UPDATE: This just in from Kurt:
Mark, I've been slashdotted - if you've had problems with your server, it's my fault - my usage chart is throught the damn roof.]
Wow, so thats what its like to be slashdotted (BTW... if you read any of my really snide remarks from a bit ago, there now deleted... I've never deleted anything before from this blog, but when you think you're being DOS Attacked and it ends up that its really just Kurt being slashdotted you kind of want to erase all the stupid things you said when you thought it was a DOS Attack and you felt like giving the one responsible a piece of your mind...
Ummm... nevermind... :) Please, visit Kurt's blog all you want... :) Sorry bout that!
Although, I have discovered yet again that CGI scripts are the difference between a server that is being strangled to death and a server that is able to handle whatever's thrown at it... including being Slashdotted! With comments enabled Movable Type calls the mt-comments.cgi script each and every time that page is hit, I'm assuming to have the proper form state passed in as part of the HTML. As soon as I ripped out mt-comments.cgi, suddenly the server was back down to less than 10% resource usage, even with the, quite literally hundreds of requests that were hitting the server every 10-15 seconds.
And people keep writing CGI scripts because....?
[END OF UPDATE]]
[Original Post cont.]
---
You're still here... Damn, I thought that would throw you off track... Oh well, while I have you here I guess I could speculate some more while I enjoy the cool breeze being generated via a Putty-based SSH session with that server...
[ Comment Spam? ]
I'm ruling out comment spam on this one as comment spam attempts to POST a comment, not just GET the page to leave the comment on. I'm pretty sure that posting a comment is kind of the point of comment spam, but I could be wrong. Besides, comment spammers are a bunch of lazy a$$ phreaks who rely on scripts to locate the posts with the highest Google page ranks. As such comment spammers are always 3-4 weeks behind the most recent posts... at least thats the pattern I see on the blogs hosted on this server so I can only assume its the same elsewhere as well.
Suffice it to say if you try and leave a comment on any of the blogs on this server which include mine, Kurts, the Saxon.NET weblog, alphaCOmega.com, understandingxslt.com, Reusablog.com (theres a blog that I had the best intentions of posting to and havent since the first post like 10 months ago... I do reuse a lot more code than I did at that point which was kind of the point of the blog -- to force me into reusing code by blogging about the struggles that are involved with someone forcing themselves to trust other peoples code enough to simply plug in a component, script it with some other components, write some event handling scripts, and then "Let Go and Let God" while I cringe at the hideous nature of the app I just wrote.
If not obvious, I definitely tend to be the type who for the most part, would rather rewrite the Kernel from scratch than deal with other peoples potentially sloppy code. Well, obviously I'm not that bad (I don't even think I would know where to start writing a Kernel... It takes a special kind of hacker to want to get down that close to the metal....) but I definitely have been the type of hacker who prefers to start at the beginning with each and every application I have written...
But, like I said I've gotten a lot better. Which is too bad cuz' Resuablog.com I thought was a really cool name... I guess I could "reuse" it for something else but now I have to go and smack myself upside the head for saying something that cheezy! Yes, even I have my "WAAAAAAAAAAAAAAAAYYYYYYYYYYYYYYYYY TO DAMN CHEEZY" standards I have to abide by...
Anyway, I'm interested to hear from Kurt if anything happened that may have invoked a DOS attack on that one post from a few hours ago...
"Kurt... what you do?" ;)
I'll keep you posted with all the juicy details... Oh wow, I think it just doubled in nodes slamming the comment requests for that post at the moment... DAMN!!!! I could power the city of Seattle with the wind being created by the error_log flying by me fast enough that the IP addresses are but a blur...
[DELETED AS PER THE SLASHDOT DISCOVERY LISTED ABOVE]
Enjoy your DOS Attack free day! (or your DOS Attacking Day as the case may be)