I am so sick of the damn spammers. Spammers are teh sux0r. Spammers are a festering boil on the ass of the Internets. I wouldn’t let a spammer kiss my butt with a pair of wax lips from ten feet away. If I ever see a spammer bleeding in a ditch, I will not be a Good Samaritan, I will kick him in the head, cover him up with dirt, and leave him there to rot.
Over the past few weeks, the comment spam has been coming in so thick that I’ve had to start blocking IPs at the firewall level. I’m currently blocking over 40 IPs, plus an entire Class C block out of Mexico. My normal blacklist blocks prevent the spam from showing up on the blog anyhow, but they were coming in so fast and furious that Apache and MySQL were grinding to a halt under the load.
On top of that, the email spam has been spiking up, too. Which makes SpamAssassin and Procmail eat the CPU. I’ve added a couple of additional RBL checks to my anti-spam measures, and that’s helping, but not as much as I’d like. I’m thinking about implementing some much more aggressive measures.
What I want to do is to start tracking spam source IPs in realtime. When I determine that a blog comment or email message is spam, I’d add the source IP to a database. I’d update a spam count and modification date every time I receive more spam from that source. After reaching a certain threshold, I would automagically ban that IP in my firewall rules. The IP would stay blocked until a certain amount of time passed with no traffic at all, at which point it would be removed from the firewall.
This would ensure that any particular spam source would only get a very limited number of tries to waste my resources. It will also be a pain in the ass to implement, but at this point, I’m about ready to spend every spare moment that I can find to do it. I’ll keep everyone updated on my progress. If I can get it working well, I’ll release the code for anyone else who might be able to use it.