So I see spam bots buzzing around my sites all the time. There’s one particular site that gets hit more than others and it’s causing problems.
Every now and then a spambot tries to post hundreds or thousands of comments one street the other and it ties up server resources. That shows the whole server down and eventually if it continues can cause crashes and other problems – like memory exhaustion.
You can clearly see the offending spam bots in your access logs because you’ll see several lines that contain:
POST /xmlrpc.php
Note: the IP in the line above is from a real spambot that hit my site. It got past most of the protection systems and in the end fail2ban had to step in and ban the offending IP.
I have other systems in place to restart on crash, to rate limit spam bots and to eventually block them. The problem is that they’re not working 100% effectively even when properly configured.
The new idea is to prevent then being able to submit the comment form in the first place.
A honeypot might not be the best solution but it will defiantly help to stop automated submissions so it’s a start.