## May 20, 2006

### Technical Difficulties

It’s been brought to my attention that some people have recently been encountering an INTERNAL SERVER ERROR when attempting to comment here (or at the String Coffee Table).

The cause, alas, is my determination to be overly clever.

As you may know, we receive a huge volume of trackback spam (17419 spam trackbacks in April). But, in the past couple of weeks, the spammers have redoubled their efforts to more than 1000 trackbacks/day (so far, the one-day record is 1646). Of course, that has meant an uptick in the amount of trackback spam that actually makes it through our defences (you may have noticed that). More insidiously, the elevated level of spam started to play havoc with my tarpit.

On the theory that the best defence is a good offence, I attempt to hold open the HTTP connection with the trackback spambots, for as long as possible — up to 24 hours — instead of the few seconds that a trackback request/response would normally take. The idea is that, if the spammer has a hundred robots, all churning out trackback spam as fast as they can, I can take a serious bite out of his “productivity” by tying up a few dozen of those robots for hours at a time. Even as I write this (during a lull in the spammers’ activity), there are 47 tarpitted connections open.

With the very generous process limits I’d configured1, the webserver can handle hundreds of simultaneous connections. But, once those limits are reached, it refuses spawn any more CGI scripts, which means … no comments for you.

This sort of resource-exhaustion was never an issue until the latest surge in trackback spam. Four times this month, however, tarpitted connections have maxed out the process limits for the server. Depending on how long it took me to notice, the “outages” lasted from a few minutes to several hours.

I’ve taken steps to mitigate the problem but, please, if you encounter any more INTERNAL SERVER ERRORs, let me know.

1 For the curious, this meant bumping up

kern.maxproc=2048
kern.maxprocperuid=640

in /etc/sysctl.conf, setting

ulimit -u 640

in the webserver startup script, as well as modifying the ServerLimit and MaxClients directives in the Apache configuration file.

Posted by distler at May 20, 2006 11:23 PM

TrackBack URL for this Entry:   http://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/814

### Re: Technical Difficulties

It seems to work again 8-)

Posted by: wolfgang on May 21, 2006 8:23 AM | Permalink | Reply to this

### Re: Technical Difficulties

Testing-

I hope I am not considered a spambot?:)

Posted by: Plato on May 22, 2006 11:41 AM | Permalink | Reply to this

Post a New Comment