I received a rather alarming email from my hosting provider today, informing me that I was using an excessive amount of CPU, to the tune of 137.59 CPU minutes today.  Further, my account was now to be subject to resource monitoring (starting tonight).  The email was to inform me that I needed to start watching the resource monitor logs to find the source of the excessive usage.

Well, it didn’t take me long to find the likely source, even though I hadn’t yet been able to see the resource logs.  A quick look at the Apache access.log shows that the bastard spammers are hitting my server about 30,000 times per day trying to insert their crap into my referral logs.  The referral attack is the most common one that is launched against EE weblogs, since comment and trackback spam is much more difficult with EE.  Because of this problem I’d turned off referrers about two months ago and I’d made the old referrer template inaccessible to anyone who was not a logged in member. 

I thought (mistakenly) that by making the referral information inaccessible that the asshat spammers would lose the incentive to spam my referrer scripts and would eventually give up.  Instead, it appears that they stepped up their attempts to the point of verging on a DDOS attack.

So today I took more drastic action.  I used the .htaccess feature of EE’s Blacklist module to block these bastards before they can even hit EE, which should cut down dramatically on the number of PHP sessions and database connections.  Since about 2:00pm today 10,609 spam referral attempts have already been blocked.

While I was at it I also disabled hotlinking of all images on this domain from outside domains.  Analysis of my logs shows that there were a lot of young thug-wannabes who were linking to my gun pictures from their horribly formatted online profiles.  Some examples:
Bustmygunphilly (definitely not safe for work)
cameronknight
Bobby04
airlydzie

It’s kind of funny to see their attempts to hotlink my gun pictures replaced with this: