Skip to main content
Home
The Baheyeldin Dynasty
The journey for wisdom starts with knowledge
  • Home
  • About
  • Site Map
  • Contact

Drupal Proxy/Spamming Attempts Can Cause Trouble

  1. Home

By Khalid on 2005/07/14 - 15:19, last updated 2005/07/14 - 16:18

A few weeks back, a client was facing a severe problem: their database disk space consumption was steadily going up for no apparent reason. I was called in to help, and provided with the hosting control panel password as well as the Drupal admin password.

Investigation and Findings 

Upon investigation, I found out two things quickly:

  • They were using an old Drupal version based on CivicSpace. It was a 4.4 or earlier version.
  • The cache was growing very fast. For such a relatively small site, cache was 184 MB alone! Larger than the content of anything else on the side (including comments, node, and accesslog).

When I emptied the cache table, it started to grow again almost immediately.

Upon looking more closely, it was apparent that two factors caused this fast growth:

  • The fact that this is a pre-4.5 Drupal version is crucial. On 4.4 and older, Drupal did not handle 404 errors correctly. Instead, it displayed trhe contents of the home page of the site.
  • The site was being hit by referer spam attempts or proxy scans. Since these spam attempts never got a 404, they thought they were successful, and kept trying again.

Moreover, since Drupal caching was turned on, the home page was being cached for every attempt with the cache key being the off site link. This caused about 48 kB to be cached for each attempt.

Besides the above problem, the site also used an excessive amount of bandwidth due to the sheer number of requests and the serving of the home page over and over. 

Here are some examples of URLs:

http://partners.mygeek.com/search.jsp?partnerid=98980&ip=64.60.171.35&query=appraisal
http://partners.mygeek.com/search.jsp?partnerid=98765&ip=64.21.136.223&query=auto+dialers
http://feed.genieknows.com/search/search_html.jsp?client_id=GOTOMAI_7997&q=Linux+file+server
http://txsearch.epilot.com/getresults.aspx?aff=ebuyarts&ip=216%2E92%2E142%2E138&keyword=Yoga+Tapes&source=s&r=www.ebuyarts.com
http://txsearch.epilot.com/getresults.aspx?aff=gotomai&ip=216%2E92%2E142%2E138&keyword=Search+Term&source=s&r=www.gotomai.com
http://partner.search.sohu.com/cpc/partner.php?pid=info-xatom&type=14
http://partner.search.sohu.com/cpc/partner.php?pid=info-xa163&type=14

Recommendations

There are several recommendations that can be done to take care of this problem:

Blacklist the IP addresses 

If you find that the IP addresses that these spam attempts are coming from are not that many, you can block them in the .htaccess file.

Upgrade Drupal

You are better off with a newer Drupal since it does issue a 404 when it does not find the page. There are other reasons that make upgrading a good idea, including security issues with older releases.

Block certain file types

It would help if you prevent any requests to file types that you do not have. For example, if you are only running Drupal, then the following file types are not needed: 

aspx|jsp|look|cgi

You can those in .htaccess to the line:

<Files ~ "(\.(inc|module|pl|sh|sql|theme|engine|xtmpl)|Entries|Repositories|Root|scripts|updates)$">

So it looks like this:

<Files ~ "(\.(inc|module|pl|sh|sql|theme|engine|xtmpl|aspx|jsp|look|cgi)|Entries|Repositories|Root|scripts|updates)$">

Disable Drupal's cache

If your site does not get lots of hits, then you can disable the Drupal cache from the admin menus. This will cause the cache table to not grow.

Links and Resources

  • Drupal Forums: Site Slammed by Offsite Ad and Proxy Requests.
  • Drupal Forums: Is this a hacking attempt? Also see the details of how it looks in the log here.
  • AndySpace: partners.mygeek.com officially shitlisted.
Contents: 
Drupal
  • Add comment

Current

Pandemic

  • COVID-19
  • Coronavirus

Search

Site map

Contents

  • Family
    • Khalid
    • Ancestry
    • Extended
  • Friends
  • Nokat نكت
  • Writings
    • Cooking
    • Culture
    • Science
    • History
    • Linguistics
    • Media
    • Literature
    • Politics
    • Humor
    • Terrorism
    • Business
    • Philosophy
    • Religion
    • Children
  • Technology
    • Linux
    • Arabization
    • Drupal
      • Association
    • Software
    • Internet
    • Technology in Society
    • Digital Archeology
    • NCR History
    • MidEast Internet
    • Programming
    • Saudi ISPs
    • Miscellaneous
  • Places
    • Canada
      • Weather
    • Egypt
      • Cuisine
      • Alexandria
      • E.G.C.
    • USA
    • Saudi Arabia
  • Interests
    • Astronomy
    • Fishing
    • Photography
    • Snorkeling
    • Nature
    • Photomicroscopy
  • Miscellany

In Depth

  • al-Hakim bi Amr Allah: Fatimid Caliph of Egypt الحاكم بأمر الله
  • Alexandria, Egypt
  • Arabic on the Internet
  • Articles on the history of Muslims and Arabs in the Iberian Peninsula تاريخ المسلمين و العرب في الأند
  • DIY GOTO Telescope Controller With Autoguiding and Periodic Error Correction
  • E.G.C. English Girls College in Alexandria, Egypt
  • Egyptian Cuisine, Food and Recipes مأكولات مصرية
  • George Saliba: Seeking the Origins of Modern Science?
  • Internet Scams and Fraud
  • Mistaken for an Arab or Muslim: Absurdities of being a victim in the War on Terror
  • Mistaken Identity: How some people confuse my site for others
  • One People's Terrorist Is Another People's Freedom Fighter
  • Overview of Google's Technologies
  • Photomicroscopy
  • Pseudoscience: Lots of it around ...
  • Resources for using Google Adsense with Drupal
  • Rockwood Conservation Area, Southern Ontario
  • Selected Symbolic Novels And Movies
  • Snorkeling the Red Sea near Jeddah
  • Updates and Thoughts on the Egyptian Revolution of 2011

Recent Content

Most recent articles on the site.

  • Origin Of COVID-19: Natural Spillover, Lab Leak Or Biological Weapon?
  • Kamal Salibi and the "Israel from Yemen" theory
  • How To Upgrade HomeAssistant Core In A Python Venv Using uv
  • Ancestry - Paternal Side
  • Review of Wait Water Saver For Whole House Humidifiers
more

Most Comments

Most commented on articles ...

  • Another scam via Craigslist: offering more than asking price
  • Warning to female tourists thinking of marrying Egyptians
  • Craigslist classified for used car: Cheque fraud scam
  • Winning the lottery scam email: World Cup South African lottery
  • Email Scam: BMW 5 Series car and lottery winning
more

About Khalid

Various little bits of information ...

  • Khalid Baheyeldin: brief biography
  • Presentations and Talks
  • Youtube Videos
  • GitHub Projects
  • Drupal.org Profile
  • Astrophotography @ Flickr

Sponsored Links

Your Link Ad Here

Tags

Android Mobile Ubuntu Sony OnStep OpenWRT Router Ericsson COVID-19 Rogers Coronavirus Arabic Kubuntu Home Assistant GSM Telescope tablet Spectrum Scam Python 419 Laptop Firefox DIY CPU Conspiracy Comet Balkanization backup App
More

© Copyright 1999-2025 The Baheyeldin Dynasty. All rights reserved.
You can use our content under the Terms of Use.
Please read our privacy policy before you post any information on this site.
All posted articles and comments are copyright by their owner, and reflect their own views and opinions, which may not necessarily be consistent with the views and opinions of the owners of The Baheyeldin Dynasty.

Web site developed by 2bits.com Inc.