WebTechKitchen; Your Web Technology Kitchen, contact us to create, or maintain your websites and other digital properties.

What to do if your Drupal site gets attacked by spammers and Black Hat SEO

Submitted by barnettech on Wed, 02/13/2013 - 11:15

So your site is being attacked with lots of spam user registrations and comments, and even nodes, what should you do.

1.)  Install the Mollom module

   -- configure mollum by going to the mollum website http://mollom.com/ and get your free api keys.  You can get a paid account for larger corporate sites.

   -- configure mollum to show a capcha on every form on your site that allows traffic from non - trusted sources.  I especially needed to protect comments and user registration.  I was being attacked with one spam / bogus user registration a minute at the very least.  With the capcha this stopped the problem.  

2.)  Blacklist IPs:  go to your apache access log and find the IPs that are hammering your site.  In unbuntu the log is at /var/log/apache2 and my log file is other_vhosts_access.log but yours might just be access.log

   -- type:  tail -f access.log and watch your access log to see who is hammering your site and what they are doing.  Or you can type cat access_log | awk '{ print $1 }' | sort | uniq -c | sort -n This command will count how many times any given IP has hammered your site.  They are probably hammering your site creating bogus users and comments.  In one of my sites there was a place to put in your website url, and the black hat seo spammers were trying to up their Google rankings by posting their client's website address.  Then google spiders would crawl along and count how many links that website has across the web, and low and behold the spammed urls must be very very popular since they are infesting all websites the spammers could find with vulnerabilities!  

  -- When you see IP addresses you think are spammers in Drupal 7 go to admin/config/people/ip-blocking and plug in the offending IP addresses to block them from accessing your site.  They are probably abusing your server with an automated bot and they are robbing your server of memory, cpu, etc, so try to block the black hat spammers before they take down your server again!

  -- EVEN BETTER on UBUNTU you should have IPTABLES installed by default:

      *  run this command iptables -A INPUT -s IP-ADDRESS-TO-BLACKLIST -j DROP

      *  https://help.ubuntu.com/community/IptablesHowTo#Saving_iptables for help on saving the iptables configuration (so on reboot you don't loose everything)

      *  sudo sh -c "iptables-save > /etc/iptables.rules" to save a copy of your rules (see the guide in the above link for details)

3.)  Note you can use the Capcha module instead of Mollom as listed above, but I like Mollom for now myself.  Captcha out of the box only has a math capcha, and not those annoying hard to read letters that you must decipher -- I found the annoying letters only humans can read more effective.  With some fiddling Captcha module can annoy your users with the hard to decipher letters as well.

And yes this blog post was inspired by my battle with a spammer I shut down over the last day or so.

Anyhow good luck, and remember White Hat SEO, don't turn to the dark side!

If you would like help with your SEO feel free to be in touch (info@barnettech.com), I have resources to get you to top of Google search rankings !

Good luck!

Barnettech