This post originated from an RSS feed registered with Java Buzz by dion. Original Post: Denial of Service Comment Spam and the Maxthon Browser Feed Title: techno.blog(Dion) Feed URL: http://feeds.feedburner.com/dion Feed Description: blogging about life the universe and everything tech Latest Java Buzz Posts Latest Java Buzz Posts by dion Latest Posts From techno.blog(Dion)

Ah spam bots, how I loathe thee. Yesterday we had an attack of spam bots hitting "POST /wp-comments-post.php" which doesn't exist.

It doesn't exist on our WP install as we renamed it (not that it is hard for the spam bots to grok the HTML and start using the new name).

In its place we have a redirect of /wp-comments-post.php to http://localhost, to try to do the LEAST possible work on our servers to deal with these beasts.

The attack was distributed with no repeat IP addresses, so we couldn't ban the sucker.

The strange similarity on all requests was the user agent:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)

That has me wondering if the Maxthon IE extension has anything naughty/corrupted in it, or if the spammers just put that in as the user agent.