Excerpt: You may think your site is okay because your anti-spam software filters out all the spam comments. Chances are that you are wrong. Just filtering out the spam isn’t good enough…If this site had been hosted on a shared host, it would have been taken down. That’s how severe it was.
While this is good information for everyone, for this post, we’re going to look at bad bots from a Wordpress point-of-view. In other words, you have a Wordpress installation on your own hosting account. Everyone with a hosting account, however, should know this information and future posts will show you how to stop these sorts of attacks on any type of site.
With every host, you pay for cpu resources and bandwidth. If you are with a shared hosting company, even if they offer “unlimited” bandwidth, you only get so many resources. Did you know that there are people out there trying to steal those resources from you?
One thing many people aren’t aware of is that there is a huge and shady industry out there designed to search the web with automated programs that try to accomplish various things. These bots go around and do stuff, or attempt to do stuff, to your site. One common bot is the email bot. An email bot will search the web looking for email addresses either in posts or inside comments. Once it finds an email address, it shoots it back to its server where it becomes the property of spammers. If you’ve ever posted your email address at a website and suddenly started getting spam, it wasn’t really that site’s fault. It just happened to come under an email bot attack.
Another type looks for forms that post to the site and try to post spam that way.
Other bots try to leave spam in your comment sections. You may think your site is okay because your anti-spam software filters out the spam comments. Chances are that you are wrong. Just filtering out the spam isn’t good enough. Here’s a real life example of why:
On one of my sites that is hosted by a large, grid hosting site, I keep track of all of my CPU usage to see if I may incur any overage for the month. Too much overage, and I’ll start splitting sites out into different accounts. So I was checking my CPU usage the other day when I came across something shocking. One of my lowest volume sites, a site that gets no more than about 50 real visitors a day, was logging, by the hosting company’s stats, several thousand hits a day and burning through my server allotment at an astonishing rate. I had noticed that a couple of spam comments were getting through my Akismet spam protector every day or so, so I went to my site and checked my spams blocked stats. I was shocked. Akismet was blocking thousands of spam comments every day.
That’s not so great. Why? Well, because these bots were still accessing my site. They weren’t being successful at posting, but they were still pulling my site up and wandering around the pages. They were using forms to post comments. They were burning up my server. If this site had been hosted on a shared host, it would have been taken down. That’s how severe it was.
For any site, you can block bots by adding some code to your .htaccess file. But that will take some explaining and will come in a later post. When I get that done, I’ll put a link to it at the top of this page. For Wordpress sites, on the other hand, there is a good solution in the form of a plugin called Bad Behavior. Simply install it and Bad Behavior will stop most of the bots before they are even able to access the site. Instantly, the burning through my server usage came to an end.
There is one slight warning to go with Bad Behavior. You need to check your main page in Google, and maybe Yahoo, at least once per week. There have been times, though very rarely, where a Google bot will get associated with bots from a bad neighborhood and then Google will be unable to access your site. That’s very, very bad, but also very, very rare, and the developer of Bad Behavior is quick to track and fix all problems.
So what is the bottom line here? Don’t let the bad guys steel your server resources. If you are on a shared host, especially, the consequences could be catastrophic. You could be running a site that easily meets the guidelines of the shared hosting company, and you could be shut down anyway, and if you have never heard of these nefarious bots before, you would have no idea why you are being treated this way by your host.
So always make it a habit to check your logs. Bots don’t show up in most stat programs, like Google Analytics, so you can’t see them this way. If you have Akismet installed on Wordpress, check to see how hard it is having to work. Otherwise, log into your host’s control panel and look carefully through the logs. Bots are pretty easy to identify. They are indiscriminate in the way the navigate your site, going to everything every time they show up.
This is some of the most dispicable behavior on the Internet and can literally cost you your site. Don’t let it happen.
