Exploiting your drupal comments


So after turning comments on for a day I noticed that after turning them back off there were still continuous hits to a specific page.
Patterns are a key to look for.
Under reports I was seeing the same page hit over and over followed directly be three redirects to the now changed access denied page.
Obviously it was something scripted that was attempting to auto submit comments.

The first solution:
copy that page to another page.
Delete the old page.
This should now cause a page not found error to the comment submission script, in turn with the same redirect to the new
error code page.
Not that it really mattered since it will still error out, but at least it does not skew the monitoring of valid access.

I am coming up with some new sql report queries and will post them soon.
Hopefully these will help you narrow down IPs worth blocking.
I had thought about an IP check module but from the looks of things with the obvious amount of machines compromised it would truly cause
delays in displaying pages.

Again, hoping that karma plays its part for these exploitationists wreaking havoc on what was once a good thing.