The home on the web of Colin Walker.
Find out more on /ident, say /EHLO, or tune in to the daily RSS feed.
2025/11/12#p1
The battle with bots etc. continues.
Linking comments to the IP blocking system seems to have seriously cut down the amount I'm getting (which is good) but I have been noticing "Too many connections" errors in the PHP error log.
Curiously, these had been happening at about the same time each night (00:50 GMT) so I pulled some server access logs to see if there was any correlation. Lo and behold, there was a specific bot crawling the site around that time; it's user agent included words to the effect of "still in testing, block the IP address if it's causing you problems".
An initial check found a few different IP addresses related to the bot so I put the log file in ChatGPT and asked it to get all associated IPs. Within the space of a few hours of logs there were 74 unique addresses accounting for almost 2000 hits! Blocking by IP address was, obviously, not practical so I did it by checking the contents of the user agent in .htaccess and throwing a 403.
On a side quest, I simplified the main blog page so that it made less calls to the database by reusing results of earlier calls where possible.
All that remains is to see if there are any new errors overnight.
Yikes. It's so annoying that you have to go to these lengths to keep your comments section livable. It's no wonder so many people have disabled comments in recent years.
Sadly, that's the nature of the web these days. It goes to show how we take a lot of stuff for granted when using WordPress etc. It's a whole different story when you have to do it yourself 😄
Even some of the WordPress plugins aren't that great at keeping spam out, but one or two are.