Monthly Archives: May 2011

Spam attack through wp-login.php?action=register

On the 15th of May my girlfriend started complaining abut the number of new users with suspicious data that have registered on her blog. Looking at the Apache logs:

111.94.XXX.XXX – – [15/May/2011:07:48:57 +0200] “POST /wp-login.php?action=register HTTP/1.1” 200 2857 “http://www.domain.com/wp-login.php?action=register” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 GTB6 (.NET CLR 3.5.30729)”

I found out, that all visits came from different IPs and didn’t have the referral specified.

The captcha under the registration form didn’t seem to stop the spammers. I had to find the quick fix, until the registration stops and spam starts to roll in. The closest solution I found was four years old, so I had to do a little update with the help of Apache documentation.

# Disable spammy registrations
RewriteCond %{REQUEST_URI} “^/wp-login.php$” [NC]
RewriteCond %{QUERY_STRING} “action=register” [NC]
RewriteCond %{HTTP_REFERER} “!^http://([^.]+.)?domain.com/.*$”
RewriteRule (.*) “/wp-login.php?” [L,R]

What that means is: if a user doesn’t visit “/wp-login.php?action=register” through clicking on a link on “domain.com”, he will be redirected to “/wp-login.php”.

Update: And don’t forget to delete the spammy users form the database. Backup your data and run select, before you use the delete query. I executed this through phpMyAdmin:

DELETE u, um
— SELECT distinct u.*
FROM wp_users u
left join wp_usermeta um on um.user_id = u.id
WHERE u.id between X and Y
— and u.id not in (‘A’, ‘B’, ‘C’)

To get the numbers for X and Y, use Browse on ‘wp_users’ table to get the first and the last unwanted registration. If you find a legit user (A, B, C, etc.) in this range, exclude it with appropriate filter.

Choosing a CPU for WordPress server

Running a WordPress blog, with lots of plugins installed, requires a reasonably capable server. Running a custom theme and multiple plugins makes the response times skyrocket on an old processor like AMD Sempron 2600+. In my case, the time to generate a page, took from about 2 seconds. Looking at the performance monitor, I found that CPU is to blame. This can be mitigated my installing a cache plugin, but response to the visits, which create the cache files, are still slow.

So a new server, which is not already aged, must be bought. But which one to choose? Expensive server platform of cheaper desktop system? Intel or AMD? I was not looking for a high performance server for lots of simultaneous visitors. To process a few thousands visits per day it is only vital to process the PHP code for a single request as fast as possible. The 10 Mbit/s internet line, which I have, can never fully utilize a common hard drive or any other component.

For a server, certain hardware specifications must be met. That is hard drive redundancy (in my case RAID-1) and ECC memory for detecting/correcting memory faults. I rather be safe then sorry.

I decided to test different platforms by installing a backed-up blog on different computers I have access to – one installation was on the hosting server and others by installing a VirtualBox guest, running Ubuntu Server.

Here are the times (I made this calculations at the end of summer 2010), that it took generate the first page (monitored through Firebug):

Measured times Time to generate
AMD Sempron 2600+ 2200ms
AMD Athlon X2 64 4400+ 800ms
Intel Core2 Duo E8400 420ms
Tom’s Hardware 2009 DT CPU charts Lame, Price, Calc. times to gen.
Intel Core2 Duo E8400 163s
Intel Ci5 660 (3.33 GHz) 127s, 189€, 327ms
Intel Ci3 530 (2.93 GHz) 156s, 112€, 402ms
AMD Phenom II X6 1055T (2.8 ~ 3.3 GHz) 188s, 188€, 484ms
AMD Athlon II X2 250 (3 GHz) 206s, 70€, 531ms

Comparing the measured times of those three CPUs, I noticed the Core2 has much more cache available. So I measured the memory speed of Athlon X2:
L1 = 6688 MB/s, 64 kB
L2 = 3747 MB/s, 512 kB
RAM = 2607 MB/s, 2015 MB

This looks like a bad joke, comparing this to Intel’s Core2 Duo. So to stay on the safe side, I decided the CPU must have a lot of L3 cache. And the cache is a lot faster on the AMD Phenom II – measured on a friend’s computer:
L1 = 33000 MB/s
L2 = 10000 MB/s
L3 = 7000 MB/s
RAM = 4000 MB/s

Unfortunately, Intel i CPU doesn’t support ECC. And the Xeon was too pricey – as mentioned, at the end of summer 2010. And because of L3 cache and budget, Phenom II stays as the only choice. I have chosen a 6 core CPU, because of the web crawlers. But it seems that wasn’t necessary, because you can set the time between a “crawl” in robots.txt file. Looking a the statistics, using “atop”, a dual to quad core CPU would be enough. If I’d make a choice now, I would go for Intel Xeon E3 series – it’s relatively cheap, supports ECC and is probably significantly faster. This way you can enable more plugins. And how does the new Phenom II CPU perform? The page is generated in 370ms. Even better then I hoped it would.