One of the other things most people don’t know about me is that I have a minor obsession with plagues. Stemming from my background in European history, I’ve had a morbid fascination with both the epidemiological and societal aspects of pandemic agents for quite some time. As a result, I read a lot of weird books like “In the Wake of the Plague” (so-so), “The Great Influenza” (excellent, if a little melodramatic at times), “The Coming Plague” (a friend of mine’s Dad is included for his discovery of Toxic Shock syndrome), and yes, a couple of plague oriented blogs (conveniently grouped under the “plaguefeeds” tag).
If you’ve studied the subject, pandemics are typically triggered by a change of some sort that makes an existing virus or bacterium more communicable, more lethal, or both. This is the fear that many have with respect to the Avian Flu; the influenza virus that causes it, H5N1, has elevated mortality rates but fortunately for us has yet to be able to infect human hosts as easily as some of its influenza cousins. If H5N1 is able to swap some of the sugars that coat the virus with those from human infecting flu strains, it’s possible – even likely – that we’d be facing an outbreak, a pandemic.
What’s becoming apparent to me, through a variety of channels, is that we appear to be poised for a similarly debilitating and difficult to combat outbreak of spam.
As you’re all far too aware, we at RedMonk have struggled with absurd volumes of spam over the past year, and the frequency and severity of attacks is only increasing. What was once merely a nuisance is becoming a legitimate threat to our business. On at least a half dozen occasions, the spam attacks have been sufficiently high volume to paralyze Apache. To put that in context, we run on a box that under normal circumstances would be hosting hundreds, perhaps thousands, of sites. And yet spammers are able to bring our few properties to a grinding halt because their attempts to spam us become, effectively, distributed denial of service attacks.
It would be one thing if we were an isolated case, but we’re clearly not. David’s site, hosted by Cape.com, had its commenting facility knocked offline by persistent high volume spam attacks. And Alex’s web presence, meanwhile, has been bouncing up and down under similar assaults. His load is so obscene that even removing or renaming the file in question doesn’t remedy the situation: the attackers continue requesting the missing file at such high volumes that Apache cannot help but buckle under the load.
I’ve got virtually no experience with networking at the ISP and/or backbone level, so I couldn’t begin to comment on what the potential solutions for this problem are. But I do believe that the loads are growing aggressive enough that it’s just a matter of time until it’s an ISP level problem. There’s only so much you can ask Akismet, Bad Behavior, et al to do, after all.