Pesky spambots are enough to ruin anyones fun!

Hey we all know its a nightmare to get spammed by these incredibly annoying bots that patrol the internet which flood websites with uber amounts spam. Well, we have solutions for that. If you are working with Drupal then the likely choice is Mollom which is of course free for small sites and blogs, bonus!

But when you think of protecting your forms which come to mind: comments, registration, contact? Likely these do and they are certainly the focus for most bots since they are easily accessed and promoted around a site. But what about your login and lost password forms? You wouldn't believe me if I told you there are thousands of vulnerable sites online, the simple thing is that developers just don't think about this sort of thing until, well... it's too late.

It's like collecting $200 for every 404 called

Did you know that a 404 could cripple your website? We'll believe it or not misconfigured or ignored 404s could be killing your websites performance. Let's see how.

First things first, what do 404s look like in Drupal 7 out of the box? If you view the headers of a 404 page you will see the follow:

Cache-Control:no-cache, must-revalidate, post-check=0, pre-check=0

This header basically tells all caches onward not to cache the page. If this is the case then what you have is a potential hole for DDoS yourself. We can say this because not only does it bypass cache but a full Drupal bootstrap then depending then on what your 404 page is, you could have any number of blocks/panes/views loading all of which could be expensive to generate. If there were a flurry of 404 in quick succession then you might be in trouble. So it is really important to trace through your application for the case of a 404.

Subscribe to Front page feed
Design by Jon