John Handelaar wrote: > Martin Burns wrote: >> Have been getting this a few times lately: >> Warning: mysql_connect(): Too many connections in /store/host/ >> www.evolt.org/includes/database.mysql.inc on line 31 >> Too many connections >> >> Now I know we're getting hit by spammers like you wouldn't believe >> (120 pages of log just for spammish accesses in the last 8 hrs...), >> but this isn't good, particularly as we're supposedly caching. >> >> Time to break out the Throttle module? > > This may not go down as a popular suggestion, > but... perhaps it's time to break out iptables > and blackhole the country they're coming from. I would vote against it unless all other avenues have been investigated. In general, I'm against blanket blocking whether it be dropping e-mail for the lists from non-subscribers to hits against the Web site. I would prefer to programmatically block people or to handle the situation. What does "spammish accesses" look like from the server perspective? Is there something that characterizes such access? For instance, are the bots sending POSTs before doing GETs? Can we block that instead? For example, awhile ago spammers were trying to post trackbacks but we have them disabled. Any access to the trackback URL should be blocked from ever hitting Drupal and the database.