To put this in perspective, the spam amount for August 2013 before this started was 6,073 that month

I just got an email from 1and1, my long-time webhost for the past 7 years. They had turned off my website completely (redirecting it to localhost; 127.0.0.1) because of massive hits on this website’s add-comment.php page, on the order of 60-70 thousand hits per day. WordPress doesn’t show me that many hits per day of course, so this has to be some sort of automated bot script that is just hitting that page in particular and bypassing the parts of the webpage that record legitimate visits (by either a real human or a crawler).

1and1 was not screwing around, I’ve been warned personally by their security team that if this happens again, they’ll kill my account if I don’t update to a private server (instead of the $4/month shared server I’ve been using since 2007). It’s still the best deal I can find on a quick look around the internet, because it includes a free domain as part of that too (a $10-15 a year value as well). These days if you buy an account on 1and1 the best deal you’ll get after their introductory offers is $6 a month.

So, I guess I’ll try to figure out what the heck is going on and leave comments off until then. I wasn’t getting too many legit ones anyway (.002% or so) but some people have actually had a useful comment for me that ended up working out mutually for both of us. Someone wanted the pictures I had taken in New Glarus for a cookbook, for example! That was nice. So I’ll try to fix this. But I don’t want to lose my website either, and I’m not a website tech by trade, so I’ll make tradeoffs where I have to.

Edit March 25, 2014: Comments back up. After some hopefully-successful security changes. I’ve emailed 1and1 to beg them not to disable my account if they see resource usage skyrocketing again; I hope they will just let me know instead of disabling my site entirely.