Using .htaccess to Block Comment Spam
When I checked my blog on Saturday I had a large amount of comment spam that had been caught by Akismet, larger than usual for my little place on the web. Browsing through it briefly, I quickly noticed a common thread, they were all from the same IP address. I have better things to do on a Saturday (and actually most days) than wade through a bunch of comment spam, so I quickly went and added another new line to my .htaccess file.
deny from 195.225.177.48
I then deleted all of the comment spam and went on my merry way not thinking much about it until I went a checked my error log here today.
[Sun Oct 14 13:40:17 2007] [error] [client 195.225.177.48] client denied by server configuration: /home/*****/public_html/blog/index.php [Sun Oct 14 13:40:17 2007] [error] [client 195.225.177.48] client denied by server configuration: /home/*****/public_html/blog/wp-comments-post.php [Sun Oct 14 12:55:59 2007] [error] [client 195.225.177.48] client denied by server configuration: /home/*****/public_html/blog/index.php [Sun Oct 14 12:55:59 2007] [error] [client 195.225.177.48] client denied by server configuration: /home/*****/public_html/blog/wp-comments-post.php [Sun Oct 14 12:45:11 2007] [error] [client 195.225.177.48] client denied by server configuration: /home/*****/public_html/services/order_form.php [Sun Oct 14 12:13:27 2007] [error] [client 195.225.177.48] client denied by server configuration: /home/*****/public_html/blog/index.php [Sun Oct 14 12:13:27 2007] [error] [client 195.225.177.48] client denied by server configuration: /home/*****/public_html/blog/wp-comments-post.php
It goes on and on actually. I had an average of 14 hits an hour from this IP address. Image how much comment spam I would have had if I had not blocked the IP address? Now I was also curious as to who might be so interested in spamming the daylights out of my blog. A quick IPWHOIS on DNSStuff.com. You can take a look at the IPWHOIS information yourself, but what I found most interesting is they have a complete IP address range 195.225.176.0 - 195.225.179.255. Now I only blocked a single IP address, and I hope that it is just one bad user on their network, but the minute I see another 195.225.*.* address in my comment spam the whole IP address range will be blocked using:
deny from 195.225
I sent an email to the email address on record for the host, but it is my experience that it will either never be read, simply ignored or will dissappear into :blackhole:.
Comments
Tercume
nice method, but i think there are more specific methods for stopping comment spam.
LGR
Certainly, this works in this case, there are many other ways to stop it. Because the spammer is from the same IP it was easy enough to block them. Ultimately I have had to block this IP address from accessing the server completely.
heiste
these bast...ds discovered my page as well. Its very tiresome to delete the spam (I have Akismet, so its only 1 click but still tiresome). I put the ip in my htaccess but the spam keeps coming. My htaccess goes like this order deny allow deny from 195.225.177.48 What is wrong with this? Please let us know what became of the e-mail you sent to the hoster
LGR
The line to deny from 195.225.177.48 should stop them from accessing your website. Make sure your .htaccess is in the root html folder of your website where you main index.php file is. You should start to see the requests logged in your error log when they try to connect. If you run your own server I recommend simply added the ip to the firewall and dropping the packets all together. As for the letter from the web host....nothing, nada, zero. I suspected I would not hear from them. Honestly it might actually be the web host doing the spamming!
LGR Webmaster Blog - Trackback Spam on the Rise
[...] server resources. A quick look in my logs showed that the spam was not coming from the same IP so banning the IP or IP range would be pretty much [...]
metal asma tavan
nice article..Because the spammer is from the same IP it was easy enough to block them. Ultimately I have had to block this IP address from accessing the server completely.