It seems this blog has become a very popular destination lately. Unfortunately not all the visitors have the best of intentions.
Staring on Tuesday December 7th this site has become the target of some very serious SPAM commenting campaigns. While the majority of this is hidden out of view from you the users, it has created more than a little work for myself and it is chewing up a significant amount of server resources and network bandwidth. Starting yesterday I’ve had to start blacklisting IP addresses(106 IP addresses to be precise) via the htaccess file in Apache. Now I’m all too familiar with SPAM, and I realize that blacklisting IP addresses is usually a very futile effort but I had to start somewhere.
I’m hoping that I can continue to allow people to post comments on my blog without requiring them to register an account and without having to answer some type of CAPTCHA, but I may need to re-evaluate my options if things continue to get worse.
Here’s my current blacklist with over 240 261 entries.
Cheers!
Updated Thursday December 16, 2010
I’ve replaced the previously included IP addresses with a link, the list is now up to 240 IP addresses. I’m currently looking to see if there is some way to automate the blacklisting of networks where multiple offenders have been detected.
Updated Friday December 17, 2010
Well the SPAM just keeps coming… I’m really amazed that these keep coming at the rate they are coming… the access_log on my Apache web server is now starting to fill up
# BEGIN top-spammers
Order allow,deny
allow from all
deny from 12.132.193.71
deny from 41.190.16.17
deny from 46.17.100.79
deny from 46.73.91.248
deny from 46.73.92.22
deny from 46.73.92.135
deny from 46.73.93.82
deny from 46.73.94.207
deny from 46.73.94.218
deny from 58.246.217.81
deny from 59.57.14.154
deny from 60.19.24.7
deny from 60.19.24.10
deny from 60.172.229.90
deny from 61.35.191.250
deny from 61.145.121.124
deny from 61.152.188.143
deny from 61.244.235.34
deny from 62.75.168.245
deny from 62.129.245.186
deny from 64.120.31.69
deny from 66.212.133.180
deny from 68.37.24.38
deny from 69.147.240.53
deny from 69.162.147.31
deny from 69.246.73.139
deny from 70.23.36.131
deny from 72.229.251.243
deny from 74.54.131.18
deny from 74.82.164.39
deny from 74.118.195.117
deny from 75.91.46.150
deny from 75.126.170.50
deny from 76.93.67.46
deny from 77.92.233.198
deny from 77.232.128.198
deny from 77.245.210.132
deny from 79.98.31.241
deny from 79.111.166.176
deny from 79.111.170.50
deny from 79.142.55.199
deny from 79.142.67.65
deny from 79.142.67.85
deny from 79.142.67.137
deny from 79.142.67.193
deny from 79.142.68.93
deny from 79.142.69.75
deny from 79.183.50.248
deny from 80.67.13.45
deny from 80.67.13.102
deny from 80.67.13.217
deny from 80.245.86.19
deny from 81.18.116.66
deny from 81.97.119.107
deny from 82.185.204.67
deny from 82.206.129.160
deny from 83.234.189.197
deny from 85.17.230.8
deny from 86.62.75.115
deny from 87.70.127.227
deny from 87.70.131.53
deny from 87.117.202.25
deny from 91.79.65.9
deny from 91.195.13.162
deny from 91.201.66.6
deny from 91.201.66.24
deny from 91.201.66.43
deny from 91.201.66.84
deny from 91.201.66.87
deny from 91.201.66.88
deny from 91.201.66.192
deny from 91.210.105.127
deny from 91.210.107.80
deny from 91.212.226.102
deny from 91.212.226.133
deny from 91.212.226.239
deny from 92.81.70.82
deny from 92.241.164.105
deny from 92.241.164.108
deny from 92.241.165.236
deny from 92.241.168.206
deny from 92.241.168.209
deny from 92.241.169.175
deny from 92.241.169.176
deny from 93.100.116.104
deny from 93.185.193.173
deny from 94.137.162.52
deny from 94.142.128.140
deny from 94.142.130.30
deny from 94.142.134.178
deny from 95.66.1.1
deny from 95.66.7.1
deny from 95.66.32.1
deny from 95.66.38.1
deny from 95.154.230.40
deny from 95.168.178.82
deny from 95.168.183.233
deny from 95.215.164.16
deny from 98.199.89.60
deny from 98.218.249.131
deny from 109.86.251.227
deny from 109.160.238.75
deny from 109.226.14.222
deny from 109.230.217.22
deny from 109.230.217.28
deny from 109.230.217.183
deny from 109.230.217.208
deny from 109.230.221.164
deny from 109.235.48.106
deny from 110.92.75.244
deny from 111.1.32.23
deny from 111.1.32.56
deny from 111.1.32.83
deny from 111.93.6.206
deny from 111.160.68.26
deny from 111.160.70.196
deny from 111.160.70.199
deny from 111.161.3.220
deny from 111.161.3.231
deny from 111.161.3.235
deny from 112.65.8.53
deny from 113.30.73.123
deny from 113.193.95.227
deny from 118.97.224.2
deny from 118.98.31.2
deny from 119.148.161.116
deny from 121.18.126.12
deny from 121.18.126.21
deny from 121.34.20.32
deny from 121.52.146.89
deny from 121.96.216.105
deny from 121.97.59.11
deny from 121.229.216.75
deny from 123.231.232.35
deny from 123.231.252.162
deny from 150.140.172.9
deny from 150.254.196.44
deny from 173.172.75.58
deny from 173.192.170.80
deny from 173.201.184.158
deny from 173.208.13.198
deny from 173.208.13.253
deny from 173.208.14.223
deny from 173.208.16.42
deny from 173.208.19.63
deny from 173.208.24.147
deny from 173.208.24.185
deny from 173.208.51.33
deny from 173.208.51.107
deny from 173.208.57.158
deny from 173.208.57.159
deny from 173.208.57.167
deny from 173.208.57.168
deny from 173.208.60.27
deny from 173.208.61.185
deny from 173.224.217.74
deny from 173.224.220.173
deny from 173.230.93.191
deny from 173.234.11.236
deny from 173.234.18.216
deny from 173.234.30.233
deny from 173.234.46.186
deny from 173.234.47.60
deny from 173.234.93.81
deny from 173.234.116.18
deny from 173.234.143.77
deny from 173.234.158.114
deny from 173.242.114.60
deny from 173.242.118.218
deny from 174.132.115.98
deny from 174.132.149.34
deny from 178.150.51.131
deny from 187.16.57.170
deny from 187.17.218.66
deny from 187.110.168.105
deny from 187.111.9.134
deny from 187.141.66.98
deny from 188.92.75.43
deny from 188.92.75.82
deny from 188.92.77.124
deny from 188.143.232.39
deny from 188.240.32.154
deny from 189.11.211.237
deny from 189.19.161.149
deny from 189.39.176.244
deny from 190.24.222.40
deny from 190.95.136.218
deny from 190.187.49.242
deny from 190.202.87.131
deny from 193.105.210.42
deny from 193.107.16.143
deny from 193.107.16.241
deny from 193.198.185.3
deny from 195.162.68.84
deny from 195.162.68.143
deny from 196.29.161.84
deny from 196.29.161.85
deny from 196.201.208.32
deny from 196.219.126.173
deny from 200.88.113.147
deny from 200.101.83.131
deny from 200.122.132.176
deny from 200.124.14.101
deny from 200.155.27.55
deny from 200.210.240.82
deny from 200.216.186.42
deny from 201.20.18.165
deny from 201.92.215.75
deny from 201.92.219.87
deny from 201.159.5.12
deny from 201.219.17.29
deny from 202.28.25.40
deny from 202.29.58.33
deny from 202.43.178.41
deny from 202.164.60.125
deny from 203.151.20.180
deny from 204.124.182.82
deny from 204.124.182.226
deny from 205.213.195.70
deny from 207.191.191.21
deny from 208.43.48.89
deny from 208.43.93.64
deny from 208.177.72.184
deny from 209.29.25.180
deny from 209.112.233.4
deny from 209.250.226.253
deny from 210.51.37.102
deny from 210.51.37.110
deny from 210.51.45.121
deny from 210.51.51.173
deny from 210.51.58.102
deny from 211.24.188.186
deny from 211.138.124.207
deny from 211.138.124.227
deny from 212.45.5.172
deny from 212.50.255.228
deny from 212.67.153.53
deny from 212.138.69.24
deny from 212.138.113.15
deny from 212.235.107.106
deny from 213.5.66.16
deny from 213.5.67.4
deny from 213.5.67.185
deny from 213.5.69.179
deny from 213.5.71.155
deny from 213.5.71.163
deny from 213.5.71.191
deny from 213.5.135.50
deny from 213.89.25.91
deny from 213.108.2.6
deny from 213.221.7.252
deny from 216.183.120.22
deny from 217.218.250.202
deny from 218.50.52.210
deny from 218.199.208.20
deny from 221.130.162.219
deny from 221.194.132.229
deny from 222.73.218.225
deny from 222.73.218.233
deny from 222.124.249.114
ErrorDocument 403 '<title>Access denied!</title><style><!-- p,address{margin-left:3em;} span{font-size:smaller;} --></style><h1>Access denied!</h1><p>Your IP address has been blacklisted because a larger number of spam comments originated from the same source.</p><p>Please refer to <a href=http://ten-fingers-and-a-brain.com/top-spammers.html>ten-fingers-and-a-brain.com/top-spammers.html</a> for a more detailed explanation.</p><h2>Error 403</h2><address><span>top-spammers/0.5</span></address>'
</Files>
# END top-spammers
no shame in adding a CAPTCHA plugin.
I added a CAPTCHA plugin on my blog. And even then, some suckas still get through. annoying as hell.
I just can’t stand filling in CAPTCHA fields as a commenter myself. You have to make the CAPTCHA so complicated that it’s pretty hard for us regular humans to decipher it. I found a neat plugin from Mike Jolley called spam-stopper which automatically generates the htaccess configuration. I just need to cut and paste those lines in the htaccess file so for now I’ll keep blacklisting IP addresses.
Thanks for the comment!
I use the Akismet plugin on my blog and it works. I never have any spam that gets through. Plus, you do not have any CAPTCHA to fill out.
Here are the stats on this plugin for my blog: 1,212 spams caught, 9 legitimate comments, and an overall accuracy rate of 99.672%
Hi Gabe,
I use Akismet as well and could never live without the service. Over the lifetime of this blog Akismet has blocked 16,614 spam comments with an overall accuracy rate of 99.743%.
However, recently I’ve started receiving around 1,600 SPAM comments a month ~ 50 a day. Now none of these SPAM comments are being published, they are all being captured by Akismet or awaiting moderation if they slip through Akismet. However, that’s a lot of server resources and network bandwidth to burn on SPAM. So much so that the amount of SPAM is actually slowing the site (I use the server to host both my blog and the discussion forums). Not to mention that I’m paying for the server and bandwidth out of my own pocket as a hobby of sorts so I’m not excited by the thought that SPAMMERs are burning my resources.
The blacklist is now up to 140 today.
Thanks for the comment!
A Cisco asa with botnet filter?
Thanks for the suggestion oeroe…
For better or worse I only “rent” a Virtual Private Server (VPS) from RIMU Hosting so I need to rely on iptables and htaccess to restrict the flow.
Thanks for the comment!
The blacklist is now up to 160 today and still growing…
Hey Michael: I am getting a ton of spam from some of those IP adresses too.
http://cl.ly/2J43212Z0u3Q3E152A2R
It’s really starting to annoy me when I get 11 of these a day with more and more piling in. They aren’t like the spam trying to advertise viagra and they put fake emails, meaningless messages, and nothing that would contribute to them whatsoever? I’m confused by it and wonder how to prevent them without diving into blocking IP addresses.
Sadly to hear this, but thanks for sharing tho. gl with this issue.
We’re up to 185 blacklisted IP addresses this morning…. how high can it go?
Hi Michael,
I received spams in the last 3 days and googled the IP addresses which brought me to your blog a few times, so I feel compelled to write. I am a newbie with my blog, and all of your techno jargon does not make a lot of sense, however, I do have AKISMET as well and it does seem to help. Thanks techies! I should follow all of your suggestions from now on.
Hi Joanie,
I’m amazed myself at how they just keep coming…
Thanks for taking the time to comment!
Cheers!
hey man,
I’m having the same problem.
started my blog a few weeks ago, and askimet already filtered like 50 spam messages over the last 4 weeks… sad
but question, i’m having this Askimet and also the realy easy captcha for the contact sheet, but is there any way to build this captcha option into the comment section of posts. I already tried some but they didn’t work…
ow one more thing. I had this Spammer creating an account on my blog, as a subrscriber…
very anoying but I found a Sollution to that problem.
try looking for the plugin “Register Plus”
it’s kinda free and adds functions to the register form, like having to fill in captcha, more info and having to click a link that comes with the mail.
just try it whenever you encounter that problem,
cheers,
Peter
Hi Peter,
If you choose you can download and install the WordPress reCAPTCHA plugin. Then just register for an API KEY at reCAPTCHA. Actually this might be a better plugin – http://wordpress.org/extend/plugins/recaptcha-form for use with your comments.
The easy way to get around SPAM bots registering is to require email verification. I require reCAPTCHA in order to register on the forums and then email verification to activate the account. I’ve been using reCAPTCHA on the forums for the past 6 months with great success, it’s helped mitigate the SPAM problem by about 80% with the remaining 20% getting caught in the email verification process.
Good Luck!
Your site might be 2 secure now. I’m trying to register on the Forums and getting this message “The letters you typed don’t match the letters that were shown in the picture.” no CAPTCHA was ever shown?
Thanks for the heads up. I’ll check it later.
The issue should now be resolved, thanks again for the heads-up!