The MU forums have moved to WordPress.org

spam hell - tried .htaccess block (25 posts)

  1. djsteve
    Member
    Posted 15 years ago #

    I am getting massive comment spam the past 24 hours from IP: 81.95.146.227, I've noticed this same person is hitting my regular wordpress blogs too, so I tried to do an htaccess block on his IP to keep him from accessing the site, but maybe it is not set up properly?

    I modded the htaccess to look like this:
    ----------------------------------
    RewriteEngine On
    RewriteBase /

    # Rewrite http://www.domain.com to domain.com
    RewriteCond %{HTTP_HOST} ^www\.(.*)
    RewriteRule ^(.*) http://%1/$1 [R,L]

    #uploaded files
    RewriteRule ^(.*)?/?files/(.*) wp-content/blogs.php?file=$2 [L]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule . - [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-.*) $2 [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
    RewriteRule . index.php [L]

    order allow,deny
    deny from 81.95.146.227
    allow from all
    ----------------------

    Is this the wrong way?
    Any help would be appreciated!

  2. SteveAtty
    Member
    Posted 15 years ago #

    Have you enabled the overides in your apache config for the blog directory:

    AllowOverride Limit
  3. djsteve
    Member
    Posted 15 years ago #

    SteveAtty you are talking a bit over my head. I have a dedicated server, but this sounds like something I would have to write my host support about. Would this code go into .htaccess?

  4. SteveAtty
    Member
    Posted 15 years ago #

    The AllowOveride goes into the server configuration file and it controls what overides the user is able to use in the .htaccess file.

    If Limit is not specified in the configuration directive for the directory then you cannot limit it.

    If you have no access to the main apache server configuration file then you will need to talk to your host provider.

  5. drmike
    Member
    Posted 15 years ago #

    We're talking about this guy on wp.com as well.

  6. Gadgetizer
    Member
    Posted 15 years ago #

    If the spam comments are for t e e n p 0 r n (don't want the SEs picling up on the phrase here) I'm getting hit hard as well on my regular blogs. I even use wp on a couple non-blogs as a cms and have comment forms & trackbacks disabled and am still getting the notifications.

    167 comments on one of these sites in a couple hours. I banned the IP plus deleted the comment forms and wp-trackback.php

    I know it's not a very elegant option, deleting or renaming files, but some of these spammers are so persistent sometimes there's no other way.

    Paul

  7. drmike
    Member
    Posted 15 years ago #

    I've been meaning to start dumping all of the ip address that hit me into a single table so I can keep track of who's getting hit. Some may have noted the spam count on my front page. That's as far as I've gotten on the coding.

  8. lunabyte
    Member
    Posted 15 years ago #

    I <3 APF. :D

    Mmmmm mmmm b**ch!
    -- Dave Chappelle

  9. demonicume
    Member
    Posted 15 years ago #

    Doc/all, check this site out. it seems to be a site which collects and lists spam by IP. i found like 10 of my splogs on this list. i combined this with the Wordpress Ban WPMU Edition

    its got an odd visualization feature, too. i was devastated to find so many of my bloggers on this list. then when i went thru their archives, i saw it was true. they were all gmail registered users too. as per my norm, i'll use it for a week and get back to ya'll.

    be careful not to ban your proper users, though!

  10. drmike
    Member
    Posted 15 years ago #

    be careful not to ban your proper users, though

    That's why you can't use those lists. :)

  11. mcfarland
    Member
    Posted 15 years ago #

    demonicume: That's my list :) to defend the IP-banning practice a little, generally spam attacks come from <i>servers</i> rather than individuals. Since there's not much reason for a server to be accessing the blog (other than trackbacks, which are far too abused to leave enabled anymore) I figure the chance of banning someone legitimate is acceptably small. Banned IP's get presented with a form they can use to plead their case, but generally that gets spammed too.

  12. drmike
    Member
    Posted 15 years ago #

    Gotta admit that that's the one case I wouldn't mind seeing a captcha form on. They're already under assumption of being a spammer for a reason. They're already guilty IMO.

  13. djsteve
    Member
    Posted 15 years ago #

    I have disabled comments and pings on the posts associated with this constant spam. And yet even after disallowing comments and pings, and mass deleting all spam in the moderation que, I still get more comments being added to the moderation que with spam comments on the posts that I just selected to not have comments or trackbacks.. this is wierd. I guess I need to see if I am running a current MU.

  14. drmike
    Member
    Posted 15 years ago #

    Is this from that IP address or have you blocked it?

    Why not just see about firewalling the class c to say the heck with them?

  15. jshare
    Member
    Posted 15 years ago #

    djsteve, Gadgetizer: why aren't you guys using Spam Karma2? I use it together with Bad Behavior and since I turned them on months ago, my blog hasn't displayed a spam comment/trackback/pingback since.

    SK2 has caught thousands of spams which I can look at in case of false-positives but otherwise I let the plugin delete them automatically after 7 days.

    Bad Behavior makes SK2's life easier by blocking bots even earlier. They're not perfect, but right now my biggest problem are site scrapers which I've been banning via htaccess after their first pass even though I know there must be a plugin that can do better. I'm going to give WPMU-Ban a shot

  16. lunabyte
    Member
    Posted 15 years ago #

    Site scrapers suck.

  17. djsteve
    Member
    Posted 15 years ago #

    That for tips folks, I emaialed my server peeps and they said that the overides is turned on. Not sure if they just turned it on or if it had been, but the spam from that guy has stopped. Not sure if it is being blocked or if the spammer just put it on pause since there were a couple of other ips that were hitting that one blog hard, and those have stopped (or paused) for now.

    I really want to add the things that lunabyte is using and some of the other spam blockers mentioned here to make it less work. Luna can we make a step by step tutorial on your mods for the spam blocking? Any chance of seeing those options in the next Mu release?

    Dr mike is the htaccess method the way you are talking about firewalling?

    thanks again for the support folks I was freaking out!

  18. lunabyte
    Member
    Posted 15 years ago #

    Um, what exactly about my set-up are you referring to?

    Inside MU, I have spam protection layered. Some call it overkill, but I think it's fine.

    I have Bad Behavior as my first level of "protection", then I use a custom captcha combined with SK2.

    For sign-ups, BB is active, and my captcha, but since it's not a comment SK2 isn't activated.

    On the box level, I use Brute Force and APF.

    APF being a firewall, which I've had great success with, and Brute Force keeps tabs on incoming connections. In a nutshell, if a connection hits the box like that particular spammer was with you, then it feeds the ip into APF to set a block/ban.

  19. djsteve
    Member
    Posted 15 years ago #

    Where is this bad behavior thing? I check wpmudev and did not see it there.

    Luna thank you for posting your layers, more to consider! I was actually referring to the other things you added regarding the "no pinging" and such.

    I just got on one of my mu blogs with 1194 comments, and they appear to be from various ip addresses, so I guess the APF wouldn't have helped with that, but I may look into that anyhow.

    The comments were so many that it crashed the browser when I went into mass edit mode. Of course none of them are approved so the spammer is just pissing me off and not really getting anywhere with this.

    Is there a plugin that will allow for deleting ALL comments in the que without loading them into the browser first? Or a plugin that will go through all the Mu blogs and remove all comments that have a URL that we could put in?

  20. lunabyte
    Member
    Posted 15 years ago #

    Google Bad Behavior plugin, and you'll find it.

    My ping solutons and such are for outgoing, not incoming, to combat splogs.

    For incoming, BB cleans out a good chunk and then SK2 cleans up the left overs.

    The captcha on my comment forms is mainly just to assist in keeping comments from being posted directly.

    To be honest, I have more problems with aholes lifting and putting my feed on their damn google ad sites more than anything.

    Even with a copyright disclaimer at the top, that usually is enough to fill an excerpt, they still try. The funny ones though... are the idiots that forget to turn pings/trackbacks off, and so they basically rat themselves out.

    Granted, I probably spend 8 hours a month on the phone with other hosts getting these bastards shut down. :(

  21. drmike
    Member
    Posted 15 years ago #

    I'm thinking about that "delete the akismet queue site wide" as well. Simply because of the size of our database.

  22. lunabyte
    Member
    Posted 15 years ago #

    I think I might prefer to roll with Akismet, but to be honest I'm still too nervous about my key being shut off.

    For SK2, I have it purging every 6 hours, which it keeping it pretty light.

  23. drmike
    Member
    Posted 15 years ago #

    Could just go ahead and ask. Worse they will do is just say no.

  24. andrea_r
    Moderator
    Posted 15 years ago #

    We modded sk2 a bit and added some of our own backend bells n' whistles to kep it light.

  25. lunabyte
    Member
    Posted 15 years ago #

    Yeah, I know Doc. Fear of rejection I guess. lol

About this Topic

  • Started 15 years ago by djsteve
  • Latest reply from lunabyte