I’ve had quite a few search enquiries and hits for komatoz.net on my sites recently so there are obviously a lot of people suffering out there with spamming and registration problems that I’ve “currently” ;-) got under control. (We all know that this is a continuous battle against spammers as their approaches and techniques change though!).
This post is really a revisit and clarification of an earlier one here and shows some of the things I do to keep the spammy bastards at bay as there is no “one fix for everything” solution.
You could call them my Top Three!
Use of SABRE
What I’ve found, when using the excellent Sabre WordPress plugin, is that there are a heap of “usual suspects” that circle round and round a few IP addresses. Usually I’ll get supposedly real e-mail addresses from places like:
komatoz.net gawab.com yandex.ru mail.ru inbox.ru…and previously I had them locked out by name – but that doesn’t work as they’re spoofed.
Sabre is useful as it allows you to spot repeat hits from certain IP addresses after they’ve been blocked by the use of an .htaccess file.
Use of the .htaccess File
I’ve also made use of the .htaccess file in the website roots to block these names and a wodge of IP addresses. It’s become obvious that the differences between the SABRE logs of each website were due to differences between the .htaccess settings (I’d missed off a couple of IP’s between files) so now the blocked list is as follows:
#BEGIN_ADDS
Options -Indexesorder allow,deny
deny from 24.1.39.117
deny from 38.99.101.151
deny from 58.65.237.113
deny from 58.65.239.146
deny from 61.152.95.162
deny from 64.233.179.101
deny from 64.86.69.6
deny from 64.94.4.196deny from 66.235.180.189
deny from 72.249.100.188
deny from 75.126.3.177
deny from 78.110.160.130
deny from 85.225.117.179
deny from 87.118.112.50
deny from 88.255.69.10
deny from 89.149.227.193
deny from 89.149.241.229
deny from 89.207.216.211deny from 160.114.38.82
deny from 190.2.0.2
deny from 192.116.79.226deny from 195.2.114.31
deny from 195.2.114.32
deny from 195.245.119.76
deny from 195.225.178.15deny from 203.162.2.137
deny from 205.158.160.76
deny from 208.187.80.135deny from 210.14.128.112
deny from 210.14.128.172
deny from 210.22.158.132
deny from 212.175.13.169deny from 216.240.152.9
deny from 217.20.115.118
deny from 218.61.16.8allow from all
#END_ADDS
This has been applied to all my sites so there should be some consistency between the residual IP addresses getting past the file.
If you don’t know how to do this, ask me or look it up on the net like I did. I’ve also left some links at the bottom. If you are using WordPress, they advise you to set one up to manage the permalink structure. All you need to do is open .htaccess and paste the list after the WordPress additions. The # hash is a line comment (remming it out).
The .htaccess file is an immensely powerful tool. It’s a huge Apache thing. What I’m doing above is to block the need for an “index” file which stops unwanted folder trawling if a folder doesn’t have an index file; and then I block any enquiries from the list of IP addresses. This is empirically derived so if you know people with Russian email addresses you’ll have to modify the list, which is set up for my blockings only!
The Apache server always does three swipes through the file hence the specific terms:
order allow,denyFirst it allows all sites and second it denies any IP’s on the list. The third sweep does nothing in this file.
The use of .htaccess in this way takes the load away from WordPress so that it never even gets to do any filtering!
I also use .htaccess to allow only pictures (say) into an images folder and block active script files explicitly. So it’s a file type filter as well… As I said, it’s very powerful.
Make sure that you block write access to the file afterwards! Same goes for your robots.txt file and various folders….
Use of Akismet
As well as this lot, I also use Akismet, which most folk use anyway as it’s part of the default WordPress install. Anything that consistely gets through can be added to the .htaccess file along with the odd spurious SABRE detections.
I do a few more things as well, mostly for normal comments and trackbacks, but in truth, the three-pronged approach I’ve detailed here traps most bad guys.
I started all this when I was hacked (or more correctly cracked – I hate the way the usage has been hi-jacked on this..) by some Turkish activists. I learnt the hard way! :-( See my earlier post here.
.htaccess usage links
Hope this helps someone! Let me know if it has.