#who has access who doesnt
order allow,deny
deny from 58.78.6.60
deny from 80.234.5.164
deny from 80.234.5.225
deny from 80.234.10.70
deny from 87.118.112.50
deny from 88.200.147.73
deny from 89.149.241.229
deny from 89.149.227.193
deny from 89.207.216.212
deny from 91.76.104.227
deny from 91.77.254.201
deny from 92.113.91.196
deny from 193.46.236.152
deny from 195.3.146.12
deny from 195.3.146.13
deny from 203.162.2.134
deny from 203.162.2.136
deny from 208.110.81.154
deny from 218.26.219.186
deny from 219.148.206.37
allow from all
Following my previous experiments with htaccess, IP address blocking & SABRE, I’ve remade my list as seen above. Other sorts of spam are blocked using different plugins – usually they feed into Akismet.
Currently, the false user registrations are tending to come from these IP addresses above. The “supposed” mail domains being chosen, are listed in descending order of instances below:
komatoz.net (6)mail.ru (6)
yandex.ru (4)
atlaskit.com (1) mail.com (1) autocitychannel.com (1) bk.ru (1)
This isn’t many, I know, because of the various blocks I’ve in place. These have appeared because I purposely removed most IP address blocks as an experiment to see which were the current “bad boys”. I mentioned this in a post a few weeks back, so these are the results.
The domains with only ONE instance are all new to me, so it looks like the bad guys could be shifting their bases and string patterns to a new batch. I’ll come back to this in time, after things have developed a bit. However, for a fully updated WordPress installation, I recommend using the htaccess file as a first line of defence and then the supplied Akismet plugin in combination with SABRE, Login Lockdown, Simple Trackback Validation, WP-SpamFree. This combination has cut down the bad stuff to virtually zero. I’ve heard people mention the “Bad Behaviour” plugin because it does a lot of stuff at once and is supposed to be a one click does all affair, however, I can’t recommend it as my personal experience over several versions has been that it locks me out as well! This is not to say that I won’t try it again at some future date, but my current plugin mix works so as the phrase goes “if it ain’t broke, don’t fix it”.
Constant monitoring is the key to effective defences though, while at the same time striving to maintain an open blog that users can post or comment to without much trouble.