Paul Slinger

Anyway, I edit the codes for my blog quite alot so I have quite alot of flexibility with the ways to block spammers.

From I see, blocking the last or last 2 octets do not help as the IPs are really very random. That’s why I gave up IP blocking and switched to keyword/domain/sub-domain banning instead. It’s not completely foolproof but at least I can see that the spammer has got sick of my site and reduced on the spams. *Hopefully the spammer’s interest in my site does not revive again*

As much as I wanted to get rid of spammers, I do not wish to create issues for genuine visitors who want to put their their comments.

It looks like you’d be able to do some wildcard blocking on your site. Have you tried blocking using the asterisk on the last octet or two octets?

Like you might use 182.25.33.* to block all 255 addresses in that range. If you go back another octet, 182.25.*.* You are throwing a wider net, but that spammer at least won’t be able to get through.

I used to do that on Pocket PC Addict using an automatic script and there were so many spammers being blocked, I’d occasionally get messages from legitimate users that they’d be blocked.

So I’d start with the last octet and move up as needed.

Initially, I implemented IP blocking. However, it proved to be ineffective. The spammer managed to get away with several blog comments within a short time frame but different IPs. I think I have more than 20 different IPs associated with the spammer to date.

Now, I have implemented comment screening by blacklisting some common words associated with spams and also common spam links. I keep adding to the blacklist whenever the spams come back. So far, this solution has managed to reduce spams, although not eliminate completely. The spammers just know how to work-around it.

I have considered implementing user registration or disabling HTML, but these features would make posting less fun.

1. If you don’t want to force people to register to leave comments (and I don’t do that either), you can make comments less attractive places for spam. Consider eliminating HTML tag support, or eliminating external hypertext links. Or consider limiting external links to ONE per comment.

2. Don’t have these options? Does your blog software have an anti-spam filter or plugin? My CMS has a bayesian filter module for comments. Its dumb at first, but gets very smart over time at automatically blocking posts with spammy words. It even emails me when it blocks spam comments.

3. By vigilant with your DENY HOSTS lines in .htaccess file. You can block specific IP addresses from viewing your site. Does adding individual IP addresses sound like a thankless job? Well, it isn’t bad when you just add a few addresses a week. Over time, you’ll find yourself blocking hundreds of IP addresses. That’s the costs of login-less comments.

Over time, the spamming bot owners realize that your site is not an attractive place to do this, because you remove it and fight it. Then they tend to move on to sites where the owners aren’t do anything.

Of course, by posting my URL, I’m sure I’ll be getting more this week…

Good luck.