Platinax: For EntrepreneursPlatinax Business ForumPlatinax Business NewsPlatinax Business DirectoryBusiness Blog

How to deal with spam IPs

Link: How to deal with spam IPs

Filed under: Webmaster, Security by Brian Turner

The problem of automated comment spamming

One of the more serious concerns of the internet these days is spam.

And not email spam, either.

I’m talking about automated comment spamming of online forms.

Scripts exist that will crawl the internet, looking for online forms - which they then fill with a pre-determined set of data.

Often this will include links to other websites - commonly, adult, pharamaceuticals, and gambling websites.

This type of spam is an annoyance way beyond email spam.

The costs of automated comment spamming

Like email spam it is often untargeted and effectively useless, even for the purposes it’s set up for.

But unlike email spam, it’s you who directly pay for - after all, you don’t pay for the bandwidth on your emails, but you do have to pay for the bandwidth on your website.

And that’s before we even include the time required to clear it from your site.

Blog comment spam is one of the main forms of automated comment spam - blogs offer a dangerous combination of automated publishing, and on high PageRank pages, too.

So it’s natural that automated comment spam particularly targets blogs.

Many blogs find it impossible to cope with the spam, and simply close down.

Others put their trust in third-party censor software, that deletes such spam on site.

But even the second solution completely fails to address the fact that you continue to pay for the spam.

If you really want to stop it, you’ll have to identify which IPs are being used to target your site.

Blocking Proxy IPs

Most automated comment spam is done via Open Proxy IPs - servers attached to the internet that are open for anybody to use.

This helps hide the original user IP, and so prevents them being identified. It also makes them much harder to block.

To even begin to do this, you need to take note of the IPs being used to spam you. Most comment forms - especially on the most popular blog software types - will provide an IP address of the sender.

Once you’ve collected these and noted the worst offenders, you can begin to block them.

How to block spam IPs

When running on a Linux box, the main HTML folder of your website where you place your main index file, stores one of the most powerful and flexible files on the server.

Known as .htaccess, this file can be especially useful to rewrite URLs - but you can also use it to block IPs from accessing your website.

The command for doing so is extremely simple - just add the following code to .htaccess and upload it to the root HTML folder of your domain:

order allow,deny
deny from
deny from 81.177.14.
allow from all

Already I’ve included two sets of IPs to help illustrate how to use this.

The first line - deny from - tells the server to block access from the single IP

The following line - deny from 81.177.14. - tells the server to block access for all IP’s within the range of -

These are both real examples of real IP’s that are blocked from Platinax - but you should concentrate on compiling your own list.

The main reason being that automated comment spam doesn’t always use Open Proxies - sometimes normal ISP IP’s as used as well - and blocking access by these can block access to your domain for a large number of users.

However, by adding IPs and IP ranges to .htaccess that are plaguing your website with automated comment spam, you can start to address the problem so that you no longer have to pay for your own spam.

For more information and help on issues of blog comment spamming, check out the blog spam board at Security Watch.

Alterantively, feel free to ask for advice or information or help from the Platinax Business Forums.

Add to Bookmarks:


  • Related posts to: How to deal with spam IPs


    1. Very interested in this. We are having problems with spammers using the on line reservation enquiry forms we provide from the property pages of our holiday website. For example

      The fraud attempt works like this:
      A potential renter says that he will pay “up front” a substantially larger fee than that that required and sends what appears to be a perfectly good cheque drawn on an internationally known bank. In France (unlike most other countries) this cheque will be credited to his account and the credfit is available in his account to use. The fraudelent renter then asks the property owner to defray some of his expenses ( airline ticket perhaps) by paying for these on his behalf. This the property owner does from the funds that have been ” credited” to his account and sends the bogus renter the money. The potential renter then dissapears. The roperty owner then finds that the cheque he has originally received eventually bounces and the bank wants its money back.

      Our problem is how to prevent these reservation enquiries from getting through our servers as they look genuine. They prdominately come from Yahoo and hotmail email addresses. Reports to Yahoo are of course too late.

      Comment by Duncan Erskine — May 23, 2006 @ 7:56 am

    2. Spammers: Dealing With Interactivity Abuse

      Any website that offers some form of interactivity whereby user input can make its way to be published is a potential victim for spammers - people who want to promote a product or service, but without offering anything of value in return.
      Often, those …

      Trackback by Internet Marketing Fool — May 30, 2006 @ 9:33 pm

    3. […] Anyway, it was all coming from a single IP - - so I simply revisited a post I made previously on the Platinax Blog on How to Deal With Spam IPs. […]

      Pingback by Brian’s Business Blog » Ev1 servers scraping juggernaut — January 1, 2007 @ 5:11 pm

    Leave a comment