One of the downsides of having an interactive website of any kind is dealing with spammers. Whether you have forums, blogs, wikis, or blog-hosting sites, you’ll run across spammers of one kind or another. In my blogging experience, I’ve run across two main types of spam.
Types of Comment / Trackback Spam
First there’s bot spam. This is done by impersonal programs which run around the web and post huge spam comments full of links to disgusting/spammy sites. They’ve been programmed ahead of time, but they’re really not after you. You just have the right keyword or something else that draws them to your page.
Fortunately, my spam blocker catches a lot of these. There are ways to deny these bots access to your site, but every one I’ve tried has thrown off at least one legitimate visitor or broken my site (Bad Behavior plugin). Since my filter works pretty well, I don’t worry about them.
But there’s a second, more insidious type of spam. It often disguises itself as real comments. This rather innocent comment was left on my site by someone calling himself “Tom.”
my biggest problem is forgetting as well. I am so busy during the day that it just happens to slip my mind later. It is frustrating and a little irresponsible, but I would like to make a system for remembering to pay my bills. Does anyone have any suggestions?
Nothing here to suggest he’s a spammer. But the site he included in the URL section was a commercial site that I didn’t approve of at all.
I had two options for dealing with this. I could simply remove the offending link and let the comment stay. It wasn’t doing any real harm, though I wouldn’t want my readers to put themselves to any trouble helping a spammer.
The problem with doing that is that my spam filter wouldn’t learn that Tom (and his IP address) are bad news. Akismet is supposed to learn who the spammers are. I’m not sure, but it may even use this data for more than just your site. But even if it didn’t, I knew that every comment of Tom’s would get through. So I marked it as spam.
Denying an IP Address Access
But I also decided that I wanted a solution so I didn’t have to wait for Akismet’s learning curve. Who knows how long that’ll take?
And live comment spammers are annoyingly persistent.
So I went to the Wordpress Codex and checked out their instructions for denying spammers access at all.
My comments section gave me Tom’s IP address. Let’s say it was 123.456.7.8. He’d commented several times from this same IP address.
I used the instructions for denying access and created this section in my .htaccess file.
order allow,deny
allow from all
deny from 123.456.7.8
In this case, the allow directive is evaluated first. It allows everyone, so the system moves on to evaluate the deny directive. Only one user, whose IP address matches the deny directive, will be denied. Since any requests who don’t match an allow or deny directive are denied by default, it was important that I included an “allow from all” section!!
One could also put in “deny from 123.45*” which would deny from any IP address beginning with those numbers. I just don’t want to limit it that much. We’ll see if Tom pops up again, if so I might put something like 123.456.7.* so that hopefully only he would still be blocked.
Creating a 403 Page
Next, I created a 403 error page and uploaded it to my server. Wikipedia describes this error as a signal which “indicates that the client was able to communicate with the server, but the server doesn’t let the user access what was requested.”
You run across these all the time, whenever you don’t have the permission to do something. They’re often not very fancy, but I put a couple minutes into mine. Specifically, I created a page with a link to my site (in case you end up there through random clicking but weren’t actually blocked) and a note to legitimate users to e-mail me if they’re having a problem being blocked.
To get the page to show every time someone hit a 403 error, I added this line to my .htaccess file.
ErrorDocument 403 /errors/403.html
So now, if Tom pops by my site again, he’ll run into a 403 page instead.
Adding more live spammers will be quite easy, I can just copy their IP addresses from the comments and paste them over into the .htaccess file.
Follow-up: “Tom” was apparently shocked that I didn’t appreciate him as a visitor and his comments. I’m not that desperate.
If you've found this article useful, why not get new posts in your RSS reader or in your e-mail? Your e-mail will only be used for new posts and you can unsubscribe at any time.
3 responses so far ↓
1 fathersez // Jul 27, 2008 at 11:24 am
Hi, Ms. C,
This is really great. Looks simple enough even for a tech bozo like me to understand.
I, too, have a Tom like character. I have been appealing to him to leave me alone, but it is clear that he is deaf and dumb.
So your advice is my next option. Let me try.
Thanks, Ma’am.
2 Ron@TheWisdomJournal // Aug 9, 2008 at 9:36 am
I have two files:
.htaccess and
.htaccess.HandlerBak
Which one should I use? And where in this line should I place the new text?
# Use PHP5 as default
AddHandler application/x-httpd-php5 .php
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
Thanks!!!
3 Ms. Crafty // Aug 10, 2008 at 10:02 pm
Hi Ron, sent you an e-mail about this too. First, I don’t have two .htaccess files, but I’d suggest trying to plain .htaccess file first.
If you want to be super-sure, find a friend and have them comment on your site. Then block their IP or even general IP (using the *) in the .htaccess file. If they can still get in and comment, add it to the other as well.
I put the code right after #END WordPress.
Leave a Comment