« Stort tack till Datakultur!
Det känns som om det lyckades »

Nu blockar jag de värsta spammarna i min .htaccess-fil

Publicerat 2008-05-05

21 kommentarer

Arkiverat under:

Spam

Nyckelord





Spara eller dela:

Wordpress är underbart och transparens också. Dessutom ska det vara enkelt för användare att lämna kommentarer på bloggen. Men när Akismet idag har fått blockera 2000 trackback-spam och kommenterasspam så börjar det bli dags att göra något definitivt åt problemet. Det börjar helt enkelt märkas även bandbreddsmässigt att alla dessa spammare härjar på bloggen.

Det bär mig emot att blocka IP-adresser i .htaccess-filen, men nu är det gjort. Så här ser de första raderna ut i min .htaccess:

order allow,deny
#tillagda 2008-05-05
deny from 4.229.162.175
deny from 12.172.207.3
deny from 24.0.72.173
deny from 24.18.65.173
deny from 24.118.188.179
deny from 64.185.237.134
deny from 64.202.161.130
deny from 65.184.244.68
deny from 66.90.104.89
deny from 66.197.241.54
deny from 67.9.98.18
deny from 68.213.149.231
deny from 69.29.237.180
deny from 69.50.210.69
deny from 70.105.237.107
deny from 70.111.179.211
deny from 70.154.87.223
deny from 71.145.134.5
deny from 74.208.16.79
deny from 75.138.46.20
deny from 75.146.75.29
deny from 75.170.4.91
deny from 76.1.186.169
deny from 77.69.206.41
deny from 77.98.195.96
deny from 78.29.65.90
deny from 79.112.121.168
deny from 78.129.195.105
deny from 78.129.208.60
deny from 78.176.126.121
deny from 80.56.222.115
deny from 80.95.24.35
deny from 80.174.11.74
deny from 80.171.155.159
deny from 82.158.147.79
deny from 82.231.194.180
deny from 83.7.6.176
deny from 83.27.26.170
deny from 83.21.37.171
deny from 83.29.2.204
deny from 83.29.252.44
deny from 83.59.115.162
deny from 84.133.112.78
deny from 85.99.3.62
deny from 85.103.42.27
deny from 85.107.110.15
deny from 85.243.255.119
deny from 86.32.50.73
deny from 87.194.98.179
deny from 88.9.185.149
deny from 88.0.179.80
deny from 88.156.96.17
deny from 88.208.99.1
deny from 88.225.228.108
deny from 88.240.146.90
deny from 88.247.176.234
deny from 88.254.19.96
deny from 89.20.147.221
deny from 89.190.244.241
deny from 89.229.28.133
deny from 90.56.89.54
deny from 90.129.71.45
deny from 91.84.248.29
deny from 91.186.11.213
deny from 91.196.171.18
deny from 91.7.200.159
deny from 91.199.111.53
deny from 92.9.247.123
deny from 122.161.57.199
deny from 148.233.159.58
deny from 189.24.60.73
deny from 190.34.164.18
deny from 190.144.0.222
deny from 190.152.17.166
deny from 193.51.141.122
deny from 193.230.230.101
deny from 194.242.44.29
deny from 195.116.19.165
deny from 200.82.206.73
deny from 200.185.229.230
deny from 201.3.91.13
deny from 201.16.250.132
deny from 201.41.183.84
deny from 201.216.210.190
deny from 203.158.221.227
deny from 207.44.147.170
deny from 208.53.147.118
deny from 209.160.32.30
deny from 212.43.12.1
deny from 213.37.189.16
deny from 213.98.68.184
deny from 217.126.94.244
deny from 217.255.180.123
deny from 222.124.212.196
#tillagda 2008-05-06
deny from 72.232.177.42
deny from 190.42.165.119
deny from 67.9.98.18
deny from 190.142.67.109
deny from 193.248.50.71
deny from 74.53.27.82
deny from 81.161.198.12
deny from 79.117.138.152
deny from 82.76.136.52
deny from 193.248.50.28
deny from 88.248.90.113
deny from 85.105.180.40
deny from 62.217.213.177
deny from 217.126.76.99
deny from 74.164.222.151
deny from 83.142.220.130
deny from 88.247.203.194
deny from 87.79.99.244
deny from 217.128.160.129
deny from 84.108.18.196
deny from 78.59.113.140
deny from 80.243.160.18
deny from 69.149.169.106
deny from 81.214.73.171
deny from 99.153.193.78
deny from 122.163.2.141
deny from 117.192.224.145
deny from 83.28.124.241
deny from 79.185.225.64
deny from 195.74.50.129
deny from 88.246.162.136
deny from 122.161.153.229
deny from 78.177.38.104
deny from 220.255.7.232
deny from 125.212.127.66
deny from 90.25.48.186
deny from 85.97.39.131
deny from 87.48.131.98
deny from 80.35.198.6
deny from 81.213.144.225
deny from 82.127.57.34
deny from 77.108.116.202
deny from 218.111.156.178
deny from 212.234.69.142
deny from 85.91.82.38
deny from 80.34.63.197
deny from 89.218.232.164
deny from 201.50.162.61
deny from 88.245.184.211
deny from 194.176.105.45
deny from 88.243.56.201
deny from 90.129.75.161
deny from 212.122.214.3
deny from 85.91.81.188
deny from 89.52.170.234
deny from 217.127.10.68
deny from 82.41.236.122
deny from 62.101.175.138
deny from 212.15.95.70
deny from 193.220.86.130
deny from 89.149.241.111
deny from 88.27.148.62
deny from 213.156.114.62
deny from 80.64.81.96
deny from 75.55.117.232
deny from 62.117.66.77
deny from 87.246.34.74
deny from 217.167.11.81
deny from 193.153.237.96
deny from 80.59.127.202
deny from 125.60.243.89
deny from 61.84.109.1
deny from 213.22.242.155
deny from 88.84.200.1
deny from 88.235.88.47
deny from 78.163.107.206
deny from 85.105.68.119
deny from 212.120.185.151
deny from 77.194.55.195
deny from 92.81.107.148
deny from 122.168.64.166
deny from 77.69.189.199
deny from 87.110.160.102
deny from 92.39.64.7
deny from 85.207.45.151
deny from 222.127.182.122
deny from 193.188.105.230
deny from 218.186.11.2
deny from 62.109.169.77
deny from 83.61.214.252
deny from 217.91.108.78
deny from 88.7.45.74
deny from 78.49.141.187
deny from 77.254.4.96
deny from 212.26.245.135
deny from 83.33.69.67
deny from 71.142.220.219
deny from 77.234.29.229
deny from 80.64.81.96
deny from 190.18.234.85
deny from 201.10.101.52
deny from 59.95.26.207
deny from 89.20.100.28
deny from 87.189.201.24
deny from 81.214.226.111
deny from 201.15.66.21
deny from 195.229.236.245
deny from 62.10.65.212
deny from 212.76.37.156
deny from 219.93.175.67
deny from 67.184.51.141
deny from 85.192.141.185
deny from 212.170.228.109
deny from 124.217.230.104
deny from 85.14.46.231
deny from 83.27.49.47
deny from 68.153.118.44
deny from 80.30.164.61
deny from 200.93.173.213
deny from 79.126.18.196
deny from 189.70.116.40
deny from 64.202.165.201
deny from 77.121.245.187
deny from 85.178.49.222
deny from 80.171.97.6
deny from 83.237.28.23
deny from 217.77.53.10
deny from 84.0.5.122
deny from 78.189.28.176
deny from 41.222.115.22
deny from 83.40.171.103
deny from 32.60.107.66
deny from 61.133.87.226
deny from 87.225.33.107
deny from 74.208.16.53
deny from 81.214.65.55
deny from 195.22.140.72
deny from 208.53.130.221
deny from 80.86.125.132
deny from 88.23.113.86
deny from 72.249.11.157
deny from 71.250.35.81
deny from 201.51.243.109
deny from 194.187.204.47
deny from 91.19.210.120
deny from 84.164.83.203
deny from 85.249.76.70
deny from 88.242.38.73
deny from 193.59.35.86
deny from 81.252.243.133
deny from 121.101.135.2
deny from 77.45.206.213
deny from 92.227.188.191
deny from 201.250.253.185
deny from 213.178.104.110
deny from 83.9.182.195
deny from 83.28.20.196
deny from 77.89.124.50
deny from 172.207.224.210
# IP-nummer blockade 2009-05-07
deny from 85.105.13.22
deny from 88.75.86.6
deny from 85.137.82.30
deny from 83.206.191.201
deny from 213.44.214.220
deny from 203.84.181.238
deny from 88.231.185.65
deny from 196.209.251.3
deny from 196.30.245.149
deny from 79.186.151.109
deny from 59.96.158.121
deny from 213.158.196.82
deny from 78.157.175.43
deny from 61.8.129.180
deny from 78.175.223.9
deny from 92.80.23.68
deny from 190.42.132.198
deny from 89.79.76.85
deny from 195.161.7.104
deny from 118.169.168.185
deny from 121.1.53.6
deny from 90.43.175.239
deny from 121.247.17.200
deny from 87.78.202.5
deny from 82.131.171.180
deny from 122.53.197.8
deny from 208.107.34.237
deny from 74.234.108.84
deny from 201.229.243.162
deny from 62.66.165.6
deny from 74.213.192.130
deny from 190.42.54.225
deny from 72.161.10.141
deny from 71.34.203.109
deny from 60.50.249.88
deny from 201.50.190.232
deny from 202.173.188.146
deny from 90.151.41.75
deny from 190.30.132.248
deny from 172.129.159.81
deny from 74.192.38.25
deny from 201.46.113.13
deny from 90.43.143.151
deny from 217.27.157.155
deny from 201.255.172.147
deny from 201.254.85.100
deny from 210.79.177.196
deny from 80.129.238.58
deny from 81.213.158.89
deny from 216.227.123.95
deny from 92.80.111.130
deny from 70.174.113.51
deny from 69.104.3.208
deny from 83.29.224.245
deny from 83.30.171.135
deny from 207.35.67.130
deny from 200.94.1.63
deny from 91.80.153.76
deny from 85.136.38.3
deny from 190.66.153.175
deny from 80.71.144.153
deny from 84.132.84.215
deny from 12.165.166.154
deny from 59.182.31.17
deny from 83.7.49.99
deny from 136.160.142.234
deny from 89.130.99.48
deny from 83.237.29.151
deny from 189.72.203.233
deny from 77.199.174.48
deny from 66.84.110.5
deny from 75.3.117.105
deny from 190.67.47.34
deny from 216.6.1.3
deny from 83.16.245.44
deny from 77.79.138.198
deny from 88.241.155.191
deny from 189.40.128.3
deny from 75.219.15.51
deny from 168.243.245.164
deny from 212.55.116.161
deny from 60.50.252.237
deny from 217.136.47.148
deny from 189.28.162.75
deny from 67.52.198.130
deny from 84.252.58.62
deny from 201.35.44.44
deny from 91.139.36.250
deny from 189.72.122.155
deny from 189.140.230.222
deny from 90.12.249.34
deny from 194.118.43.1
deny from 24.172.58.46
deny from 78.162.51.125
deny from 85.102.205.114
deny from 84.133.98.80
deny from 83.12.136.162
deny from 60.50.98.193
deny from 200.55.214.114
deny from 89.40.118.227
deny from 83.28.182.158
deny from 83.21.177.170
deny from 71.127.113.166
deny from 190.37.72.169
deny from 83.14.49.19
deny from 78.102.77.2
deny from 200.117.196.216
deny from 201.252.144.146
deny from 200.45.95.210
deny from 201.252.132.150
deny from 213.130.28.118
deny from 200.82.121.23
deny from 66.152.137.17
deny from 87.205.247.109
deny from 201.252.151.61
deny from 78.92.213.178
deny from 84.92.179.179
deny from 83.10.10.191
deny from 78.165.179.115
deny from 122.161.16.173
deny from 64.130.72.6
deny from 84.153.219.160
deny from 117.47.110.160
deny from 84.120.109.96
deny from 212.48.166.23
deny from 201.14.162.46
deny from 85.108.102.26
deny from 85.219.221.51
deny from 82.151.96.163
deny from 67.86.28.244
deny from 79.112.121.124
deny from 217.117.80.2
deny from 91.189.243.147
deny from 88.244.165.73
deny from 84.140.108.110
deny from 71.111.214.99
deny from 71.239.143.100
deny from 69.251.152.192
deny from 83.25.0.112
deny from 122.164.37.84
deny from 67.175.239.125
deny from 123.193.207.122
deny from 77.100.73.81
deny from 66.197.151.229
deny from 77.232.72.45
deny from 122.168.51.182
deny from 208.53.170.217
deny from 198.145.182.32
deny from 85.120.255.22
deny from 81.110.82.81
deny from 121.97.214.74
deny from 199.231.147.97
deny from 212.219.118.20
deny from 85.103.29.58
deny from 74.208.16.179
deny from 66.197.152.245
deny from 69.9.38.210
deny from 69.80.224.68
deny from 213.251.189.203
deny from 74.54.131.114
deny from 206.221.184.108
deny from 74.208.16.159
deny from 66.152.166.31
deny from 212.27.63.204
deny from 69.94.13.11
deny from 64.141.108.29
deny from 64.22.69.26
deny from 74.208.14.215
deny from 193.86.238.12
deny from 72.46.130.23
deny from 85.17.237.211
deny from 76.163.252.88
deny from 207.210.213.247
deny from 208.113.155.28
deny from 67.159.44.159
deny from 209.67.210.206
deny from 81.17.248.55
deny from 91.186.21.78
deny from 203.22.204.43
deny from 67.212.168.50
deny from 74.208.16.77
deny from 64.185.237.50
deny from 74.52.166.162
deny from 216.193.201.201
deny from 64.34.161.151
deny from 64.40.144.156
deny from 209.200.17.183
deny from 64.22.87.210
deny from 69.59.22.27
deny from 209.11.242.250
deny from 64.18.158.194
deny from 64.202.165.133
deny from 74.208.16.108
deny from 219.132.138.231
deny from 209.17.190.78
deny from 82.165.183.169
deny from 205.234.236.13
deny from 65.254.224.34
deny from 213.171.218.172
deny from 88.198.47.45
deny from 208.100.51.43
deny from 72.55.156.219
deny from 202.181.235.187
deny from 91.121.88.147
deny from 64.191.93.101
deny from 64.202.165.131
deny from 206.221.184.156
deny from 72.55.165.26
deny from 208.53.137.178
deny from 72.233.78.5
deny from 206.212.242.242
deny from 208.97.175.16
deny from 72.9.156.132
deny from 72.232.250.50
deny from 91.186.26.241
deny from 80.58.205.47
deny from 145.236.113.98
deny from 202.69.99.180
deny from 89.122.166.11
deny from 69.40.115.176
deny from 195.62.15.134
deny from 91.144.165.166
deny from 86.122.59.181
deny from 85.255.120.219
deny from 86.34.137.186
deny from 83.26.71.78
deny from 82.235.245.83
deny from 194.108.126.35
deny from 208.17.80.5
deny from 72.232.0.58
deny from 83.182.153.83
deny from 78.179.10.230
deny from 193.19.165.34
deny from 58.166.221.140
deny from 82.153.174.255
deny from 203.162.2.135
deny from 79.189.226.211
deny from 221.1.218.206
deny from 83.170.102.67
deny from 200.37.124.80
deny from 63.226.162.114
deny from 213.251.161.107
deny from 125.163.244.35
deny from 80.51.120.2
deny from 98.193.68.110
deny from 62.213.71.122
deny from 92.48.99.12
deny from 66.135.40.107
deny from 24.34.205.86
deny from 216.138.162.82
deny from 217.218.36.7
deny from 211.138.9.114
deny from 61.128.162.208
deny from 221.174.22.7
deny from 210.248.248.83
deny from 222.171.28.243
deny from 203.162.2.136
deny from 218.57.11.112
deny from 59.151.53.82
deny from 60.10.134.103
deny from 82.139.92.228
deny from 190.128.44.9
deny from 24.45.216.216
deny from 68.55.9.71
deny from 75.131.70.72
deny from 91.76.70.239
deny from 65.78.189.98
deny from 71.163.174.140
deny from 212.187.253.118
deny from 201.48.1.72
deny from 69.46.23.155
deny from 83.21.81.127
deny from 24.218.22.148
deny from 124.217.219.189
deny from 219.240.36.173
deny from 218.213.228.158
deny from 67.87.94.150
deny from 82.245.157.160
deny from 221.1.217.91
deny from 202.88.82.10
deny from 75.32.104.181
deny from 67.58.166.167
deny from 124.146.168.42
deny from 12.198.212.35
deny from 78.133.71.78
deny from 66.36.229.186
deny from 74.54.128.34
deny from 80.154.42.74
deny from 207.10.234.91
deny from 66.232.107.104
deny from 89.169.32.108
deny from 66.232.107.104
deny from 80.51.120.2
deny from 98.193.68.110
deny from 200.51.41.29
deny from 221.206.79.25
deny from 66.45.237.219
deny from 72.25.1.138
deny from 147.175.160.157
deny from 66.79.191.186
deny from 67.159.30.95
deny from 64.136.59.162
deny from 201.18.158.91
deny from 89.141.71.247
deny from 83.5.109.254
deny from 209.85.102.28
deny from 207.150.180.75
deny from 66.79.166.27
deny from 122.164.35.219
deny from 84.14.42.110
deny from 74.208.14.63
deny from 74.54.176.210
deny from 69.93.189.106
deny from 66.212.28.34
deny from 71.136.41.1
deny from 195.248.226.9
deny from 72.232.222.218
# bara ett par till…
deny from 69.253.216.130
deny from 218.232.94.123
# IP-nummer blockade 2008-05-08
deny from 205.234.98.22
deny from 64.191.91.101
deny from 74.208.16.164
deny from 124.38.187.118
deny from 69.93.220.170
deny from 213.251.189.201
deny from 193.164.132.194
deny from 69.117.103.206
deny from 208.53.138.115
deny from 64.111.105.27
deny from 66.7.202.21
deny from 222.126.63.88
deny from 75.88.100.206
deny from 222.169.226.202
deny from 121.246.94.181
deny from 74.52.109.18
deny from 74.208.16.107
deny from 66.187.99.194
deny from 202.81.162.33
deny from 62.219.187.115
deny from 74.52.109.18
deny from 72.55.146.22
deny from 74.86.131.60
deny from 76.191.100.11
deny from 66.96.233.190
deny from 65.254.224.36
deny from 207.58.177.167
deny from 72.32.210.16
deny from 66.90.104.22
deny from 65.254.224.22
#IP-nummer blockade 2008-05-09
deny from 68.94.186.60
deny from 66.90.103.134
deny from 213.171.218.179
deny from 205.234.104.30
deny from 64.13.223.173
deny from 66.197.220.230
deny from 74.208.16.140
deny from 64.202.165.132
deny from 75.102.25.11
deny from 80.25.75.195
deny from 213.186.117.8
deny from 207.234.209.59
deny from 72.232.228.226
deny from 64.20.53.18
deny from 87.118.112.50
deny from 80.74.144.85
deny from 66.232.117.99
# IP-adresser blockade 2008-05-10
deny from 218.26.219.186
deny from 203.162.2.137
deny from 74.220.207.119
deny from 203.162.2.133
deny from 58.65.239.170
deny from 193.108.42.5 #auSystems Hosting Network 1 i Malmö!
deny from 201.36.249.130
deny from 201.30.233.136
deny from 85.228.76.163
deny from 74.200.70.104
deny from 200.27.90.164
deny from 209.62.10.114
# IP-adresser blockade 2008-05-11
deny from 122.16.95.105
deny from 72.44.38.243
deny from 66.212.28.29
deny from 219.120.98.43
deny from 87.236.233.52
deny from 82.114.160.32
deny from 65.212.180.199
deny from 200.25.194.154
deny from 89.18.179.46
deny from 69.89.31.213
deny from 213.42.2.24
deny from 194.126.102.10
deny from 89.132.155.225
deny from 210.246.145.164
deny from 125.172.32.153
deny from 62.244.55.224
deny from 78.129.208.30
deny from 201.54.148.7
deny from 128.220.1.52
deny from 151.13.128.182
deny from 87.230.86.137
deny from 192.115.104.89
deny from 195.245.119.76
deny from 72.36.146.2
deny from 92.113.54.80
deny from 218.104.219.232
deny from 219.49.0.78
deny from 91.121.25.110
deny from 203.144.160.251
deny from 89.188.17.71
deny from 207.47.100.22
deny from 71.225.134.240
deny from 24.3.54.247
deny from 201.86.8.28
deny from 189.8.34.138
deny from 208.65.8.69
deny from 78.129.199.205
deny from 85.255.121.202
deny from 222.35.3.83
deny from 210.51.14.197
deny from 61.67.15.253
deny from 203.162.2.134
deny from 189.19.227.97
deny from 201.18.135.43
deny from 218.24.132.22
deny from 80.191.83.5
allow from all

Listan kommer att växa, Jag uppdaterar den kontinuerligt. Men bara denna lilla enkla åtgärd har lugnat ner läget betydligt. Dessa IP-nummer stod nämligen för över 50 % av dagens skräpsprättande.


Från 2008-05-05, kl 14:21 arkiverat under Spam.

21 svar till “Nu blockar jag de värsta spammarna i min .htaccess-fil”

  1. Jonas Says:
    2008-05-05 kl 15:10

    Trevlig lista & tack för senast! Ska ta och läggga till den på utvbloggen.se

  2. Nikke Lindqvist Says:
    2008-05-05 kl 15:11

    Detsamma!

    Kom tillbaka efterhand. Jag lovar att hålla den uppdaterad under de närmaste dagarana.

  3. cjl Says:
    2008-05-05 kl 16:16

    En kombinerad shaper och .htaccess vore ju annars rätt trevligt så att spammarna fick access, men extreeemt långsamt. Tyvärr verkar det inte finnas ngt enkelt sätt att lösa det på.

  4. Magnus Says:
    2008-05-05 kl 17:40

    Fint med en lista, ska anamma den jag med (om du vill vara riktigt elak mot oss lägger du till googlebot någonstans mitt i)

  5. Jonas Nordström Says:
    2008-05-05 kl 20:34

    @cjl: Man kan ju tarpitta dem i iptables.

  6. Nikke Lindqvist Says:
    2008-05-05 kl 22:29

    Efter att ha tagit några timmars paus och gått på fotboll har jag fått 937 nya spam från ett 20-tal nya adresser. Har lagt till dem i listan.

    Jag är själv så paranoid att jag gör en whois på varje IP först eftersom det vore en grym ödets ironi att blocka något riktigt viktigt IP.

    Jonas Nordström: du får gärna utveckla, för det vore riktigt roligt att hitta på något sätt att få spambottarna att tokfastna någonstans.
    Jag inser att jag just hittade en beskrivning av hur det går till på http://www.netfilter.org/projects/patch-o-matic/pom-extra.html men har inte tillräcklig koll på hur brandväggar funkar för att ens ana hur jag ska föreslå mina vänner teknikerna på Datakultur något liknande…

  7. Nikke Lindqvist Says:
    2008-05-05 kl 23:37

    Jag inledde med att lägga in de blockade IP-adresserna i nummer-/nätvkerksordning, men har nu raskt frångått den principen. Nu kommer jag istället att lägga in dem i kronologisk ordning efter när de blir blockade. När det blir nytt datum anger jag det med en kommentar (t.ex. #tillagda 2008-05-06).

  8. Marcus Westberg Says:
    2008-05-06 kl 1:12

    År 2007 var det pinglistor som gällde till Wordpress. År 2008 är det IP-blocklistor. Vilken lista tror ni det blir 2009?

  9. Jonas Says:
    2008-05-06 kl 8:42

    Googlar jag på några av de IP-nummer som listas ovan så hittar jag fler listor där dessa förekommer, bl.a där proxy-servrar listas

  10. Nikke Lindqvist Says:
    2008-05-06 kl 9:52

    Jo jag har hittat några Proxy-servrar och några som är otroligt hemliga vad gäller infon från dem. Vet inte. Kanske måste jag helt enkelt ge upp projektet. Det blir lite för många IP-adresser att hålla koll på helt enkelt.

    När jag har blockat 10 nya IP-adresser blir det tyst en liten stund, men fem minuter senare har jag fått in 25 nya trackbacks.

    För några år sedan kommunicerade jag med en kille som hade över 3000 unika IP-adresser och hela Sydkorea i sin block-lista…
    Då blir det lätt fel.

    Häromdagen hade en av Googles IP-adresser letat sig in i en officiell blacklist och var därför utestängda från servern jag ligger på. Det märktes väldigt fort. Bland annat i Google Webmastertools där Google rapporterade att de inte fick tag i min sitemap.

    Men problemet måste adresseras på något sätt. Någon som har några friska(re) idéer?

  11. Nikke Lindqvist Says:
    2008-05-06 kl 12:33

    Har bestämt mig för att fortsätta blocka under några dagar för att åtminstone se om mängden IP-nummer minskar en smula.

    Kollar dem fortfarande innan jag blockar dem och de flesta IP-adresserna routas till Bahrain, Turkiet, Ryssland (kosnet.ru), Spanien, Indien, Singapore, USA, UK, Polen, Tjeckien och Brasilien.

    De allra hemligaste ser ut så här:

    $ whois 75.55.117.232
    AT&T Internet Services SBCIS-SBIS-6BLK (NET-75-0-0-0-1)
    75.0.0.0 - 75.63.255.255
    PPPoX Pool - rback8.austtx-1164675062 SBC07505511600022061127185201 (NET-75-55-116-0-1)
    75.55.116.0 - 75.55.119.255

    # ARIN WHOIS database, last updated 2008-05-05 19:10
    # Enter ? for additional hints on searching ARIN’s WHOIS database.

  12. Nikke Lindqvist Says:
    2008-05-07 kl 8:50

    Liten uppdatering igen. Antalet trackbackspam verkar över huvud taget inte minska. Finns antagligen alltför många osäkra installationer där ute för att det över huvud taget ska gå att göra något åt saken, men jag ger ändå inte upp. Don Quixote är min hjälte!

    Så här kan det se ut i min kommentarsdatabas (och då har jag ändå bara räknat de tracbacks som har lämnats utan URL):

    mysql> select distinct(comment_author_IP) as IP, count(comment_author_IP) as cnt from wp_comments where comment_author_url = ‘http://url’ and comment_date > ‘2008-05-06 10:00:00′ group by IP order by comment_ID desc;
    +—————–+—–+
    | IP | cnt |
    +—————–+—–+
    | 69.104.3.208 | 7 |
    | 83.29.224.245 | 8 |
    | 83.30.171.135 | 5 |
    | 207.35.67.130 | 8 |
    | 200.94.1.63 | 7 |
    | 91.80.153.76 | 6 |
    | 85.136.38.3 | 4 |
    | 190.66.153.175 | 4 |
    | 80.71.144.153 | 19 |
    | 84.132.84.215 | 10 |
    | 12.165.166.154 | 6 |
    | 59.182.31.17 | 3 |
    | 83.7.49.99 | 6 |
    | 136.160.142.234 | 6 |
    | 89.130.99.48 | 3 |
    | 83.237.29.151 | 9 |
    | 189.72.203.233 | 5 |
    | 77.199.174.48 | 3 |
    | 66.84.110.5 | 5 |
    | 75.3.117.105 | 4 |
    | 190.67.47.34 | 6 |
    | 216.6.1.3 | 3 |
    | 83.16.245.44 | 4 |
    | 77.79.138.198 | 4 |
    | 88.241.155.191 | 8 |
    | 189.40.128.3 | 8 |
    | 75.219.15.51 | 25 |
    | 168.243.245.164 | 8 |
    | 212.55.116.161 | 4 |
    | 60.50.252.237 | 10 |
    | 217.136.47.148 | 6 |
    | 189.28.162.75 | 11 |
    | 67.52.198.130 | 5 |
    | 84.252.58.62 | 9 |
    | 201.35.44.44 | 14 |
    | 91.139.36.250 | 9 |
    | 189.72.122.155 | 9 |
    | 189.140.230.222 | 5 |
    | 90.12.249.34 | 7 |
    | 194.118.43.1 | 7 |
    | 24.172.58.46 | 4 |
    | 78.162.51.125 | 8 |
    | 85.102.205.114 | 8 |
    | 84.133.98.80 | 4 |
    | 83.12.136.162 | 4 |
    | 60.50.98.193 | 10 |
    | 200.55.214.114 | 9 |
    | 89.40.118.227 | 6 |
    | 83.28.182.158 | 1 |
    | 83.21.177.170 | 7 |
    | 71.127.113.166 | 5 |
    | 190.37.72.169 | 3 |
    | 83.14.49.19 | 5 |
    | 78.102.77.2 | 11 |
    | 200.117.196.216 | 1 |
    | 201.252.144.146 | 1 |
    | 200.45.95.210 | 1 |
    | 201.252.132.150 | 1 |
    | 213.130.28.118 | 2 |
    | 200.82.121.23 | 1 |
    | 66.152.137.17 | 7 |
    | 87.205.247.109 | 6 |
    | 201.252.151.61 | 1 |
    | 78.92.213.178 | 6 |
    | 84.92.179.179 | 9 |
    | 83.10.10.191 | 3 |
    | 78.165.179.115 | 4 |
    | 122.161.16.173 | 6 |
    | 64.130.72.6 | 9 |
    | 84.153.219.160 | 5 |
    | 117.47.110.160 | 12 |
    | 84.120.109.96 | 7 |
    | 212.48.166.23 | 11 |
    | 201.14.162.46 | 8 |
    | 85.108.102.26 | 7 |
    | 85.219.221.51 | 8 |
    | 82.151.96.163 | 9 |
    | 67.86.28.244 | 4 |
    | 79.112.121.124 | 6 |
    | 217.117.80.2 | 16 |
    | 91.189.243.147 | 4 |
    | 88.244.165.73 | 9 |
    | 84.140.108.110 | 6 |
    +—————–+—–+
    83 rows in set (0.00 sec)

    Och en stund senare upptäcker jag något som jag borde ha lagt märke till redan för flera dagar sedan. Det allra enklaste sättet att hitta spammet är att titta på vilken User Client som används. De flesta av spamfabrikörerna verkar använda olika versioner av Jakarta Commons-HttpClient utan att ha orkat bekymra sig om att ändra denna (vilket är rätt lätt gjort). Alltså kan man plocka fram spam genom följande MySQL-fråga:

    mysql> select distinct(comment_author_IP) from wp_comments where comment_agent like ‘Jakarta%’ and comment_date > ‘2008-05-06 12:00:00′;
    +——————-+
    | comment_author_IP |
    +——————-+
    | 74.208.16.179 |
    | 66.197.152.245 |
    | 69.9.38.210 |
    | 69.80.224.68 |
    | 213.251.189.203 |
    | 74.54.131.114 |
    | 206.221.184.108 |
    | 74.208.16.159 |
    | 66.152.166.31 |
    | 212.27.63.204 |
    | 69.94.13.11 |
    | 64.141.108.29 |
    | 64.22.69.26 |
    | 74.208.14.215 |
    | 193.86.238.12 |
    | 72.46.130.23 |
    | 85.17.237.211 |
    | 76.163.252.88 |
    | 207.210.213.247 |
    | 208.113.155.28 |
    | 67.159.44.159 |
    | 209.67.210.206 |
    | 81.17.248.55 |
    | 91.186.21.78 |
    | 203.22.204.43 |
    | 67.212.168.50 |
    | 74.208.16.77 |
    | 64.185.237.50 |
    | 74.52.166.162 |
    | 216.193.201.201 |
    | 64.34.161.151 |
    | 64.40.144.156 |
    | 209.200.17.183 |
    | 64.22.87.210 |
    | 69.59.22.27 |
    | 209.11.242.250 |
    | 64.18.158.194 |
    | 64.202.165.133 |
    | 74.208.16.108 |
    | 219.132.138.231 |
    | 209.17.190.78 |
    | 82.165.183.169 |
    | 205.234.236.13 |
    | 65.254.224.34 |
    | 213.171.218.172 |
    | 88.198.47.45 |
    | 208.100.51.43 |
    | 72.55.156.219 |
    | 202.181.235.187 |
    | 91.121.88.147 |
    | 64.191.93.101 |
    | 64.202.165.131 |
    | 206.221.184.156 |
    | 72.55.165.26 |
    | 208.53.137.178 |
    | 72.233.78.5 |
    | 206.212.242.242 |
    | 208.97.175.16 |
    | 72.9.156.132 |
    | 72.232.250.50 |
    | 91.186.26.241 |
    +——————-+
    61 rows in set (0.03 sec)

  13. Nikke Lindqvist Says:
    2008-05-07 kl 22:03

    Fantastiskt! Efter morgonens utrensning ser det nästan ut som om spamfloden har sinat. Jag kan förstås aldrig vara säker på om det är de blockade IP-numren som har gjort det, eller om just detta botnät har givit upp av andra anledninger.

    Efter 15 timmars hamrande har bara 114 spam tagit sig in i bloggen under dagen (och i sin tur fastnat i Akismet).

    Vi får se imorgon, men jag har faktiskt visst hopp…

  14. J.Backlund Says:
    2008-05-07 kl 22:10

    Tjena!
    Finns det någon nackdel med att låta spammet gå till Akismet? Med tanke på att du blockar ip-adresserna… Jag får inte lika mycket som du men kommer upp i en 1500 i veckan i alla fall.

  15. Nikke Lindqvist Says:
    2008-05-07 kl 22:18

    Den mängd som jag får äter bandbredd. Jag är snart uppe i 10 GB i veckan, och börjar tröttna på att bli hamrad på av spambottar, trackbackbottar, och sökbottar från sökmotorer som aldrig ger någon trafik.

    Nästa bot till rakning kan bli är Ask.com. De hämtar alldeles för mycket utan att ge någon trafik tillbaks.

  16. Det känns som om det lyckades Says:
    2008-05-08 kl 8:05

    [...] Rekommenderad läsning « Nu blockar jag de värsta spammarna i min .htaccess-fil [...]

  17. Thursday, May 8th 2008 (daily photo) Says:
    2008-05-08 kl 14:40

    [...] Frågelek.se and finishing off the trackback spammers that have been pounting my main blog. After blocking almost 600 IP addresses in my .htaccess file I seem to have succeded in my struggle. Only about 20 trackback spams today compared to the 6000 [...]

  18. Markus Jalmerot Says:
    2008-05-08 kl 22:12

    Grym lista. Bra tips att lägga in det i .htaccess sådär..

  19. Nikke Lindqvist Says:
    2008-05-09 kl 12:34

    Jag har just uppdaterat listan med ytterligare några få IP-adresser. Ni ser på antalet tillagda IP-nummer från igår och idag att spammet nästan helt har avtagit.

  20. Nikke Lindqvist Says:
    2008-05-11 kl 0:09

    Har kompletterat med dagens spamfångst också. Det är inte alls lika illa som det har varit. Bara 48 spam idag varav bara två var spammiga trackbacks. Tänker mig fortsätta såhär i någon vecka till och sedan se vad som händer om jag plötsligt lyfter hela blockaden för en dag.

  21. Nikke Lindqvist Says:
    2008-05-14 kl 22:09

    Jag har inte blockat några nya IP-adresser på några dagar nu, och det märks att spambottarna flyttar runt. Är nu återigen uppe i 200 kommentarsspam om dagen, men ännu så länge nästan inga fler trackback-spam.

    Nivåerna är fortfarande såpass låga att jag kan leva med det. På måndag nästa vecka tänkar jag testa att ta bort blockningarna för en dag.

Skriv en kommentar



Vill du också ha en egen gravatar-bild till vänster om kommentaren? Skaffa dig en Gravatar här!


ReadSpeaker AudioFeed - Lyssna på det här inlägget

Vad vet du om din målgrupp? Låt Agent Interactive handplocka bra partners från sitt affiliate-nätverk.

Blockerat kommentarsspam

Nya sidor