Posted 3 years ago #
Hello,
I am getting ready to edit my htaccess file to deny comment spam from several IPs I have identified, using instructions I found here:
http://codex.wordpress.org/Combating_Comment_Spam/Denying_Access
However, I'm not a programmer and I'm unsure where to include the block included between <Limit GET> and </Limit>
I'm using the default .htaccess file that came with WP.
Where do I paste this text block? I don't want to mess up the file and prevent anyone from commenting.
Posted 3 years ago #
Just use anti-spam plugins. Akismet, SpamKarma, and BadBehavior are three much-liked ones (I use my own CG-Referrer and CG-Antispam to block stuff, but I'm thinking of migrating some of my CG-AntiSpam stuff to SpamKarma plugins...).
I generally look to avoid htaccess mods, especially when IPs can fluctuate...
-d
Posted 3 years ago #
David, thanks for the tip. I have installed SpamKarma. I'm unclear whether it will prevent the bots from hitting my site. The built in WP software was catching most of the comment spam via moderation - but I couldn't stop the spammers from greatly increasing useless traffic to my site. Will SpamKarma do that? I've read through the documentation and I'm not sure it will make it invisible to bots -that's my goal.
Thanks for any help
install bad behavior
BadBehavior is bad for bots.
http://www.homelandstupidity.us/software/bad-behavior/
Using all 3 mentioned in tandem makes you nearly bullet proof.:>)
Posted 3 years ago #
Thank you Charle97 and samboll.
I unzipped and installed the bad behavior folder on my server, in the plugins folder, and noticed that after I did, that I neglected to edit the bad behavior/bad-behavior-wordpress.php file as described here:
The plug-in showed up in my plugin panel and was successfully activated. Do I need to go back and edit that php file and reinstall? Will the plugin work if I don't? I really don't want to do anything that's going to mess up my wp installation.
Your suggestions are very appreciated. Thanks again.
you should be fine. only thing you may want to change in that file is $wp_bb_verbose_logging. switch it from TRUE to FALSE. that way, only the bad stuff is logged in the db.
Posted 3 years ago #
Charle97, thanks I'll look into that.
I just checked my SpamKarma plugin logs and noticed that I'm still getting about 1 spam a minute. They aren't getting through to my built-in WP moderation panel, but I'm guessing that means that Bad Behavior isn't working - because they are still hitting my site.
I'm not even sure where to check to see if Bad Behavior is doing its job. Although it is activated, it doesn't show up as an option under my manage tab as SpamKarma 2 does.
I am using WP 1.5.2, BTW, and it's very solid and stable - no problems.
to check on bad behavior, use phpmyadmin or some other app that allows you to view the content of dbs. browse the bad behavior table.
there is no magic bullet to stopping bots. bad behavior is the first obstacle for the bad bots to get thru. spam karma is the second line. if you use askimet, that would be another barrier. however, no matter what you do, bad bots will find a way.
Posted 3 years ago #
I've got bad behavior, akismet and spamkarma2 installed and I'm still getting about a hit a minute - I'd love to be able to turn these bots away to decrease my bandwidth usage and get realistic stats on # of non-spam visitors.
I appreciate the guidance in getting those installed.
I'll ask my original question again in the hope that maybe there's an answer out there. Where do I paste the block included between <Limit GET> and </Limit> when I edit the .htaccess file. I know the bad bot IPs, I just want to be invisible to them so they won't keep sucking my bandwidth.
scroll down to method 2. use SetEnvIf Remote_Addr, then the ip. that's how i ban a specific ip with htaccess.
i also use bad behavior. since i don't allow trackbacks and comments, i don't use either spamkarma or askimet.
If you ever find a way to become invisible to bots, let me know.
The best you can do with .htaccess is deny IP ranges or specific ip's.
From experience, let your plugins run for a couple of weeks and they will improve. Also, denying IP's in .htaccess will not stop the bots - they just switch ranges and keep at it.
If you want to disallow IP's, put this in your root .htaccess.
If WP is in your root, put it above the WP directives in .htaccess:
order allow,deny
deny from 196.40.43.74
deny from 218.45.89
deny from 144.88
deny from 156.
for example - basically any range
Posted 3 years ago #
Thank you for these suggestions Charle and Samboll
I'll let the plugins run and if I don't see a drop in hits, I'll try these methods.
Do I need to designate anything with wildcards such as ...
deny from 196.40.*.*
to exclude everything from that range or would just writing
deny from 196.40 take care of it as your example above?
I've seen it written both ways. Almost all my bots are coming from two IP ranges.
196.40 is fine
196.40. may be better
Posted 3 years ago #
Charle97,
Thanks I read the bottrap article on kloth you suggested. My site is still being hit constantly although the comment spam has stopped.
I am working on a backup copy of my .htaccess (and I have one "clean" in case I need to revert to it.
I am unclear where to insert that paragraph suggested in Method 2 in the article.
My .htaccess file starts with
#BEGIN WordPress
<ifModlule mod_rewrite.c>
Then there's a long list of commands that begin with Rewrite or Rewrite Rule
Finally it ends with
</IfModule>
#END WordPress
=========
Where do I put the following block ... which I will customize with IPs for the bad bots that are hitting my site?
SetEnvIfNoCase User-Agent "Indy Library" bad_bot
SetEnvIfNoCase User-Agent "Internet Explore 5.x" bad_bot
SetEnvIf Remote_Addr "195\.154\.174\.[0-9]+" bad_bot
SetEnvIf Remote_Addr "211\.101\.[45]\.[0-9]+" bad_bot
Order Allow,Deny
Allow from all
Deny from env=bad_bot
I'm sorry, I don't have programming experience so this is new to me. But I can cut, paste and customize if I know what and where to insert it.
Thank you very much for your help.
put it before #BEGIN WordPress.
Posted 3 years ago #
Thank you all for your help - for the moment all bad bot action has stopped. That bot trap seems to have done the trick, and I'm still receiving comments from friends so allowed comments are getting through.
Thank you, thank you!
This topic has been closed to new replies.
