Brute Force Attack? (7 posts)

  1. BertC
    Posted 4 years ago #

    I am getting hammered on my blog with 200 - 300 comments a day which all seem to be bogus. I'm wondering if this is a brute force attack, and what I can do to stop it. The emails are very similar to this one- rgfnqdjgso@wjnuqp.com. Randam letters and numbers with usually 6 digits in the (?)company, or website, name.

    Does anyone have an idea on what I can do to eliminate these emails from being accepted? Thanks.

  2. bcworkz
    Posted 4 years ago #

    Impossible to tell if it's a focused attack or just a bunch of random comment spammers, unless all the comments come from a limited number of IPs. If so, just blacklist the IPs.

    There's a number of plugins that limit comment spam. There's some suggestions in the Codex as well. To block bogus email domains, you can require a verification response from an email you send. Plugins exist to do this. Your script could just check the that domain is registered and has a valid MX record: checkdnsrr( $mailDomain, "MX" );

    I wouldn't query an SMTP server for a valid mailbox though. It's still not totally reliable, and your server can get blacklisted for namespace mining.

  3. BertC
    Posted 4 years ago #

    As it turns out, it seems that there are only 2 networks from which the emails are coming from. So, I'm going to try and blacklist these. What is an MX record?

  4. BertC
    Posted 4 years ago #

    How would I block these two IP addresses, or range of addresses, with WordPress? Do I need a plugin? What plugin would do it? I see where I can block domains, but I have hundreds and hundreds of domains, all of which seem to be from only 2 IP networks.

  5. BertC
    Posted 4 years ago #

    This is an example of the hundreds and hundreds of emails I am receiving-

    A new comment on the post "Not again!" is waiting for your approval http://www.401kpreservation.com/not-again/

    Author : Online casino us (IP: ,
    E-mail : tthrpncvqp@wbkftg.com
    URL : http://armandoorzuza.com/
    Whois : http://whois.arin.net/rest/ip/
    xbxjn512lqsftfswbujpo, Casino online promotions, zSLvTEw, [url=http://armandoorzuza.com/]Casino online roulette[/url], zvQZjge, http://armandoorzuza.com/ Casino Online, GazLzeN.

    Approve it: http://www.401kpreservation.com/wp-admin/comment.php?action=approve&c=904
    Trash it: http://www.401kpreservation.com/wp-admin/comment.php?action=trash&c=904
    Spam it: http://www.401kpreservation.com/wp-admin/comment.php?action=spam&c=904
    Currently 617 comments are waiting for approval. Please visit the moderation panel:

    The websites seem to be legitimate. However, the email addresses are all very similar to this one- they are bogus. How can I block these "comments" with these fake email addresses from posting a comment on my site. I am not a designer or programmer, so I am in need of some help. Thanks.

  6. bcworkz
    Posted 4 years ago #

    MX record indicates the domain has a functioning mail exchange server to process email messages.

    Block comment IPs under settings>discussion>comment blacklist same as domains, works either way. No plugin required, just enter IPs, one per line in the box. You can block IP ranges by truncating the last numbers, for example, you can block by just entering 11.22.11. including the last dot. If anyone were watching a comment submission from a blacklisted IP, they would see the page reload and nothing else. WP will just dump the comment without notice. The only evidence there was an attempt to post a comment would be a POST record in your server logs.

  7. I am getting hammered on my blog with 200 - 300 comments a day

    Well don't get down about it, if your site becomes more popular you'll soon be in the 1,000s of comments per day. ;)

    Yes, I'm messing with your sense of humor. Each and everyone of those comments is just SPAM, it's not a brute force attack, it's just the consequence of having comments on the Internet.

    My suggestion is this: if you haven't already done so, install these two WordPress plugins.


    You'll need to sign Akismet and Cookies for Comments is just fire and forget.

Topic Closed

This topic has been closed to new replies.

About this Topic