Support » Fixing WordPress » Brute Force Attack?

  • I am getting hammered on my blog with 200 – 300 comments a day which all seem to be bogus. I’m wondering if this is a brute force attack, and what I can do to stop it. The emails are very similar to this one- Randam letters and numbers with usually 6 digits in the (?)company, or website, name.

    Does anyone have an idea on what I can do to eliminate these emails from being accepted? Thanks.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator bcworkz


    Impossible to tell if it’s a focused attack or just a bunch of random comment spammers, unless all the comments come from a limited number of IPs. If so, just blacklist the IPs.

    There’s a number of plugins that limit comment spam. There’s some suggestions in the Codex as well. To block bogus email domains, you can require a verification response from an email you send. Plugins exist to do this. Your script could just check the that domain is registered and has a valid MX record: checkdnsrr( $mailDomain, "MX" );

    I wouldn’t query an SMTP server for a valid mailbox though. It’s still not totally reliable, and your server can get blacklisted for namespace mining.

    As it turns out, it seems that there are only 2 networks from which the emails are coming from. So, I’m going to try and blacklist these. What is an MX record?

    How would I block these two IP addresses, or range of addresses, with WordPress? Do I need a plugin? What plugin would do it? I see where I can block domains, but I have hundreds and hundreds of domains, all of which seem to be from only 2 IP networks.

    This is an example of the hundreds and hundreds of emails I am receiving-

    A new comment on the post “Not again!” is waiting for your approval

    Author : Online casino us (IP: ,
    E-mail :
    URL :
    Whois :
    xbxjn512lqsftfswbujpo, Casino online promotions, zSLvTEw, [url=]Casino online roulette[/url], zvQZjge, Casino Online, GazLzeN.

    Approve it:
    Trash it:
    Spam it:
    Currently 617 comments are waiting for approval. Please visit the moderation panel:

    The websites seem to be legitimate. However, the email addresses are all very similar to this one- they are bogus. How can I block these “comments” with these fake email addresses from posting a comment on my site. I am not a designer or programmer, so I am in need of some help. Thanks.

    Moderator bcworkz


    MX record indicates the domain has a functioning mail exchange server to process email messages.

    Block comment IPs under settings>discussion>comment blacklist same as domains, works either way. No plugin required, just enter IPs, one per line in the box. You can block IP ranges by truncating the last numbers, for example, you can block by just entering 11.22.11. including the last dot. If anyone were watching a comment submission from a blacklisted IP, they would see the page reload and nothing else. WP will just dump the comment without notice. The only evidence there was an attempt to post a comment would be a POST record in your server logs.

    Moderator Jan Dembowski


    Brute Squad and Volunteer Moderator

    I am getting hammered on my blog with 200 – 300 comments a day

    Well don’t get down about it, if your site becomes more popular you’ll soon be in the 1,000s of comments per day. 😉

    Yes, I’m messing with your sense of humor. Each and everyone of those comments is just SPAM, it’s not a brute force attack, it’s just the consequence of having comments on the Internet.

    My suggestion is this: if you haven’t already done so, install these two WordPress plugins.

    You’ll need to sign Akismet and Cookies for Comments is just fire and forget.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Brute Force Attack?’ is closed to new replies.