Trackback Spam Storm

The site is being hammered by trackback spam. A lot of it is coming from about a dozen repeating IP numbers, so I've implemented some site-wide blocking to take the load off MT, which seems to chew up cycles blocking spam. This isn't my forte, so if you find that your access has been blocked when it shouldn't be, please drop me a note.

Oh. Wait. If your access was blocked, you won't be reading this, will you?1 Never mind.


1 Unless you move to a different computer, or get a lease on a new IP number, anyway.

For the record, here's what I added to my growing .htaccess file:

<Limit POST GET>
order allow,deny
allow from all
deny from 61.218.101.215 68.89.20.132 82.185.124.122
deny from 148.244.150.58 193.251.137.13
deny from 201.224.75.198 202.29.136.140 207.248.240.119 211.184.42.62 212.141.90.195 221.200.154.51
</Limit>
This entry was posted in Discourse.net. Bookmark the permalink.

3 Responses to Trackback Spam Storm

  1. Kaimi says:

    (snips addresses).

    Thank you very much. I now have two new additions to my own htaccess list.

    Most of these addresses are sadly familiar. If you’re getting hit by the same clowns I am (which it looks like), you may want to know —

    They use 207.248.240.118 (as well as 119, which you’ve blocked).
    They use 66.237.84.20. Since that’s a US-based address, I’m going to notify the abuse handle before blocking it.
    They’ve got other addresses within 148.244.150. which seems to be the main HQ. As I recall, I’ve deleted spam from at least three different addresses within that block (which is a Mexican carrier called Alestra). So finally I just blocked it at the 148.244.150. level.

  2. I have found mirroring my blog at a directory shut out from Google and other search engines, and then allowing trackbacks only to the mirror site, to be effective against trackback spam.

  3. Kaimi says:

    Hi,

    I’ve been looking into this a bit. One anti-spam blogger believes that this is a single spam ring run out of Bulgaria. (See http://www.annelisabeth.com/pc/pc14.htm ).

    Also, some anti-spam bloggers point out that this spam all uses the pinappleproxy . So you can block it all, at the htaccess level, by implementing a ban on pinappleproxy .

    # pineapple baby – comment spammer – shhhhh
    RewriteCond %{HTTP:VIA} ^.+pinappleproxy
    RewriteRule .* – [L,F]

    I’m trying that out right now. Hopefully it will work.

Comments are closed.