Spam is finally slowing down.

I’ve been using the generated htaccess list for a few weeks now. At first I thought that the list would grow forever. The spammers seemed to find new IP addresses faster than I could block them. I started adding blocks of IPs by looking up each ip by hand on LACNIC.NET. This took hours everyday, so I started working on an automated method of looking up the IP addresses and writing out the htaccess file.

I had a working version of the program on Monday, but I wanted to white list some of the bigger IPs in civilized countries. I wanted to eliminate duplicates and sort the addresses. Today I finished and then converted the old very long list to ranges and deleted any ip addresses that belong to ISPs.

The result is that most of China is blocked. Most of Russia is blocked. If I receive spam or a malicious robots hits one of a dozen sites the central db gets updated. One strike and you’re out. The exception is that I only block individual IP addresses for ISPs.

In the course of things, I get rid of many ISP blocks and I am waiting for them to regenerate. I must say, though, that not many are coming back. Most of my WP blogs have reported no action in the last couple of hours. This blog has been hit with a new round of admin password guessing robots, but they only hit once and then are blocked. I have had 6 hits in the last two hours. I think that the spammers are running out of servers that I haven’t blocked.

I will run the program to add the new IP addresses to the htaccess file by hand for a while. I wouldn’t feel good about blocking all of Germany by mistake, so I like to check things. Germany certainly does have a lot of spam servers, though. The program only takes a few minutes to run compared to hours when I do it by hand.

If you download the htaccess file, make sure that your hosting company is not blocked. You may have to remove GoDaddy or 1and1 by hand so that your cron jobs will execute properly. Just check your server IP and look in the htaccess file for a similar number. The deny statements are sorted by IP. There is a comment containing some of the information found in lacnic that can help.

 

Leave a Reply