{"id":1078,"date":"2015-02-04T11:10:16","date_gmt":"2015-02-04T15:10:16","guid":{"rendered":"http:\/\/www.blogseye.com\/?p=1078"},"modified":"2015-02-17T12:50:40","modified_gmt":"2015-02-17T16:50:40","slug":"htaccess-entry-magically-blocks-90-of-spam","status":"publish","type":"post","link":"http:\/\/blogseye\/2015\/02\/htaccess-entry-magically-blocks-90-of-spam.html","title":{"rendered":"htaccess entry magically blocks 90% of spam"},"content":{"rendered":"
I have noticed that the new plugin mostly catches hits with no Accept header or no User-Agent. All browsers send these headers when they access a web page. Robots are hitting wp-comments and wp-login over and over again without an Accept header and mostly without a user agent.
\nThis made testing the plugin’s other functions difficult so I disabled it and started getting some spam. I enabled it again and the spam stopped.
\nIt turns out that there must be lots of zombie sites using some code that does not send out the accept header, and some of them manage to leave spam before they are reported to SFS. I also put lots of ip blocks on the Allow List, and sometimes these get through, although it is a temporary problem.<\/p>\n
I did some research and found it is possible to block these types of hits on my sites using .htaccess. I added these after the Order<\/code> directive in the htaccess file. If you don’t have an order directive, just add this code to the top of the file.<\/p>\n