February 26, 2008

Banning spammers for good

Skip to Comments | Tumblr activity on this day | Print this page | |
Tags:

One thing I really don’t have time for anymore is spam - comment spam specifically but there’s a couple of other kinds of spam I can’t stand too: blog spam and contact form spam. So I’ve done a couple of things.

  • I’ve put in a new contact form that hopefully will battle spammers better. Although I can tweak PHP in a million different ways, I can’t write much of anything from scratch, so if you’re like me, I recommend an awesome article from Digital Web Magazine called Building a Bulletproof Contact Form with PHP.
  • And, I’ve started banning IP addresses, and IP ranges. This one could catch you, and if it does, you might want to file my email address away (nataliejost`gmail.com) and let me know if you can’t access my sites one day.

Banning IPs should usually be a last resort, but it has taken me years to get to this point. What really sealed it for me was when I found that spammers were not just leaving bogus comments and trackbacks, but they were actually ripping 50% of each post and linking back to it. In fact, almost EVERY post was showing up duplicated on some splog and that’s just not cool.

There are a few reasons splogs are so bad.

  1. They use stolen or copied content from other web sites
  2. Their sole purpose is to make money from ads and increase search engine ranking for some parent site
  3. By copying your content, they put a copy of you out there which can do two things:
    1. It can hurt your search engine ranking
    2. It makes search results for things you write about show irrelevant results like these splogs

Unfortunately, there’s no recourse for splogs who copy your content because technically they’re not doing anything illegal unless they copy the entire post or don’t link back to you, which in my case they were posting only a couple of paragraphs and then “read more of this great post here” with a link back to my post (which is what prompts the trackback spam). And even if they did completely violate copyright, there’s not much we can do legally yet.

So I ban them

So my easiest, albeit harshest, option is to simply ban their IP address(es). On the upside, this takes care of comment form spam and comment spam too, and with my host it blankets all of my sites at once. So, not only can spammers not spam me anymore, they can’t even access my sites, any of them.

The downside, of course, is that some of you could get caught in the range of IP addresses if a spammer is close to you in a block of IPs. So here’s what I look for in banning them…

  • First, I go to http://ws.arin.net/whois/, which is what Wordpress’ comments section uses to check out IPs. Type in the IP address and search it. You’ll get back information about their ISP there. The first thing you’ll see is the address of the ISP, in my case, Insight Communications in Kentucky.
  • Now I look to see if they’re in the US. If they’re not, I feel ok banning them right away because most spammers I’ve seen are from outside the US, and most of my legitimate readers are here. There are those exceptions, which is why I gave you my email, to contact me if you’ve accidentally been banned.
    • Outside the US the IP is banned - and the range is banned. So if the IP is 212.2.22.222, I ban 212. and it bans everything starting with 212. Now, if a spammer uses a different IP next time it will most likely still be in this range and I won’t have to ban hundreds of separate IPs.
  • If the address is in the US, I’ll let it go for awhile and just keep a mental note of it in case it pops up again. If it does, I ban that IP, but not a range. The exception… if I see more than 3-4 IPs all starting with the same number, I may ban that range because it’s most likely malicious.

What you don’t know spammers are doing…

…can hurt you. Some time ago I set up my 404 page to email me whenever someone hits it. The 404 page for those of you who don’t know, is the error page you see when you reach a bad link. It’s for a page that doesn’t exist. This has helped me tremendously in fixing or redirecting old links to the correct locations, but it has also helped me spot a few spammers.

If you’d like to set up a similar form, I have the code stored here: Email Admin on 404, for my own reference, but you’re welcome to use it for yourself.

What I look for here is when someone tries to go to a place on my site that not only doesn’t exist, but a place that NEVER existed. A bad link from some other site who has an old link is one thing, but making up a link based on someplace you think you want to go to but shouldn’t… that’s something else and usually a spammer.

For example…

  • http://standardsforlife.com/this-post/wp-admin or http://standardsforlife.com/this-other-post/wp-login.php This is someone trying to get into my wordpress admin area and this person, spammer or not, is banned - because there’s never any reason you should be trying to access a secure part of my site. Likewise, if you try to go to an area that does exist but you shouldn’t be there, I’ll see that in the logs and ban you for that too.
  • A new one I’ve noticed is http://www.standardsforlife.com/this-post/google-analytics.com/ga.js and http://www.standardsforlife.com/__utm.gif which is likely someone trying to access my google analytics stats. This one isn’t so malicious as it is annoying, but he gets banned too, the second time.
  • This third one is just plain funny. So I made a couple of “Pink for October](http://pinkforoctober.org templates for Wordpress, but one of them I reserved especially for the PFO campaign. I have the right to do that, but ever since it was featured at Smashing people have been sort of freaking out at that, so they’re making up links to try to find it. I see all kinds of combinations:
    http://standardsforlife.com/downloads/pfo_stripes.zip http://standardsforlife.com/pfo_stripes.zip http://standardsforlife.com/download/7/pfo_stripes.zip http://standardsforlife.com/files/pfo_stripes.zip
  • None of these files exist because I’ve completely removed it from my server until next September when I’ll release it again, but it’s funny to watch all these made up links. These I don’t ban; I just redirect their made up link to a dummy page, and by dummy I don’t mean “generic” I mean “stupid”.

So that’s it, longer than I intended, sorry. :) So I’ve got a zero-tolerance policy for spam now, including email spam, which is why I so freely give out my email address. That email again, in case you get banned, nataliejost`gmail.com. I swear, Gmail’s motto should be “I’m not afraid of spam”. Seriously, if I don’t like what you send me, I just banish you to my spam folder and I never see your email again. I get probably 400-500 spam emails a day but I only see 2-3 of them. Gmail gives me the gumption to say to spammers, “Bring it, yo!”

 
Categories: Internet, Tips | Tumblr activity on this day

« Not looking for validation Churches, Money, Values »

Abort73.com

5 Comments on Banning spammers for good »

Josh Byers left a comment on February 26, 2008 at 6:30 pm | #

Wow! I am a little frightened right now. I never knew the power that you wield. Walk softly and carry a list of ip’s to ban is what I always say… ;)

Natalie left a comment on February 26, 2008 at 9:17 pm | #

Wow, didn’t mean to scare you. But this is my house. If you act like a jerk or try to go through my drawers in my bedroom I’ll ask you to leave. ;)

Tanny O'Haley left a comment on February 26, 2008 at 10:35 pm | #

You didn’t mention what you’re doing with your new comment form. I’ve had pretty good luck with the following four items.

1.A link throttle. I limit each comment to a specific number of links. If a comment goes over my link throttle the comment is rejected. 2.A modified honey pot. A hidden field that uses javascript to change the field contents on submit. If you are the very few who don’t have javascript, I’m sorry, but too bad. If a person doesn’t have javascript enabled, they can still read my site, they just can’t leave a comment. 3.Require the contents of certain fields to be filled, including the honey pot. 4.Add a query string item to the submission url with javascript on submit that is required.

This doesn’t prevent an individual from manually leaving spam as long as there aren’t too many links which for me is extremely rare. However it does prevent around 150-200 comment spams every day.

Natalie left a comment on February 26, 2008 at 10:44 pm | #

heh,**Tanny_* you missed the point of my post. I don’t need all that stuff. I have ZERO spam now. :) Y’all are free to comment as you please because spammers aren’t wasting space here. The other plus I forgot to mention… my stats are much more accurate now since most of the hits to my site now are legitimate visitors. Why waste energy on those 150-200 comments when you could keep them from hitting your site altogether?

Tudor left a comment on February 27, 2008 at 12:39 pm | #

Great 404 notification idea, Nat! Getting aggressive like you did with the spammy IP’s really seems to have helped you quite a bit. I think others will follow your lead in this area… including me, if I ever get popular enough to attract spammers (and have a blog)!

Leave a comment

Be advised that if you don't use your real name, I'll make one up for you. :)

Markdown Help:
Reply: ***name***
**strong** _em_
[link](http://)
![image](http://)
> blockquote

If this is your first comment or you're using different contact information,
your comment may be held in moderation until I can tell Wordpress you're not a spammer. Subsequent comments will be published immediately.

 
 

designedbynataliejost