So, part of my weekend was spent addressing the aforementioned spam issue. Turns out we’re not the only ones getting this same spam influx: this guy is getting it, too, and he links to another site. As the spam tidal wave rolled in, I realized that this was a massive spam operation. The IP’s are from all around the world, bot just China and Venezuela. There are also hits from legitimate ISPs and hosting companies, not just the fly-by-night places well known for tolerating spam. Someone has themselves a huge-ass botnet.
Fortunately, a bit of Googling turned up a solution to at least reduce if not totally stem the tide. This post over at RTCXpression explains how to block spammers from commenting based on their country code. Since most of the spam was coming from a few countries we’d never imagine would be posting real comments here, that seemed perfect. You can also specify a separate list of IP ranges to block, and the auto included his blocklist. That list mainly consists of Web hosting and virtual server companies, which generally won’t be posting comments to a blog. This solution is faster than some WordPress plugin. It also works with the web server we’re running. Most of the WordPress plugins rely on features found in the Apache web server (which most sites use).
The solution isn’t perfect, simply because of the breadth of the botnet that has been assembled to advertise various craptastic products. Servers that aren;t on the blacklist and aren’t in one of the banned countries are still popping in to drop a load of spam. But now it’s along the lines of 3-4 posts per day, rather than 80-90.