About Charchaa
recent posts
today's deals!updated hourly!
Fighting comment spam
Posted by agentn on Wed, 2007-11-14 16:03.
.htaccess | 195.225.178.14 | ip deny | netcathost | panama | spam block
Comment spammers spam open websites leaving links to their spam sites. These links could range from porn and viagra to more serious phishing sites distributing trojans. In this article, I'll explain how to block comment spam.
Identify the source
The first step is to identify the IP address from where the comment was posted. Check your access log to determine the IP address.
Delete the comment
Delete the comment as soon as you can. Don't click on any link in the spam comment. You don't want to be a conduit to trojans. Search engines such as Google penalize sites linking to spam sites by blacklisting them. You can kiss that PR number goodbye!
Investigate the origin of spam
In my case, the spam originated from this IP address: 195.225.178.14. How to find out the origin of this IP? There are a number of online tools to help you find the origin of an IP address. I use http://aruljohn.com/track.pl.
The ISP is NetcatHosting and the country of origin is Panama. If the IP is outside India, US or western Europe you won't have much luck sending emails. In this case, Netcathosting is probably owned by the spammer. It doesn't even have a functioning website.
Research
A quick Google search for Netcathosting and 195.225.178.14 and I knew I wasn't the only one! Why do this? Because most spammers spam from a range of IP addresses, not just one. Even if you blocked 195.225.178.14, they'll spam you from 195.225.178.15! Doing a Google check will tell us what other IP addresses this spammer has been using.
In this case, the IPs varied as I suspected, but within the 195.225.176.* to 195.225.179.* range.
Block
The final step is to block these IPs. To do this, goto your website control panel (cpanel, webmin etc.) and look for IP Deny Manager
Now enter 195.225.176.0-195.225.179.0. This will automatically be converted to a CIDR format - 195.225.176.0/22. Don't worry about this format. If you want to know the IP range of a CIDR format, you can use this excellent online tool.
If you are having trouble locating your control panel or IP Deny Manager, you could do this manually. Go to the root of your website (/public_html/, /www/, /htdocs/) and look for a file called .htaccess. If there isn't one, create one using a text editor.
Add this line and/or the ip range of your spammer:
deny from 195.225.176.0/22
Save and exit. This will block any attempt to access your website from the above IP range.
Copyright
What better way to get back at a spammer than by educating others to fight spam! Feel free to copy this article in its entirety and post it in your blog. A link back is appreciated, but not required.