Thoughts, information and reflections about technology

Blocking WordPress Comment Spam

I have a couple of WordPress starter sites on a shared host and was getting hit with comment spam from a particular IP range. A quick solution was to block the IP range using cPanel. 

Background

I have a couple of domains hosted on shared hosting. A couple of years ago, they were bringing in a relatively decent income. Let’s say they would pay for one or two utility bills each month. I unfortunately let them go over time.  I am trying to bring them back. 

In order to save costs, I have them hosted on a shared hosting plan. All four sites are under the hosting for a fifth domain. 

The Attack

Over the Labor Day weekend, I did a routine check. I found that two of the domains had about 50 comments in one day. That is unusually high. Further investigation determined that it was all comment spam from one particular IP range. They were the usual BS comment spam posts.

I have my sites set so that all posts require moderation unless there is a previously approved comment for that user. Since I’m not doing registration at this time, that effectively means that all comments need to be moderated. All of the spam comments were coming from IPs beginning with 5.188

WordPress Spam comment flood

Site Impact

This was a concerted effort to fill my sites with comment spam. The dangers to the sites were:

  • If I had not set up comment moderation, the sites would have been flooded with links that would most likely cause a drop in Google ranking (as well as standing with other search engines)
  • If unstopped, I would be spending a lot of time marking comments as spam. 
  • The flood of comment spam would put a load on my server blocking legitimate traffic that is critical to growing these sites. 

Whodunnit

I am not running a Geo IP blocker at this time. The blocker I was using ran into issues. Keep in mind that these sites are in an incubation stage so I’m trying to keep costs contained and don’t want to purchase an Askimet license yet.

If you want to get an idea of where the traffic is originating, go to Arin Whois and enter one of the IPs.

Using Arin Whois to identify the source of WordPress spam comments.

Scroll down a bit and you will see the country of origin and perhaps the internet provider. 

 

Arin Whois showing the city of origin for spam comments.

In this case, the traffic was originating in Amsterdam. Amsterdam happens to also be a popular city for proxies. Since two of my sites are locality sites, the Amsterdam traffic was almost certainly bogus and I could afford to block it. 

How to block comment spam.

I had two methods readily available to block the IPs. I am running the free version of WordFence. I could go to each site and block the IP ranges there.

The other option was to block the IPs using cpanel. With either method, I could block individual IPs or I could block a range. By blocking with cPanel, I could block the IPs once and they would be blocked for any sites I had on that hosting. That eliminated a lot of redundancy and extra effort.

To block the IPs using cpanel, log on to cpanel and scroll down to the security section. Choose the IP Blocker. With the cpanel IP blocker, you can specify a wildcard by only indicating either one, two or three nodes. In other words, If I enter 5.188. I will block 5.188.0.0 through 5.188.255.255. Given my particular situation, I am willing to accept the minuscule risk that someone might attempt legitimate traffic using that range. Don’t forget the trailing period after the last node.

cpanel's IP blocker
Adding an IP range to cpanel's IP Blocker.

Summary

Blocking by IP is inexpensive. Blocking via cpanel’s IP blocker is more efficient if you have multiple sites sharing hosting.

This solution will only work if

  • The spammers are using one block of IPs and not a botnet using a variety of IPs.
  • Your site is relatively local and you don’t mind using a shotgun approach to ban offshore IPs.

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact me
Archives
Categories