Skip to content

Banning an IP in WordPress

This time I’ve had it with that spammer from IP 193.105.210.41 (on SFSon HoneyPot). I first installed some Stop Spammer Registrations Plugin, which made it much easier to report spammers to SFS, but which for some reason fails to block that ****** spammer from IP 193.105.210.41. That one is a very imaginative spammer who almost always uses an e-mail @mail15.com, and spam links to the non-resolving domain bestfinance-blog dot com. The plugin claims it blocked 298 spammers, and actually it seems it does block like 10 daily spams, but for some reason that 193.105.210.41 always passes through. Anyway, time to take some more drastic action: a real IP ban.

First I found the standard way of banning an IP in WordPress: it’s in Settings => Discussion, then scroll to Comment Blacklist, where you can enter banned IP, but also banned words, URLs, etc. The problem with that is that according to the description, the comment isn’t refused, it’s just placed in the spam queue. Which doesn’t solve my problem at all, all comments already fall into the moderation queue anyway…

I could try to find a specific banning plugin, but I don’t want to have too many plugins, particularly if it’s only to block one single moron. So, I’m left with the server-ban solution. I first thought about banning the IP with iptables, but that’s a bit too drastic IMO. I finally thought I could just ban it with .htaccess. Easy to do, light on the server, the perfect solution. You just need to add the following in the WordPress .htaccess file (check out the doc if you need more details):
Order allow,deny
Allow from all
deny from 193.105.210.41
There’s just a little trick to prevent WordPress from overwriting your changes: do NOT place them inside the WordPress block, ie place them before # BEGIN WordPress or after # END WordPress.

That’s all, the spammer is banned now, and they won’t even flood your spam comments queue anymore… until they get a new IP, of course, but then you’ll have new data to submit to your favorite blacklist 😉

Edit a week later: looks like the guy got a new IP pretty quickly after that .htaccess ban. He started spamming from IP 91.212.226.143 just the day after, and after a week he hit us again from that new IP… on more line in my .htaccess lol.

Update (2011-12-29): That bloody spammer keeps coming with different IPs, always successfully bypassing the SFS plugin while being reported hundreds of times at SFS… Since his IPs are from the same range, I searched a bit more and I just stumbled upon this 5 year old thread about banning IPs by wildcard.

Posted in web development, web filtering.

rev="post-2199" No comments

By patheticcockroach 2011-09-13

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

Sorry about the CAPTCHA that requires JS. If you really don't want to enable JS and still want to comment, you can send me your comment via e-mail and I'll post it for you.

Please solve the CAPTCHA below in order to fight spamWordPress CAPTCHA


« »