One of the pain in the butt things about running a blog is that you will invariably have to deal with comment spam. If you are running WordPress, Askimet does a decent job of catching spam comments, but it still requires you to go through all the comments it catches to make sure it didn’t mark any valid comments as spam. Needless to say, it gets really annoying really fast to sift through hundreds of spam comments every few days or even every day. But, entering a few rules in your .htaccess file will help keep spammers from even getting as far as Askimet. In fact, it will keep them from getting to your blog all together. Here’s how…
First, we’ll have to do a little investigation. If you are on shared hosting, chances are that you have access to your WordPress database via phpMyAdmin or something similar and you can run SQL commands against it. So, open up phpMyAdmin or whatever you use, navigate to your WordPress database, and execute the following SQL:
select comment_author_ip, count(*) from wp_comments where comment_approved <> 1 and comment_content like '%http://%http://%http://%' group by comment_author_ip having count(*) > 3 order by count(*) desc
What this does is selects the comment author IP from the wp_comments table where the comment is not approved, the comment has at least three links in it, and the IP has left at least 3 comments. Then, it groups all of the distinct IP addresses and orders them in descending order by the count of comments. What you get back should look something like this:
From here we can see our most common offenders. Based on what I am seeing in my results, I can be pretty certain that at least the first 8 IPs belong to spammers. This is because it has only been a few days because since I last checked my comments and nobody leaves 14+ legitimate comments on my blog within the span of a few days.
If you want to be sure that a particular IP address belongs to a spammer, you can look at the individual comments that they’ve left using this SQL:
select comment_author_ip, comment_content from wp_comments where comment_approved <> 1 and comment_author_ip = '127.0.0.1'
where 127.0.0.1 is the IP address of the comment author in question.
Here’s where the .htaccess file comes in. If you are using permalinks for your blog, WordPress should have already created one for you. If not, simply create a file called .htaccess in your document root. If you want to know more about .htaccess files, see Apache’s documentation.
Next, open your .htaccess file and insert the following either at the beginning or end of the file:
order allow,deny deny from 192.168.0.1 deny from 192.168.0.2 deny from 192.168.0.3 allow from all
replacing the IP addresses with the ones that came up in the results of the SQL we ran before.
That’s it. Once you do this, users coming from these IP addresses will no longer be able to get to your blog and therefore can no longer leave spam comments.
Comments
Leave a Reply