Over at The Mystery of the Haunted Vampire, we’ve seen a fairly large surge in comment spam attempts. In the past, I’ve tried to deal with this with a mix of plugins but the best one of these had the unfortunate side-effect of preventing the site owner (Carnacki) from accessing the blog (he’s got some funky configuration issue with his ISP, I think). We’ve been relying upon Askimet alone for a while now, and while it works really well, it’s kind of tedious having to review and delete comments. Askimet has trapped a handful of false postives, so I like to eyeball the output before deleting it. When it’s a dozen or so pieces of spam, that’s fine – but when it’s hundreds? Bleh.
Not wanting to futz around with plugins again, I opted for a blunt instrument approach: the .htaccess file. For those of you who don’t know, .htaccess is a file that you can use to control site access when you don’t have access to the root server configuration settings – which we don’t, since we don’t have a dedicated server. (Hell, we don’t even pay for a fixed IP address. MotHV is small enough that it isn’t worth the expense, particularly since the site doesn’t generate any revenue.)
Now, with .htaccess you can block individual IP addresses, but most comment spammers use a range of IP addresses. Looking at the worst offenders, I began blocking large swaths of the ‘net from accessing the site. Chinese ISPs? Gone. We’re an English-language blog, and we never get any interactive visitors from Chinese IP addresses, only bots. Hosting-only companies? Gone. Sure, some of their IP addresses may be allocated to ‘real’ domains, and some companies may be using those IP addresses as gateways, but in those cases, the IP address should resolve back to their domain name. If it’s just one IP address out of a pool of thousands? Nope. It’s a bot. You get the screamin’ 403 “Access denied” error.
I’ve used some discretion – we do get legitimate visitors from Japan, Korea, India, Thailand, & Malaysia, so I won’t take the totally drastic step that some people have of banning the entire range of APNIC IP addresses. That’s stupid. But individual ISPs in Asia that have never sent us a single legitimate visitor? Bzzt. Blocked. That one European host that is responsible for 50% of our comment spam? Every single netblock gets blocked. That US-based host responsible for another 20%? Same thing.
So the other night, I blocked a couple of dozen ranges of IP addresses, covering tens of thousands of IP addresses. Comment spam attempts are back down to a manageable amount (hundreds per day to dozens per day), though I know this will be temporary. And guess what else happened?
We lost almost 40% of our RSS subscribers.
So… How many of your subscribers are really just monitoring your site for activity?
[edited to add – do I lose any points for having two back-to-back posts with “*really*” in the title?]