Comments on: Banishing Spammers and Trolls With .htaccess Files

By: force outboards

force outboards — Sat, 08 Aug 2009 09:16:13 +0000

I recently stumbled across this site and have been following along slowly. I felt I would leave my opening comment. Im not sure what to write but that I have really enjoyed reading. Cool blog. I intend to continue coming back to this blog very often. I have also subscribed to the feed for updates.

By: Lara Kulpa

Lara Kulpa — Thu, 28 May 2009 17:48:10 +0000

@Gary Sanet – You can’t access the .htaccess file for blogspot blogs if I’m not mistaken… yet another reason to choke up the $4 a month and go self-hosted wordpress!

By: Gary Sanet

Gary Sanet — Thu, 28 May 2009 16:36:11 +0000

Can you suggest how we can do it for ‘blogspot’ blogs !!

By: Marcus Neto

Marcus Neto — Tue, 26 May 2009 17:08:13 +0000

recently went on vacation and returned to find about 4k spam comments on some demo sites that I have running (we sell templates). This article could not have come at a better time. I found that most of the comments had 2-3 IP addresses associated to them and added them to the deny section in my .htaccess. hope this solves the problem. or at least cuts it back. 4k in a weekend? I mean who does that?

By: mike

mike — Mon, 25 May 2009 23:40:17 +0000

Anything to slow spam down is good thing.

By: Jennine

Jennine — Mon, 25 May 2009 13:26:35 +0000

oh, i found a plugin that bans IPs
http://www.quickonlinetips.com/archives/2008/12/ban-ip-to-stop-wordpress-comment-spam-forever/

good to know, i’d be scared to edit the .htaccess file

By: Jennine

Jennine — Mon, 25 May 2009 13:22:58 +0000

hey thanks for this. i know in fashion blogging, we’ve been plagued by anonymous negative commenters… this might give us a way to block those people who keep harassing bloggers. though, I agree there should be more than one line of defense.

By: Rajesh

Rajesh — Mon, 25 May 2009 12:04:19 +0000

Nice article. But I think CAPTCHA is the best solution since most of the times spammers are blocked except if they have broken the CAPTCHA algorithm.

By: Make Money Online

Make Money Online — Mon, 25 May 2009 07:44:52 +0000

There is a plugin which does all that for you, just enter the ip address and your good to go.

By: Fix My Cabinet

Fix My Cabinet — Mon, 25 May 2009 03:05:54 +0000

My Wordpress plug-in catches all the spam just fine.

Wouldn’t it be nice if there was a plug-in that automatically would do what this article describes?

Thanks for sharing but my blog seems to be covered pretty well.

I can find other things to do with my time, like post on this blog.

By: Another Way To Earn Money

Another Way To Earn Money — Mon, 25 May 2009 01:10:56 +0000

Unfortunately this is useless for blogger with blogspot as a platform.

By: Personal Development

Personal Development — Sun, 24 May 2009 19:53:09 +0000

this is great. first two part of ip remains same while other two changes. do we have a solution for that too or you think it would not be nice thing to do.

By: BloggerDaily

BloggerDaily — Sun, 24 May 2009 19:04:19 +0000

Nice tutorial but the thing that worries me is the .htaccess file will also ban people from the same IP. And I tracked same spam comments came from different IPs.

Sincerely I need the prevention like this to avoid spam comments, but there some implications that might affect the site in a long term.

I’m tired of checking Akismet and sometimes have to delete the spam comment that able to go through Akismet.

Thanks for the tutorial. Really hope for the spammers to stop their irresponsible act.

By: Daniel Pereira

Daniel Pereira — Sun, 24 May 2009 18:33:39 +0000

People must be aware and cautious using this kind of technique, by making sure that the spam comes a lot of times from the same IP, because some service providers don’t use static but dynamic addresses, and you might be blocking an IP that’s isn’t from a spammer anymore. Besides that, if you use this with caution, is one more way to reduce you spam.

By: Dixie Vogel

Dixie Vogel — Sun, 24 May 2009 18:31:02 +0000

I personally would not recommend this technique for avoiding spammers. Most spammers use automated tools, coming through proxys or botnets running on compromised machines, and in general use a variety of techniques to cover their tracks. They are actually easier to identify via their software and other behavior than the IP addresses, which are intended to be disposable. Think “hit and run” MO. If your blog has decent SEO, you WILL get comment spam and before long, your .htaccess file will be full of these disposable IP address and it can, over time, impact your site’s performance. Every time someone connects to your site, the server will have to check their IP against your .htacess and for a popular site, this list will grow exponentially.

If you’ve got a one-off troll with limited technical knowledge, then it may help. Except even broadband internet access almost always sports dynamic IPs, which means you won’t just be blocking out the troll, but maybe innocent people who have the bad luck to share their ISP. So if your spammer/troll uses a free aol trial account for example, using it until they are busted and move on, you’ve just nuked other folks who happened to get the same IP assigned after a modem reboot or something. Oops.

Think of it like blocking a spammer’s email address. Nobody bothers because they are disposable, right?

I run a hosting biz, and can block IPs on the server level. And even when we’re getting hammered with breakin attempts, I only block IPs for a limited period of time. Most spammers will move on if it’s not easy because breaking through your defenses is not a good use of their time. So making it harder to spam overall is more effective than targeting the individual incident.

You’re best best IMO is a combination of strategies, (starting with choosing a hosting company that makes good use of apache’s mod_security module that blocks a lot of these vermin before they even hit your site), good antispam plugins, and, if you do block via .htaccess, then clean it out every month or so lest you do more harm than good.

By: Black Sand

Black Sand — Sun, 24 May 2009 17:45:58 +0000

Stopping spammers using the .htaccess file is a great idea. Thanks for information

By: John Hoff - WpBlogHost

John Hoff - WpBlogHost — Sun, 24 May 2009 15:56:24 +0000

@Deepak – The downside is the fact that most people are on a dynamic IP address (i.e. the IP address of your computer’s modem may change).

So if you block out an IP address, you’ll likely be blocking out multiple people and not just one person.

@MyCreditGroup – Yes, it works for any .htaccess file.

By: David Stillwagon

David Stillwagon — Sun, 24 May 2009 15:43:04 +0000

I don’t get that many comments right now, but doesn’t the catcha thing work as well on blogger?

By: MyCreditGroup.com

MyCreditGroup.com — Sun, 24 May 2009 12:17:57 +0000

Does this work for any .htaccess file, or is this something that only works on WP?

I ask because we have a forum that is just getting slammed with spam. No matter how many requirements we implement for registration, there are at least 50 or so per day.

By: Deepak @ BusinessAttitude.com

Deepak @ BusinessAttitude.com — Sun, 24 May 2009 11:54:09 +0000

That is a fantastic way to block the spammers. I will be blogging about it for sure. And I dont see any downside in this method.