Comment spammers aren’t the sharpest knives in the draw. If they did their research properly they’d realise that spamming here was a stupid as trying to burgle the police station (while it’s open). You’ll notice there’s no comment spam around here, but that isn’t to say they don’t try.
Anyway, there’s been a lot of activity lately from a spambot running at an “interesting” hosting company called Volumedrive. They rent out rack space, so it’s not going to be easy for them to know what their customers are doing, but they don’t seem inclined to shut any of them down for “unacceptable” use. For all I know they’ve got a lot of legitimate customers, but people do seem to like running comment spammers through their servers.
If you need to get rid of them, there is an easy way to block them completely if you’re running WordPress, even if you don’t have full access to the server and its firewall. The trick is to over-ride the clients Apache is prepared to talk to (default: the whole world) by putting a “Deny from” directive in the .htaccess file. WordPress normally creates a .htaccess file in its root directory; all you do is add:
Deny from bad.people.com
Here, “bad.people.com” is the server sending you the spam, but in reality they probably haven’t called themselves anything so convenient. The Apache documentation isn’t that explicit unless you read the whole lot, so it’s worth knowing you can actually list IP addresses (more than one per line) and even ranges of IP addresses (subnets).
For example:
Deny from 12.34.56.78
Deny from 12.34.56.89 22.33.44.55
Deny from 123.45.67.0/24
The last line blocks everything from 123.45.67.0 to 123.45.67.255. If you don’t know why, please read up on IP addresses and subnet masks (or ask below in a comment).
So when you get a a load of spammers from similar IP addresses, look up to see who the block belongs to using “whois”. Once you know you can block the whole lot. For example, if you’re being hit by the bot using Volumedrive on 173.208.67.154, run “whois 173.208.67.154”. This will return:
NetRange: 173.242.112.0 - 173.242.127.255
CIDR: 173.242.112.0/20
OriginAS: AS46664
NetName: VOLUMEDRIVE
NetHandle: NET-173-242-112-0-1
Parent: NET-173-0-0-0-0
NetType: Direct Allocation
<snip>
If you don’t have whois on your comptuer (i.e. you’re using Windoze) there’s a web version at http://www.whois.net/.
In the above, the CIDR is the most interesting – it specifies the block of IP addresses routed to one organisation. I’m not going in to IP routing here and now, suffice to say that in this example it specifies the complete block of addresses belonging to volumedrive that we don’t want – at least until they clean up their act.
To avoid volumedrive’s spambots you need to add the following line to the end your .htaccess file:
Deny from 173.242.112.0/20
If this doesn’t work for you the the web server you’re using may have been configured in a strange way – talk to your ISP if they’re the approachable type.
I have contacted Volumedrive, but they declined to comment, or even reply; never mind curtail the activities of their users.
This isn’t a WordPress-only solution – .htaccess belongs to Apache and you can use it to block access to any web site.
Perhaps there’s some scope in sharing a list these comment spambots in an easy-to-use list. If anyone’s interested, email me. This is a Turing test :-)
Volumedrive do NOT respond or take action against comment spammer complaints, and based on this information I can only come to the conclusion that Volumedrive is a spam safe haven.
I have added their IP ranges to all my customer firewalls with no ill effect.
Also on a subnote: When I have sent complaints to abuse@volumedrive.com & support@volumedrive.com I notice that the welcome string from mail.volumedrive.com is “220 mail.volumedrive.com Motha Fuckin VolumeDrive Biatch!” – This confirms my initial suspicions that their intent is not good and unprofessional. If this is how they configure their welcome string then I suspect Volumedrive is run by a group of kids with little respect or common sense.
Thanks for this post especially this line “Comment spammers aren’t the sharpest knives in the draw.”
IDIOT!
I use that server to spam and you are literally but one of several millions we LOVE to drop our backlinks on!
I just had to take the time to point out your stupidity!
You DO NOT even exist!
Youre one of several millions.
Grow some brain MORON!
[Ed: I think this might be from some genuine swamp-life]