Comments on: WordPress User Registration Spam

By: Strangely

Strangely — Thu, 17 Nov 2011 17:27:34 +0000

Thanks John.
I’m currently happy with my current set of spam and bot blockers, but I’ll bear it in mind if things change in future. It’s a world of always moving goalposts, isn’t it…

By: John

John — Thu, 17 Nov 2011 16:57:50 +0000

Cartpauj Register Captcha has worked well for me: http://wordpress.org/extend/plugins/cartpauj-register-captcha/

By: blog4booty

blog4booty — Tue, 14 Jul 2009 09:08:46 +0000

Just wondering… You have the list as allow,deny and then list the IP addresses to ban. Everything looks good but then you give the allow from all directive AFTER listing the banned IPs… Shouldn't you have

order allow,deny

allow from all

deny from 24.1.39.117

deny from 38.99.101.151 and so on…

You quoted that the Apache server does 3 swipes at the file but that seems inefficient… I figured allow,deny would tell it to allow all but deny the following, or reversed it would see order block and deny everybody but then allow the specifically mentioned… In the case you've shown I would have assumed that since allow from all is listed after the deny list, you would be inadvertently allowing all of those in which you previously denied…

By: Strangely

Strangely — Tue, 14 Jul 2009 08:49:33 +0000

@blog4booty
I hardly use this aspect of .htaccess anymore. I only use it when someone is persistently pinging! I’ll block them for a few weeks and then take the entries out to keep the file size down. The 3 swipes thing is from the manual.

For the order, the only thing that matters is the “order allow,deny” – how they appear in the list is irrelevant.

What happens is that it sees “order”, then sees “allow”.
Then it scootles down the file and will allow everything it sees on a line beginning with “allow from …”
When it reaches the bottom, it flies back to the top and THEN does each line as it scootles down that starts with “deny from…”, denying each IP/domain you’ve included.

The order that the various IP addresses or domains is, is not important. JUST the way the “order allow,deny” is at the top. For instance, this is valid:

order allow,deny
deny from bad1.com
allow from good1.com
deny from bad2.com

This will only allow good1.com Everything else is redundant. This is why you use “from all” to ensure that you get access other wise you’ve blocked yourself!
So:

order allow,deny
deny from bad1.com
allow from all
deny from bad2.com

..is better. First it enacts all the “allows” – which is “from all”. Then it does all the “deny”‘s. It blocks two domains.
Now compare to the one below….

order deny,allow
deny from bad1.com
allow from all
deny from bad2.com

First it “deny”‘s the two bad domains and then it undoes these two deny actions by “allow”-ing “from all”!!! This means that the floodgates are now open!

The only reason to separate the “deny from..” and “allow from..” entries is for ease of reading!

The normal usage of this part of .htaccess for a webmaster is to block dodgy sites. It can be used to just allow a few IP addresses through – say if you have an almost completely locked down intranet and you want to allow a few homeworkers access. In this case, you “deny from all” THEN “allow from..” the various IP addresses external to your network.

The Apache help file is extensive, but IMHO, extremely hard to wade through. Most of my info is pulled straight from other websites that just examine a few aspects of the usage of .htaccess. Links are in the posting.

Hope this helps!

By: Strangely

Strangely — Mon, 13 Apr 2009 01:55:42 +0000

I removed all blocked IP addresses from the .htaccess file about a month ago. Since then, I’ve not been troubled.
I think the newer incarnation, plus Akismet, plus Tan Tan Noodles mops up everything and I still allow people to freely comment!
This is my current recommendation to block the various spam types from my WordPress blogs.

By: Strangely

Strangely — Thu, 01 May 2008 08:44:48 +0000

Following on from the above, I’ve only got 11 IP addresses blocked now and this has blocked all user registration spam for SABRE for the past week or so. I think the bad guys move about a bit!
One thing new has started and I’ve alluded to it elsewhere… I’m getting weird hits from a Latvian outfit that seems to be a hosting company, eclub.lv See …permalink-structure-change

So they’ve been completely blocked with htaccess because they’re mucking up my stats. Sod them.

By: Strangely

Strangely — Sat, 26 Apr 2008 15:29:01 +0000

Since this post I’ve been twiddling with htaccess again using stuff mainly from Josiah Cole which is very useful.
As a test, I’ve also removed all the deny IP addresses just to see which ones are actually hitting me now….

Watch this space :-)