|
Crawling Across Chaos and Time Without End
|
|
Crawling Across Chaos and Time Without End
|
Following my previous experiments with htaccess, IP address blocking & SABRE, I’ve remade my list as seen above. Other sorts of spam are blocked using different plugins – usually they feed into Akismet. Currently, the false user registrations are tending to come from these IP addresses above. The “supposed” mail domains being chosen, are listed in descending order of instances below: komatoz.net (6)mail.ru (6) yandex.ru (4) atlaskit.com (1) mail.com (1) autocitychannel.com (1) bk.ru (1) This isn’t many, I know, because of the various blocks I’ve in place. These have appeared because I purposely removed most IP address blocks as an experiment to see which were the current “bad boys”. I mentioned this in a post a few weeks back, so these are the results. The domains with only ONE instance are all new to me, so it looks like the bad guys could be shifting their bases and string patterns to a new batch. I’ll come back to this in time, after things have developed a bit. However, for a fully updated WordPress installation, I recommend using the htaccess file as a first line of defence and then the supplied Akismet plugin in combination with SABRE, Login Lockdown, Simple Trackback Validation, WP-SpamFree. This combination has cut down the bad stuff to virtually zero. I’ve heard people mention the “Bad Behaviour” plugin because it does a lot of stuff at once and is supposed to be a one click does all affair, however, I can’t recommend it as my personal experience over several versions has been that it locks me out as well! This is not to say that I won’t try it again at some future date, but my current plugin mix works so as the phrase goes “if it ain’t broke, don’t fix it”. Constant monitoring is the key to effective defences though, while at the same time striving to maintain an open blog that users can post or comment to without much trouble. Possibly Related Sites
Related Posts by TagsImprove the web with Nofollow Reciprocity. |
|
 |
© 2008 Strangely Perfect StarScape Theme (1.5.11: Scorpius) | Design by: GDragoN Valid XHTML Valid CSS |
© 2007-2010 Strangely Perfect All Rights Reserved
Strangely Perfect is Digg proof thanks to caching by WP Super Cache
Posted on 22:47, May 14th, 2008 by 
Posted in 
Acute Records
Alistairs Dream (check out the gallery!)
Collective Voice
Crawling Chaos
Denyse Willem
Ikeda
Mailwasher Pro
Universal Declaration of Human Rights
What Really Happened?
WND
Current list at beginning September, 2008. I also use TanTanNoodles Spam Filter, Akismet, SABRE, wp-HashCash as well. I’m always twiddling to get the best mix/performance ratio for various plugins and techniques!
#who has access who doesn’t
order allow,deny
deny from 12.178.36.25
deny from 124.237.86.62
deny from 125.34.226.234
deny from 125.45.115.120
deny from 125.83.89.68
deny from 131.107.65.41
deny from 144.229.34.5
deny from 144.229.34.5
deny from 160.114.38.82
deny from 190.2.0.2
deny from 190.69.75.27
deny from 192.68.112.136
deny from 192.116.79.226
deny from 193.144.34.242
deny from 193.167.80.3
deny from 193.205.184.13
deny from 193.46.236.152
deny from 194.25.146.4
deny from 194.186.188.47
deny from 194.186.53.226
deny from 194.6.220.83
deny from 195.2.114.31
deny from 195.2.114.32
deny from 195.2.114.33
deny from 195.225.178.15
deny from 195.245.119.76
deny from 195.3.146.12
deny from 195.3.146.13
deny from 196.203.190.226
deny from 200.27.73.12
deny from 200.35.147.20
deny from 200.63.40/22
deny from 200.63.42.136
deny from 200.71.199.86
deny from 201.27.161.218
deny from 203.112.90.136
deny from 203.162.2.133
deny from 203.162.2.134
deny from 203.162.2.136
deny from 203.162.2.137
deny from 204.9.184.229
deny from 205.158.160.76
deny from 206.53.61.4
deny from 208.110.81.154
deny from 208.187.80.135
deny from 209.190.4.34
deny from 210.0.198.81
deny from 210.14.128.172
deny from 210.22.158.132
deny from 210.41.224.237
deny from 212.115.225.21
deny from 212.175.13.169
deny from 212.23.21.100
deny from 212.45.52.221
deny from 212.45.52.221
deny from 216.24.128.0/19
deny from 216.24.131.152
deny from 216.240.152.9
deny from 217.146.246.8
deny from 217.20.115.118
deny from 217.75.158.160
deny from 218.26.219.186
deny from 218.61.16.8
deny from 218.80.237.90
deny from 219.117.216.130
deny from 219.133.45.202
deny from 219.148.206.37
deny from 219.157.196.243
deny from 219.157.196.243
deny from 220.241.79.178
deny from 24.1.39.117
deny from 24.109.237.94
deny from 38.99.101.151
deny from 58.65.235.195
deny from 58.65.235.196
deny from 58.65.237.113
deny from 58.65.239.146
deny from 58.78.6.60
deny from 59.165.2.234
deny from 59.95.182.210
deny from 61.152.95.162
deny from 62.12.137.20
deny from 62.149.67.49
deny from 64.233.178.136
deny from 64.233.179.101
deny from 64.86.69.6
deny from 64.94.4.196
deny from 66.232.124.243
deny from 66.235.180.189
deny from 67.18.18.122
deny from 67.180.173.189
deny from 67.225.205.53
deny from 68.227.127.221
deny from 68.230.199.205
deny from 72.219.149.226
deny from 72.249.100.188
deny from 72.48.170.214
deny from 74.6.22.174
deny from 75.126.3.177
deny from 76.108.136.168
deny from 77.70.106.4
deny from 78.110.160.130
deny from 78.157.143.140
deny from 78.157.143.249
deny from 79.189.230.227
deny from 79.69.159.210
deny from 80.234.10.228
deny from 80.234.10.70
deny from 80.234.3.150
deny from 80.234.5.164
deny from 80.234.5.225
deny from 80.234.8.204
deny from 80.234.8.56
deny from 80.45.54.27
deny from 81.156.125.244
deny from 81.63.140.37
deny from 81.88.210.27
deny from 82.237.112.123
deny from 83.105.26.98
deny from 84.16.252.90
deny from 85.140.66.78
deny from 85.194.127.11
deny from 85.225.117.179
deny from 85.84.53.127
deny from 86.96.227.70
deny from 87.118.102.146
deny from 87.118.112.50
deny from 87.118.118.146
deny from 87.118.120.127
deny from 87.118.122.2
deny from 87.118.122.58
deny from 87.118.70.17
deny from 88.200.145.197
deny from 88.200.147.73
deny from 88.200.253.47
deny from 88.255.69.10
deny from 88.83.59.3
deny from 88.83.59.3
deny from 88.84.200.121
deny from 88.84.200.121
deny from 89.149.227.193
deny from 89.149.236.176
deny from 89.149.241.229
deny from 89.149.241.231
deny from 89.149.254.13
deny from 89.169.36.190
deny from 89.18.166.90
deny from 89.207.216.211
deny from 89.207.216.212
deny from 89.248.162.146
deny from 91.76.104.227
deny from 91.77.254.201
deny from 92.100.125.189
deny from 92.113.91.196
deny from 92.241.169.168
deny from 92.241.176.200
deny from 92.48.84.209
deny from 93.123.3.132
deny from 93.174.93.221
deny from 93.174.93.224
deny from 93.189.56.218
deny from 98.211.211.102
deny from 98.215.105.161
allow from all
#end access blocking list
[...] my Russian friend left a little note, which I’ll leave, here, because in itself, it’s pretty innocuous. However, visitors to my site don’t see the [...]
So i get attached via my comment form…these are the ones i filtered…
deny from 195.5.132.17
deny from 210.17.23.201
deny from 66.199.244.34
deny from 217.141.250.204
deny from 217.141.250.0/24
deny from 80.75.6.70
deny from 217.141.109.0/25
deny from 217.141.109.128/26
deny from 217.141.109.192/29
deny from 217.141.109.200/30
deny from 217.141.109.204/31
deny from 72.249.182.43
deny from 89.236.0.0/16
deny from 216.195.0.0/16
deny from 195.2.253.70
deny from 58.65.234.33
deny from 66.232.117.81
deny from 58.65.234.121
deny from 222.127.228.6
deny from 58.65.237.197
I’ve noticed some people looking at these lists with the aim of personalised blocking…
FYI, I stopped bothering for a bit using this for a while because the spammers etc change IP address so often. The time involved in keeping track of the addresses, removing ones that don’t get used etc is just not worth it, IMHO. If I worked out the time at my normal hourly rate I could pay someone to do it – and give the car a service – and decorate the house!
After a while, the spams started coming in (leaving SABRE|Akismet| Tan Tan Noodles to do all the blocking) so I got a different bunch of similar IP addresses to block. This is the current crop. I’ve noticed I’m getting a few more Russian & Chinese comment spams (which are trapped by the plugins) so it may be time to have another go.
#who has access who doesn’t
order allow,deny
deny from 12.178.36.25
deny from 124.237.86.62
deny from 125.34.226.234
deny from 125.45.115.120
deny from 125.83.89.68
deny from 131.107.65.41
deny from 144.229.34.5
deny from 144.229.34.5
deny from 160.114.38.82
deny from 190.2.0.2
deny from 190.69.75.27
deny from 192.68.112.136
deny from 192.116.79.226
deny from 193.144.34.242
deny from 193.167.80.3
deny from 193.205.184.13
deny from 193.46.236.152
deny from 194.25.146.4
deny from 194.186.188.47
deny from 194.186.53.226
deny from 194.6.220.83
deny from 195.2.114.31
deny from 195.2.114.32
deny from 195.2.114.33
deny from 195.225.178.15
deny from 195.245.119.76
deny from 195.3.146.12
deny from 195.3.146.13
deny from 196.203.190.226
deny from 200.27.73.12
deny from 200.35.147.20
deny from 200.63.40/22
deny from 200.63.42.136
deny from 200.71.199.86
deny from 201.27.161.218
deny from 202.10.64/15
deny from 203.112.90.136
deny from 203.162.2.133
deny from 203.162.2.134
deny from 203.162.2.136
deny from 203.162.2.137
deny from 204.9.184.229
deny from 205.158.160.76
deny from 206.53.61.4
deny from 208.110.81.154
deny from 208.187.80.135
deny from 209.190.4.34
deny from 210.0.198.81
deny from 210.14.128.172
deny from 210.22.158.132
deny from 210.41.224.237
deny from 212.115.225.21
deny from 212.175.13.169
deny from 212.23.21.100
deny from 212.45.52.221
deny from 212.45.52.221
deny from 216.24.128.0/19
deny from 216.24.131.152
deny from 216.240.152.9
deny from 217.146.246.8
deny from 217.20.115.118
deny from 217.75.158.160
deny from 218.26.219.186
deny from 218.61.16.8
deny from 218.80.237.90
deny from 219.117.216.130
deny from 219.133.45.202
deny from 219.148.206.37
deny from 219.157.196.243
deny from 219.157.196.243
deny from 220.241.79.178
deny from 24.1.39.117
deny from 24.109.237.94
deny from 38.99.101.151
deny from 58.65.235.195
deny from 58.65.235.196
deny from 58.65.237.113
deny from 58.65.239.146
deny from 58.78.6.60
deny from 59.165.2.234
deny from 59.93.209.205
deny from 59.95.182.210
deny from 61.152.95.162
deny from 62.12.137.20
deny from 62.149.67.49
deny from 64.233.178.136
deny from 64.233.179.101
deny from 64.86.69.6
deny from 64.94.4.196
deny from 66.232.124.243
deny from 66.235.180.189
deny from 67.18.18.122
deny from 67.180.173.189
deny from 67.225.205.53
deny from 68.227.127.221
deny from 68.230.199.205
deny from 72.219.149.226
deny from 72.249.100.188
deny from 72.48.170.214
deny from 74.6.22.174
deny from 75.126.3.177
deny from 76.108.136.168
deny from 77.70.106.4
deny from 78.110.160.130
deny from 78.157.143.140
deny from 78.157.143.249
deny from 79.189.230.227
deny from 79.69.159.210
deny from 80.234.10.228
deny from 80.234.10.70
deny from 80.234.3.150
deny from 80.234.5.164
deny from 80.234.5.225
deny from 80.234.8.204
deny from 80.234.8.56
deny from 80.45.54.27
deny from 81.156.125.244
deny from 81.63.140.37
deny from 81.88.210.27
deny from 82.237.112.123
deny from 83.105.26.98
deny from 84.16.252.90
deny from 85.140.66.78
deny from 85.194.127.11
deny from 85.225.117.179
deny from 85.84.53.127
deny from 86.96.227.70
deny from 87.118.102.146
deny from 87.118.112.50
deny from 87.118.118.146
deny from 87.118.120.127
deny from 87.118.122.2
deny from 87.118.122.58
deny from 87.118.70.5
deny from 87.118.70.17
deny from 88.200.145.197
deny from 88.200.147.73
deny from 88.200.253.47
deny from 88.255.69.10
deny from 88.83.59.3
deny from 88.83.59.3
deny from 88.84.200.121
deny from 88.84.200.121
deny from 89.149.227.193
deny from 89.149.236.176
deny from 89.149.241.229
deny from 89.149.241.231
deny from 89.149.254.13
deny from 89.169.36.190
deny from 89.18.166.90
deny from 89.207.216.211
deny from 89.207.216.212
deny from 89.248.162.146
deny from 91.76.104.227
deny from 91.77.254.201
deny from 92.100.125.189
deny from 92.113.91.196
deny from 92.241.169.168
deny from 92.241.176.200
deny from 92.48.84.209
deny from 93.123.3.132
deny from 93.174.93.221
deny from 93.174.93.224
deny from 93.189.56.218
deny from 94.102.49.81
deny from 94.0.0.0/8
deny from 98.211.211.102
deny from 98.215.105.161
allow from all
#end access blocking list
This website works on WordPress (always the latest version!!!), there are loads of plugins that are very effective at keeping the crap out.
It can be argued that it’s better to block at the web server level rather than after the queries are passed to the next levels in the software onion. This is true.
It can also be argued that I need a life, and the WordPress software with over 600k downloads since Xmas and all it’s peer reviewed plugins fulfill this function for me. In tandem with my “lazy” approach to IP address blocking, this works well.
There are a few key Apache statements that I’ve used over time in .htaccess to keep out certain sorts of nasties. Trial and error has led me to stick with a few core ones.
I may list them, or maybe not. Sometimes it pays to be circumspect. Whatever, they are all widely available on the net, say on “Ask Apache” etc. The key things are to stop directory traversing/listing (noindexes), to only allow certain file types in certain folders (e.g. just gif|jpg in a picture folder), to use the minimum permissions (CHMOD) you can get away with (644,705 & 755 work well for me, depending on the folder) and to make .htaccess unwritable after it’s made. For WordPress, make sure /wp-admin/ has an .htaccess file of it’s own.
Suggested WordPress Plugins to use, excl those above:
WP – Security Scan,
Wassup, dump the database for analyis and easy copy and paste of IP addresses into htaccess,
wp-scanner activator