Comments on: Dissecting Comment Spam

By: Will’s Blog » Blog Archive » Another spam referrer

Will’s Blog » Blog Archive » Another spam referrer — Sat, 05 Mar 2005 00:40:41 +0000

[...] lso came a few times to my blog via the http://12.163.72.13 non-existant URL (as mentioned previously) Looks like our spammers are evolving as they see fit to do so, but [...]

By: Tom Raftery

Tom Raftery — Wed, 02 Feb 2005 10:21:29 +0000

Will, the code Cindy sent to you has an error – there should be no OR in the line before the ReWriteRule.

In other words it should look like:
RewriteCond %{HTTP_USER_AGENT} (Fetch\ API\ Request) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (Microsoft\ Scheduled\ Cache\ Content\ Download\ Service) [NC]
RewriteRule .* – [F]

In my own .htaccess file, I took a different approach, I blocked the ip and it has worked so far. Here’s what I entered in my .htaccess file:
RewriteCond %{REMOTE_ADDR} ^12\.163\.72\.13$
RewriteRule .* – [F,L]

Hope this helps,

Tom

By: Ann Elisabeth's blog

Ann Elisabeth's blog — Thu, 27 Jan 2005 23:50:00 +0000

12.163.72.13/Fetch API
Several of us got lines in our logs, with that IP number as the referrer. No website, just that IP number dressed up as a site address. It’s similar to the Bulgarian spammer machine, and uses proxies. So I did…

By: ck

ck — Sun, 24 Oct 2004 08:11:19 +0000

re. WP stripping words – what is a trailing?
And thanks for the tip – that comment spam is getting totally out of hand.

By: the lil lioness =^.^=

the lil lioness =^.^= — Thu, 21 Oct 2004 04:09:59 +0000

Protect yourself (and your friends)
My friends and I recieved over 2500 comment spams over the past 48-hours… me, being the blog admin had the pleasure of recieving all the notifications that there were comments awaiting moderation, and now have th eplasure of ddeleting the comments an…

By: Fiona

Fiona — Mon, 18 Oct 2004 01:45:43 +0000

Thanks will. Second bit didn’t work though.. .well it stopped me from accessing, giving me a 500 error

By: William Luu

William Luu — Sun, 17 Oct 2004 01:18:26 +0000

Hi Cindy, cool! Thanks for the tip! I didn’t notice those two user agents until now. I checked through my server logs, thus far I’ve only found the Fetch API Request one, and not the Microsoft Scheduled Cache Content Download Service.

I’ll update the post with your advice!

By: cindy

cindy — Sat, 16 Oct 2004 20:00:25 +0000

I found that they are using two other agents to harvest the comment link url’s. I have blocked them too. Check your server logs and I bet you find them too.

RewriteCond %{HTTP_USER_AGENT} (Fetch\ API\ Request) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (Microsoft\ Scheduled\ Cache\ Content\ Download\ Service) [NC,OR]
RewriteRule .* – [F]

It may block some valid offline page readers but better that than spam. I’m not even running MT or WordPress and they still got me… until I blocked them.

By: the lil lioness =^.^= » Protect yourself (and your friends)

the lil lioness =^.^= » Protect yourself (and your friends) — Thu, 01 Jan 1970 00:00:00 +0000

[...] e th eplasure of ddeleting the comments and the emails… Protect yourself, people! Will has a great post on getting rid of spammers - basically, [...]

By: Will's Blog » GoogleRank, Spammers, Phising

Will's Blog » GoogleRank, Spammers, Phising — Thu, 01 Jan 1970 00:00:00 +0000

[...] k of 4/10. [If you don’t know why that above web address is of interest, go read my previous post]. So how does a website that does not exist, end [...]