Russian and Ukrainian Blog Spammers are STUPID!
< Begin Rant >
If you publish a blog (Weblog) using MovableType, I'm certain that you have learned that if you accept comments, or trackbacks, that you are going to attract blog spam (splog). I used to allow comments and trackbacks on my blog until I found that all of the comments and trackbacks were 100% spam, with links to sleazy websites. Being the curious, suspicious spam/scam hunter type person that I am, I began studying my raw access logs to see where this crap was coming from. I wasn't surprised when I discovered that most of the blog spam I was getting aimed at my blog was coming from a few IP addresses in the Ukraine and Russia. Normally I would consider Russians and Ukrainians to be educated, intelligent folks, but now I have to wonder if I was mistaken in that line of thought.
The reason I make such a harsh statement is because I have not allowed comments or trackbacks to be posted for a long time now (Turn Off Comments and Trackbacks), and when I did allow them I always moderated them and deleted spam comments; they were never posted. In an effort to curtail the continuing attempts to post spam to my blog I have even removed the files used to post comments and trackbacks to my MovableType blog. Still, every day, for hours at a time, idiots in Russia and the Ukraine keep trying to spam to my blog, despite the fact that I clearly state that no comments or trackbacks are accepted, and the files that are required for them are gone. Everytime these idiots Post a comment or trackback my server gives them a 403 Forbidden response, but they don't seem to care, or notice, or are too uneducated to understand that Access Denied means that their request failed to go through! So, growing tired of even giving them the courtesy of a 403 response I am now redirecting all of these bullshit attempts to Post comments or trackbacks right back to the sender's own browser or web appliance; to 127.0.0.1. That should result in a Page Cannot Be Displayed or Server Cannot Be Located message on the program the idiots are using to try to spam me.
The blog spammers are even resorting to using hijacked proxies, on computers in other countries, but they all get the same message, since I block all such exploits in my .htaccess file. I wasn't born yesterday. I know how to block IP addresses, proxies and unwanted behavior or exploits on my server. I also know how to track the source to their ISP and report them for spamming.
If you run MovableType blogs on an Apache Server, and are interested in seeing in my solution to the problem of blocking blog spammers, read my extended comments.
If other Webmasters are having the same problem with the Ukrainian and Russian blog spammers, maybe you would benefit from simply adding a Mod_Rewrite rule to your .htaccess files (Apache Web Servers), to rewrite all attempts to Post to (path to)/comments.cgi and (path to)/tb.cgi to 127.0.0.1 . Below is a code sample you can modify to meet your own installation of MovableType. Be sure you first turn off comments and trackbacks and delete any that are already posted to your blog. Also, place a notice at the top of each template page to let people know you don't accept comments or trackbacks.
The following requires permission to run Mod_Rewrite directives and overrides on your website. Each directive must be on one continuous line, starting with RewriteCond or RewriteRule. The first three lines of code must be somewhere in .htaccess, before any rewrite directives.
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} ^POST\ /cgi-bin/mt/mt-comments\.cgi\ HTTP/1\.[01]$
RewriteCond %{REMOTE_ADDR} ^(.*)$ [NC]
RewriteRule ^(.*)$ http://127.0.0.1 [R=302,L]
RewriteCond %{THE_REQUEST} ^POST\ /cgi-bin/mt/mt-tb\.cgi/[0-9]{1,3}\ HTTP/1\.[01]$
RewriteCond %{REMOTE_ADDR} ^(.*)$ [NC]
RewriteRule ^(.*)$ http://127.0.0.1 [R=302,L]
You may have to modify the path to the comments and trackback files, if your MovableType installation has been customized away from default names. If you are using a PHP blog you will have to learn the file names used to Post comments and trackbacks, then replace my file names with the correct ones for your blog software. Once the majority of blog owners learn to redirect blog spam back to the idiots posting it, the flow will begin to subside, as they will have nothing to gain from their activities.
Also, I don't publish my access logs at all, and never have. Despite this fact I see plenty of attempts to spam my access logs with Referrer Spam, in the form of links to spamvertized websites for drugs, porn, insurance quotes and other bullshit. Log spammers gain nothing if you stop making your website access logs public. Take them out of your web-root, or turn off stats publication, and keep your logs private. Eventually the log spam will stop when nobody publishes their stats online, as nobody will see the websites being advertised in the "Referer" fields (that is how Apache web server directives spell the word 'referrer').
Another thing I do, when any one IP address tries to harass my server with too much crap, is to have my web host block them in the perimeter firewall. This sends all of their requests to a blackhole and keeps them out of my logs altogether. They don't even get an ACK from the router feeding the box.
< End Rant >
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.