I manage/admin a fair few sites covering an oil exploration equipment company to a church website. Unfortunately over time I’ve had a some issues with spammers posting random unwanted guestbook messages and so on.
Therefore I decided to go ahead and implement some measures to start blocking them. The main site this occurs on is the church site I run, which has an option to blacklist IP addresses. However as the spam comes from a range of IP addresses each time the site is ‘hit’ this would involve a tedious process of adding each address.
Therefore I decided to use the .htaccess allow/deny restrictions. While these are simple to use, getting the information required isn’t always as easy.
The method I took used three steps:
- Determining the IP Range involved
- Calculating the network prefix of the range
- Banning them
For the first step I noticed the IP addresses each time I was hit were similar, so I looked them up on http://software77.net/cgi-bin/ip-country/geo-ip.pl to see if they were in a single range assigned to a particular organisation or country. In this case they were.
Then I converted the range from a start and end IP address to a single address with a prefix. In my case it was 123.112.0.0/12. (you can check your conversion using http://www.csgnetwork.com/ipinfocalc.html) [The look-up link above now gives you the CIDR range]
Finally I added the following lines to my .htaccess file, including a comment for future reference
Order Allow,Deny
##Chinese IP range banned for guestbook spam 28/4/08
Deny from 123.112.0.0/12
Allow from all
As a side note banned users will get a HTTP 403 error page. I also created a custom page to be loaded for banned users, defined by the following line in my .htaccess file:
ErrorDocument 403 /errordocs/403.html
You also need to test that they have access to view this page, so I added another .htaccess file in the errordocs folder with the following lines:
order deny,allow
allow from all