Mobile app version of vmapp.org
Login or Join
Heady270

: Why does blocking IP addresses from China and Ukraine to fight spam also block some legitimate European visitors? I'm getting hammered by spam requests. I allow guest comments that require pending

@Heady270

Posted in: #Htaccess #IpAddress #Spam #Traffic

I'm getting hammered by spam requests. I allow guest comments that require pending and got over 20,000 of them in a very short space of time. 99% are from Ukraine or China. To bypass this I have used my .htaccess file to completely block all IPs from China, Ukraine and Russia. The problem I have now is that these IPs also seem to be blocking users from Italy and I've seen a few blocked IPs from France.

The IP getting blocked is not in my .htaccess file. There are a few rules that block IPs within a range, but the IPs that are getting blocked arent even in the first 3 blocks.

e.g. The ip getting blocked might be 123.123.321.321. There are no IPs in my .htaccess file that start with 123.123.321, so I don't see why these are getting blocked. I ran some tools and have confirmed (using proxys) that at least Italy is getting blocked.

I am worried now that if I were able to find 2 blocked countries in a few hours, how many others are being blocked.

What's the best way around this?

I ran a test using cloudmonitor.ca.com/en/checkit.php
All passed except for Padova and Hong Kong which both got access denied. The IP range for Italy should be this


94.124.34.0/24

www.tcpiputils.com/browse/ip-address/94.124.34.0-94.124.34.255. The closest match in my .htaccess file is this


94.124.0.0/20 94.124.16.0/21


There shouldn't be a conflict here, so I'm really confused

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Heady270

1 Comments

Sorted by latest first Latest Oldest Best

 

@Deb1703797

Spam is not new. But the only thing you can really do is install a captcha system. This means that for every post someone makes on your website, they have to enter a special code that is displayed on screen inside an image. Robots can't see this and since most spam comes from robots, you'll probably do a good job filtering out most robots. If some try to guess the code, then make some sort of lock down on your site so that if the code is incorrect after a certain number of attempts then the guest is banned from making further posts until a set time is passed.

Another thing you could try is email or phone verification per post. This means when a guest makes a post, they are sent an email or a text message with a link to a URL to go to in order to verify the identity.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme