Blocking Comment Spam
Comment spam is annoying. Since I sit well below the A-List blogger rung, it isn't my biggest problem in the world. It is just annoying.
The super fine blogware I use has a feature for blocking IP addresses. Lately I have been updating this list with IPs from comment spammers. 90% of these IP addresses originate from China. I'm considering blocking the entire class A IP block for China. If you are a legit visitor who cares about what I write, leave me a comment and tell me how bad of an idea that is.
I'm willing to share my IP list with others. Here is the list as of May 28, 2008:
67.180.242.3 116.24.109.132 125.212.41.130 195.182.195.3 61.144.189.214 218.81.142.85 124.161.38.224 221.6.155.165 218.108.15.82 221.218.213.167 125.214.254.171 65.49.14.27 89.218.180.241 121.237.79.252 92.100.38.239 91.122.52.50 222.244.132.155 88.233.20.64 88.214.201.231 88.249.98.46 68.217.129.240 61.51.191.202 212.113.58.159 65.80.11.202 193.82.139.98 203.115.140.68 85.108.145.65 91.122.38.97 88.247.106.157 222.247.176.64 72.147.4.234 221.225.63.96 85.100.196.117 88.234.126.152 203.87.179.234 88.214.199.18 85.210.142.82 85.108.242.226 24.217.104.212 85.98.46.4 88.244.229.204 75.82.236.139 82.207.52.208 88.244.233.62 91.124.72.82 82.207.63.51 195.69.171.118 196.20.7.74 132.60.240.80 198.54.202.82 218.81.151.73 85.107.193.194 88.242.205.114 78.172.87.209 219.139.128.67 89.109.62.73 91.122.190.131 84.134.127.235 203.115.140.72 216.40.222.82 218.81.142.85 221.6.155.165 60.190.240.76 60.190.240.76 218.81.155.112 88.214.193.87 88.214.201.242 88.214.203.202 213.207.218.237 121.237.79.172 125.109.54.182 122.234.49.44 60.12.45.2 72.3.137.82
If you collect IP addresses from comment spammers, please share your list also. Stick it in the comments here, if you like.
As an interesting experiment, here is the origin of all of those IP addresses. ( courtesy of http://www.ip2location.com/. IP2Location has a batch entry here: http://www.ip2location.com/demo.aspx )
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||
|
There are no comments for this entry.


Here is my list. Everyone has the first one (67.180.242.3) because Ray ships BlogCFC with that IP blocked. Ask him why...
67.180.242.3
203.115.140.72
216.40.222.82
218.81.142.85
221.6.155.165
60.190.240.76
60.190.240.76
218.81.155.112
88.214.193.87
88.214.201.242
88.214.203.202
Consider checking out http://www.projecthoneypot.org/ You can have instant access to 22,479,130 IP addresses as well as the reasons that they are blocked. I have my own personal list, but it is too long to list here.
Also, most of these IPs are proxies on computers that have been exploited. It's very difficult to determine who manages the actual computer and getting in touch with anyone is almost impossible. I initially wasted my time trying to contact admins and now simply block POSTs from any identified IP addresses.
"I'm considering blocking the entire class A IP block for China"
China, population: at least 1.3 billion, with internet usage rivalling or exceeding the USA, depending where you read
http://www.forbes.com/2006/03/31/china-internet-us...
http://www.digitaljournal.com/article/253753
do you really want to block that much potential readers of your blog? It's a very big sledgehammer to crack a nut
You might want to give the SpamStop plug-in for blogCFC a try. I wrote that a while ago and works just fine ( makes use of project honeypot). Check http://www.schildmos.nl
the sharing of the blocked ip addresses is a great idea. i once thought about throwing up a page where people could just add to a list (and wondered if blogCFC could be modded to pull from there as a web service).
i haven't been using blogcfc for long, so the only 2 i have (not including the "everybody gets 67.180.242.3" address) are:
121.24.171.92
85.254.186.161
here's the list from my old blog on cfblog.com:
195.234.202.45
194.187.148.40
62.192.182.162
88.214.203.202
193.239.206.202
89.122.249.77
91.187.5.86
89.41.215.103
91.187.7.113
91.187.0.20
91.187.7.57
91.187.0.53
91.187.2.214
212.59.22.101
193.138.177.228
81.222.249.158
86.57.159.190
91.187.8.6
91.187.5.211
88.214.197.227
24.88.98.89
81.182.181.80
81.25.39.226
81.25.37.237
121.24.171.161
121.24.171.92
124.24.171.*
...and now that i've actually read the previous comments, looks like that concept of a shared spammer ip list has already been put in place via honeypot and jax's spamstop plugin.
i'll likely be looking into integrating the plugin over the next couple of days.
I have goten some interesting spam. The best one by far was a code example, not relevant to the post at hand, where they tried to demonstarte parsing URLs or some such, and had URLs to teh syupid sites. I kept the comment, blocked teh IP and changed all teh URLs to http://www.google.com.
These are the most recent comment spammers (all over the map, thailand, japan, etc)
Current IP addresses being blocked
125.212.41.130
80.162.9.84
58.183.38.249
68.205.212.254
212.143.230.112
Here is my list, oddly enough, it seems more are from Turkey. I have not checked, but I imagine there are some repeats.
67.180.242.3
222.244.132.155
88.233.20.64
88.214.201.231
88.249.98.46
68.217.129.240
61.51.191.202
212.113.58.159
65.80.11.202
193.82.139.98
203.115.140.68
85.108.145.65
91.122.38.97
88.247.106.157
222.247.176.64
72.147.4.234
221.225.63.96
85.100.196.117
88.234.126.152
203.87.179.234
88.214.199.18
85.210.142.82
85.108.242.226
24.217.104.212
85.98.46.4
88.244.229.204
75.82.236.139
82.207.52.208
88.244.233.62
91.124.72.82
82.207.63.51
195.69.171.118
196.20.7.74
132.60.240.80
198.54.202.82
218.81.151.73
85.107.193.194
88.242.205.114
78.172.87.209
219.139.128.67
89.109.62.73
91.122.190.131
84.134.127.235