I also have a running list of banned IPs available publicly if anyone’s interested, on a page called “Wall of Shame” on the blog I gave as my URI.

So, akismet caught them, but -after- it had been posted, so I needed to at least prevent the comments from being posted. After trying uncessfully some ip / hostname ban plugins, after tried bad behavior, I’ve tried the last option I’d never use before closing any comments: the did you pass math plugin. It a written captcha, that asks the user to solve a simple math problem (e.g. how much does 1 plus 1?) and the same day I went from 50 spams caught per minutes to…. 2 per day.

It’s really boring for visitors to do, I know, but hell it’s working!

http://www.herod.net/dypm/

Spam annoys me so much that even knowing that they’re there raises my blood pressure. I just wished there were something else better out there. But at least, it seems that most of them are blocked.

If there is a better contact form spam blocker, that would be so nice.

I have a feeling the server load was mostly my fault, after further consideration. I’ve been working on a plugin to SK2 that takes the worst offenders, both IP and domain, and generate mod_security rules to block the IPs entirely and block the domains from appearing in POST requests. It had been doing quite nicely up until the fated day that I got hit with 10,000 POSTs in about 18 hours. My account got suspended and I disabled commenting as a result. What I realized after the fact was that I was still logging denials in the mod_security log… to the tune of just over 75M of logs. That is likely what pushed me over the server usage edge, so I’m tempted to keep working at it.

I’ve been testing some changes to Bad Behavior which should slow down such rapid-fire bots. Not by much, but maybe just enough.

I should have the next release (and a fix for the Verizon Wireless issue) out in a day or two.

Also, I made it a point to Spool my spam list from the b2Evolution list,which is updated hourly.(my daughter’s site uses B2E).

so, it basicly gets themselves killed off, and easy way is to deny eastern european ISP, or IP addresses from SERVERS or ISPS eq: 65.*-70.* unless they produce a user-agent,cos Googlebot too gets on nerves with private posts being published!

It occurs to me…
Would it be helpful to change the name of comments.php to something else? I would think a grep search/replace through all the WordPress files could swap that out for whatever you rename it to.

Might this throw off some of the spammers who are just blindly hammering away at what they “know” is the comments function? Haven’t tried, because I haven’t needed to, but it seems this might help some….

A DROP will tell the firewall to not respond to the bot at all. Typically this works well for DOS type attacks because the server doesn’t waste any overhead or bandwidth telling the bot that it’s rejected. In fact, this often ties up the software on the spammers end because it’s waiting for an http response that never comes.

http://www.lesterchan.net/word.....-100-beta/

Worst Offenders is not a 1.0 stable plugin - it was released to fill a hole and see if there is a public requirement for something like it - it seems to have proven useful.

Please do feedback experiences, problems and suggestions. I have my own experience with the plugin, but reading that someone thinks it’s “touchy” doesn’t give me much to go on - I need to know when it fails to live up to expectations, what those expectations are, and why it fails so the next release can do the job better.

Perhaps it’s worth getting it into the WP code management thing so more eyes and fingers can improve it.