This site has been up for a few years now. Very few (hardly any) visitors. That’s fine. This is really just a place for me to make notes about tech that’s on my mind. Without a job there’s fewer situations that I find myself having to resolve so less to write about.
wp.boba.org is on the Internet though, so of course it gets hit by bots. And since commenting without creating a login is permitted the bots attempt to post spam. Comments need to be approved before they’re displayed so I see, and reject, all of them. Source IP is usually Russia but spam comments also come from Kazakhstan, Belarus, Iran, Amsterdam, Saudi Arabia, Kuwait, Dubai, China, and VPNs that originate in Stockholm and London, among other places.
For a while I didn’t bother about it and simply marked those comments as spam so they never show up on the site. Lately though I’ve changed my approach a bit. Since I’m not trying to make a popular site and I realize the likelihood of getting real comments from any of those locations is infinitesimal I decided to start blocking networks that spam comments are coming from.
The interesting thing is that once I began blocking networks, spam comments became a bit more frequent. Each time from a new network, of course, because the firewall was updated for each new spam source.
The spam being more frequent is a subjective measure but when the first block rule went in it was a while before another spam comment showed up. After that new network was blocked the interval to the next spam comment was less than the interval from the first to the second. It seems as if once a site is detected where spam can be posted that IP or URL is shared among spammers so they can all take a crack at it.
I’ve also found how to add Internet block lists to the firewall. There’s hundreds of thousands if IPs that are blocked and the lists are updated daily. Even so, and much to my surprise, after adding the block lists, the only blocks I see in the log are from the spammer networks. That is honestly a surprise to me. With hundreds of thousands of IPs in the block lists I would have thought some would show up in the log. None have so far. That’s a good thing, but still a surprise.
Today’s blocked networks follow below. It will probably be a day or two before there will be others to add. Don’t expect updates. Hmmm…….
37.99.32.0/20
37.99.48.0/20
37.99.80.0/21
37.221.0.0/24
45.88.76.0/22
46.8.10.0/23
46.151.28.0/24
46.161.11.0/24
62.113.118.0/24
77.238.237.0/24
80.239.140.192/27
84.17.48.0/23
84.38.188.0/24
87.249.136.0/22
91.84.100.96/27
91.201.113.0/24
93.183.92.0/24
178.172.152.0/24
178.217.99.0/24
179.43.128.0/18
183.0.0.0/10
185.173.37.0/24
188.126.89.64/27
192.42.116.192/27
194.32.122.0/24
195.2.70.0/24
195.181.174.0/23
212.34.128.0/24
212.34.141.0/24
212.34.148.0/24