The Musings of Chris Samuel » Fake WordPress/2.1-alpha3 Trackback Spam Countermeasure (and a factoid) (Updated)

For those of you who control your Apache server driving your blog and who would like to easily block the incoming tide of spam with the fake user-agent “-- WordPress/2.1-alpha3” then all you need to do is to add the following to your .htaccess or central Apache configuration.

BrowserMatchNoCase "-- WordPress/2.1-alpha3" spambot=1 Order allow,deny deny from env=spambot allow from all

That should then cause the spammers to bounce off with a 403 “go away” error. You can also lather, rinse, repeat for other spam user-agents you would prefer not to let into the house..

On another point, a couple of them (one each in Brazil, Holland and Israel) had a fake SMTP server listening on port 25:

220 ESMTP service ready help 250 ok quit 250 ok quit 250 ok bye 250 ok ^] telnet> quit Connection closed.

Very odd!

Update: Also see Fight Blog Spam with Apache ^[1].

^[2]Back from Tasmania! ^[2]
^[3]It Gets Worse ^[3]
^[4]China and the quest for (electrical) power ^[4]
^[5]Afghan on Trial for Religious Conversion & Under Threat of Execution ^[5]
^[6]Comments fixed ^[6]
^[7]Twitter Weekly Updates for 2009-07-26 ^[7]

Related Posts