Fake WordPress/2.1-alpha3 Trackback Spam Countermeasure (and a factoid) (Updated)

For those of you who control your Apache server driving your blog and who would like to easily block the incoming tide of spam with the fake user-agent “-- WordPress/2.1-alpha3” then all you need to do is to add the following to your .htaccess or central Apache configuration.

BrowserMatchNoCase "-- WordPress/2.1-alpha3" spambot=1 Order allow,deny
deny from env=spambot
allow from all

That should then cause the spammers to bounce off with a 403 “go away” error. You can also lather, rinse, repeat for other spam user-agents you would prefer not to let into the house..

On another point, a couple of them (one each in Brazil, Holland and Israel) had a fake SMTP server listening on port 25:

220 ESMTP service ready
250 ok
250 ok
250 ok
250 ok
telnet> quit
Connection closed.

Very odd!

Update: Also see Fight Blog Spam with Apache.