BPS Pro JTC Anti-Spam|Anti-Hacker blocks 100% of all automated SpamBots and HackerBots from auto-registering, auto-logins and auto-posting. 99% of all spamming and hacking is automated with Bots. Unfortunately, 1% of spammers are human spammers and the only way to deal with them is to either manually spam their comments or choose to use the WordPress > Settings > Discussion > Comment must be manually approved option to approve or spam comments.
I can see 1 ip address had been blocked. And from what I can remember it was one of the bad people.
[403 GET Request: 28 juni 2017 - 08:17]
BPS: 1.1
WP: 4.8
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 107.150.37.26
Host Name: 107.150.37.26
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /readme.html
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
For the rest I get daily signups from something@something.eamale.com Example: asdferrewr@g.eamale.com
I have added a plugin to show the ip addresses. But do not know what to do with them. Block? They can spoof.
Would the Pro help me better in it?
I have set that the first comment must be approved by the admins.
Since you have the BPS free plugin then you should install a CAPTCHA plugin to block/stop SpamBot and HackerBot auto-registrations & auto-logins. BPS Pro JTC Anti-Spam|Anti-Hacker uses a CAPTCHA and other things to block/stop SpamBots and HackerBots.