BuddyPress Spam Registration – BuddyPress Anti-Spam Registration

Home Forums BulletProof Security Pro BuddyPress Spam Registration – BuddyPress Anti-Spam Registration

This topic contains 20 replies, has 4 voices, and was last updated by  Chazz 2 years, 6 months ago.

Viewing 15 posts - 1 through 15 (of 21 total)
  • Author
    Posts
  • #5820

    AITpro Admin
    Keymaster

    Got BuddyPress Spam Registration issues?  Here ya go.  😉
    Note:  This code is intended to be used in addition to other Spam protection/prevention plugins, such as Akismet.
    Disregard the IP Blocking Code method.  We have found a new method that so far has produced these results:  0 spam registrations in 12 hours:  http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/#post-9378

    1.  Create a new Page in WordPress with this slug (URL) – /spam-prevention or if you want to use a different slug (URL) then change the .htaccess code RewriteRule to match whatever slug (URL) you choose.

    RewriteRule ^(.*)$ /spam-prevention [R=301,L]

    2.  Add/copy this custom .htaccess code below to BPS Custom Code in this Custom Code text box:  CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here, click the Save Root Custom Code button, go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    NOTE:  Edit/Change the HTTP_REFERER .htaccess code below and add your actual domain name in place of “add-your-domain-name-here.com”.

    # BuddyPress Anti-Spam Registration
    RewriteCond %{REQUEST_URI} ^/register/$
    RewriteCond %{HTTP_REFERER} !^.*add-your-domain-name-here.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^(|-?)$ [NC,OR]
    RewriteCond %{THE_REQUEST} HTTP/1\.0$
    RewriteRule ^(.*)$ /spam-prevention [R=301,L]
    #6906

    AITpro Admin
    Keymaster

    Disregard the IP Blocking Code method.  We have found a new method that so far has produced these results:  0 spam registrations in 12 hours:  http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/#post-9378

    The majority (99%) of these IP addresses are for known Chinese Spammers (very annoying and persistent spammers) and entire Chinese spammer subnets are blocked/forbidden access to the website – PERIOD.  And yes it would be quicker and simpler to block all Chinese IP Addresses using CIDR Blocks in the example below instead of doing this Spammer confirmation/building process.

    Example of IP blocking by CIDR Blocks:

    # BLOCK/FORBID Chinese Spammers by CIDR Blocks
    Order Allow,Deny
    Deny from 27.8.0.0/13
    Deny from 27.16.0.0/12
    Deny from 27.36.0.0/14
    Deny from 27.40.0.0/13
    Deny from 27.50.128.0/17
    Deny from 27.54.192.0/18
    Deny from 27.98.208.0/20
    Deny from 27.98.224.0/19
    Deny from 27.99.128.0/17
    Deny from 27.103.0.0/16
    Deny from 27.106.128.0/18
    Deny from 27.109.32.0/19
    Deny from 27.112.0.0/18
    Deny from 27.112.80.0/20
    Deny from 27.113.128.0/18
    Deny from 27.115.0.0/17
    Deny from 27.128.0.0/15
    Deny from 27.144.0.0/16
    Deny from 27.148.0.0/14
    Deny from 27.152.0.0/13
    Deny from 27.184.0.0/13
    Deny from 27.192.0.0/11
    Deny from 27.224.0.0/14
    Allow from all

    These IP addresses are verified/confirmed spammers.
    Last Updated on:  Further development will now be done with the new experimental code in testing.

    # BLOCK/FORBID Spammers etc
    Order Allow,Deny
    Deny from 14.18.175.
    Deny from 14.122.120.
    Deny from 14.146.
    Deny from 14.147.
    Deny from 23.19.236.50
    Deny from 27.19.162.
    Deny from 27.46.118.
    Deny from 27.46.122.
    Deny from 27.151.104.
    Deny from 27.152.126.
    Deny from 27.153.
    Deny from 27.154.
    Deny from 27.155.
    Deny from 27.156.
    Deny from 27.159.
    Deny from 27.186.210.
    Deny from 36.33.
    Deny from 36.248.
    Deny from 36.249.
    Deny from 36.250.
    Deny from 36.251.
    Deny from 37.58.71.170
    Deny from 37.59.45.8
    Deny from 49.65.190.140
    Deny from 58.22.
    Deny from 58.34.155.
    Deny from 58.48.32.
    Deny from 58.51.148.
    Deny from 58.64.175.
    Deny from 58.212.159.
    Deny from 58.213.46.
    Deny from 58.247.250.
    Deny from 58.253.216.
    Deny from 59.41.8.
    Deny from 59.57.
    Deny from 59.58.
    Deny from 59.60.
    Deny from 59.173.
    Deny from 59.174.
    Deny from 59.182.83.188
    Deny from 59.182.112.95
    Deny from 60.10.
    Deny from 60.55.
    Deny from 60.166.
    Deny from 60.168.
    Deny from 60.170.
    Deny from 60.173.
    Deny from 60.176.
    Deny from 60.177.
    Deny from 60.215.
    Deny from 61.38.186.
    Deny from 61.131.74.
    Deny from 61.131.127.
    Deny from 61.135.179.
    Deny from 61.144.103.
    Deny from 61.149.13.
    Deny from 61.152.249.
    Deny from 61.154.155.
    Deny from 61.164.163.
    Deny from 61.190.82.
    Deny from 61.231.230.
    Deny from 61.241.
    Deny from 63.223.125.
    Deny from 63.237.252.
    Deny from 67.198.143.58
    Deny from 67.229.68.98
    Deny from 69.163.33.52
    Deny from 69.197.189.
    Deny from 70.32.38.84
    Deny from 70.181.194.28
    Deny from 70.197.196.88
    Deny from 74.80.20.42
    Deny from 75.157.50.59
    Deny from 76.105.85.151
    Deny from 80.220.225.237
    Deny from 81.31.124.153
    Deny from 83.13.58.138
    Deny from 84.86.113.236
    Deny from 87.98.166.141
    Deny from 91.121.28.135
    Deny from 91.121.66.18
    Deny from 98.126.
    Deny from 101.18.192.
    Deny from 101.68.79.
    Deny from 110.80.
    Deny from 110.82.
    Deny from 110.83.
    Deny from 110.84.
    Deny from 110.85.
    Deny from 110.86.
    Deny from 110.87.
    Deny from 110.89.
    Deny from 110.90.
    Deny from 110.153.9.
    Deny from 110.203.83.
    Deny from 111.73.46.
    Deny from 111.142.
    Deny from 111.145.
    Deny from 111.147.
    Deny from 111.161.77.
    Deny from 112.5.234.
    Deny from 112.86.
    Deny from 112.93.229.
    Deny from 112.111.
    Deny from 112.120.66.
    Deny from 112.124.6.
    Deny from 112.215.
    Deny from 112.249.216.
    Deny from 113.6.
    Deny from 113.10.
    Deny from 113.64.
    Deny from 113.65.
    Deny from 113.68.
    Deny from 113.69.
    Deny from 113.71.
    Deny from 113.72.
    Deny from 113.107.
    Deny from 113.108.
    Deny from 113.111.
    Deny from 113.119.
    Deny from 113.205.
    Deny from 113.206.
    Deny from 113.212.
    Deny from 113.240.
    Deny from 114.40.21.
    Deny from 114.44.18.
    Deny from 114.80.136.
    Deny from 114.141.
    Deny from 114.221.1.
    Deny from 115.25.216.
    Deny from 115.196.
    Deny from 115.200.222.
    Deny from 115.203.152.
    Deny from 115.210.
    Deny from 116.1.
    Deny from 116.5.62.
    Deny from 116.21.
    Deny from 116.23.
    Deny from 116.112.66.
    Deny from 116.205.72.
    Deny from 116.251.214.
    Deny from 117.24.
    Deny from 117.25.
    Deny from 117.26.
    Deny from 117.27.
    Deny from 117.29.
    Deny from 117.30.
    Deny from 117.62.174.
    Deny from 117.63.178.
    Deny from 117.64.225.
    Deny from 117.88.184.
    Deny from 119.59.213.
    Deny from 119.96.
    Deny from 119.98.239.
    Deny from 119.130.174.
    Deny from 119.131.58.
    Deny from 119.131.233.
    Deny from 119.145.40.
    Deny from 119.147.146.
    Deny from 119.167.231.
    Deny from 120.32.
    Deny from 120.33.
    Deny from 120.35.108.
    Deny from 120.36.
    Deny from 120.37.
    Deny from 120.40.
    Deny from 120.42.
    Deny from 120.43.
    Deny from 120.50.35.
    Deny from 120.85.204.
    Deny from 120.197.206.
    Deny from 121.15.253.
    Deny from 121.204.
    Deny from 121.205.
    Deny from 121.207.
    Deny from 121.225.
    Deny from 121.237.
    Deny from 122.161.
    Deny from 122.163.
    Deny from 122.225.
    Deny from 122.226.
    Deny from 122.228.
    Deny from 122.233.
    Deny from 123.11.
    Deny from 123.82.
    Deny from 123.82.
    Deny from 123.116.
    Deny from 123.125.
    Deny from 123.126.
    Deny from 124.202.190.
    Deny from 124.202.191.
    Deny from 125.34.5.
    Deny from 125.39.68.
    Deny from 125.70.124.
    Deny from 125.73.61.
    Deny from 125.77.
    Deny from 125.78.
    Deny from 125.86.119.
    Deny from 125.95.29.
    Deny from 125.112.
    Deny from 126.114.
    Deny from 134.241.101.200
    Deny from 140.224.
    Deny from 142.0.134.13
    Deny from 142.54.
    Deny from 153.3.
    Deny from 171.4.197.19
    Deny from 171.113.240.
    Deny from 171.216.59.
    Deny from 171.217.167.
    Deny from 173.95.157.247
    Deny from 173.164.45.221
    Deny from 173.208.2.
    Deny from 173.224.112.122
    Deny from 173.234.53.99
    Deny from 173.254.224.254
    Deny from 174.131.77.159
    Deny from 174.139.83.117
    Deny from 175.42.
    Deny from 175.43.107.
    Deny from 175.44.
    Deny from 176.252.198.202
    Deny from 178.32.172.128
    Deny from 178.33.173.188
    Deny from 180.76.
    Deny from 180.96.16.
    Deny from 180.109.100.
    Deny from 180.110.86.
    Deny from 182.39.9.
    Deny from 182.91.
    Deny from 182.114.15.
    Deny from 183.5.37.
    Deny from 183.14.195.
    Deny from 183.26.
    Deny from 183.27.17.
    Deny from 183.27.18.
    Deny from 183.28.8.
    Deny from 183.47.230.
    Deny from 183.60.121.
    Deny from 183.60.212.
    Deny from 183.61.240.
    Deny from 183.62.192.
    Deny from 183.160.
    Deny from 183.235.130.
    Deny from 183.238.163.
    Deny from 188.165.157.22
    Deny from 192.184.42.130
    Deny from 192.74.247.193
    Deny from 198.2.
    Deny from 198.46.132.
    Deny from 198.46.150.
    Deny from 198.200.
    Deny from 198.204.226.
    Deny from 198.211.7.
    Deny from 198.211.9.
    Deny from 198.244.63.
    Deny from 199.119.139.3
    Deny from 199.119.140.197
    Deny from 199.119.205.5
    Deny from 199.193.64.176
    Deny from 202.105.63.177
    Deny from 204.12.217.171
    Deny from 204.12.226.147
    Deny from 204.12.226.148
    Deny from 205.164.1.246
    Deny from 207.118.62.184
    Deny from 209.21.67.203
    Deny from 210.21.
    Deny from 210.22.115.
    Deny from 210.75.23.
    Deny from 211.20.50.
    Deny from 216.172.130.133
    Deny from 216.172.154.182
    Deny from 216.172.154.184
    Deny from 218.6.
    Deny from 218.6.
    Deny from 218.15.
    Deny from 218.28.
    Deny from 218.29.
    Deny from 218.46.
    Deny from 218.59.
    Deny from 218.66.
    Deny from 218.77.
    Deny from 218.85.
    Deny from 218.86.
    Deny from 218.106.
    Deny from 218.107.
    Deny from 219.72.
    Deny from 219.137.
    Deny from 219.139.
    Deny from 219.140.
    Deny from 219.145.
    Deny from 219.150.
    Deny from 219.159.
    Deny from 220.67.
    Deny from 220.130.
    Deny from 220.160.
    Deny from 220.161.
    Deny from 220.169.
    Deny from 220.180.
    Deny from 220.181.
    Deny from 220.185.
    Deny from 220.200.
    Deny from 220.212.
    Deny from 220.249.
    Deny from 220.250.
    Deny from 221.175.
    Deny from 221.176.
    Deny from 221.232.
    Deny from 222.37.177.
    Deny from 222.76.
    Deny from 222.77.
    Deny from 222.79.
    Deny from 222.90.162.
    Deny from 222.95.248.
    Deny from 222.161.201.
    Deny from 222.187.222.
    Deny from 222.210.201.
    Deny from 222.245.56.
    Deny from 222.247.36.
    Deny from 223.240.
    Allow from all
    #8673

    AITpro Admin
    Keymaster

    Disregard the IP Blocking Code method.  We have found a new method that so far has produced these results:  0 spam registrations in 12 hours:  http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/#post-9378

    This code is a bit more aggressive and is still in testing, but so far it looks very effective.

    # Universal Anti-Spam 1
    # Special Spammer Turds
    # This code will work on any WordPress site type
    # This will be an automated feature option in BPS at some point
    <FilesMatch "^(wp-login\.php)$">
    SetEnvIfNoCase Remote_Host ".*\.vpn999\.com" Turd
    SetEnvIfNoCase Remote_Host ".*\.ubiquity\.io" Turd
    SetEnvIfNoCase Remote_Host ".*\.kimsufi\.com" Turd
    SetEnvIfNoCase Remote_Host ".*\.quadranet\.com" Turd
    SetEnvIfNoCase Remote_Host ".*\.dynamic\..*\.com\.cn" Turd
    SetEnvIfNoCase Remote_Host ".*\.vectranet\.pl" Turd
    SetEnvIfNoCase Remote_Host ".*\.kyivstar\.net" Turd
    SetEnvIfNoCase Remote_Host ".*\.ukfast\.net" Turd
    SetEnvIfNoCase Remote_Addr "^5\.135\.42\." Turd
    SetEnvIfNoCase Remote_Addr "^5\.135\.47\." Turd
    SetEnvIfNoCase Remote_Addr "^5\.135\.60\." Turd
    SetEnvIfNoCase Remote_Addr "^5\.135\.90\." Turd
    SetEnvIfNoCase Remote_Addr "^5\.135\.93\." Turd
    SetEnvIfNoCase Remote_Addr "^5\.135\.112\." Turd
    SetEnvIfNoCase Remote_Addr "^5\.135\.127\." Turd
    SetEnvIfNoCase Remote_Addr "^5\.135\.214\." Turd
    SetEnvIfNoCase Remote_Addr "^5\.135\.240\." Turd
    SetEnvIfNoCase Remote_Addr "^23\.27\.36\." Turd
    SetEnvIfNoCase Remote_Addr "^31\.11\.143\." Turd
    SetEnvIfNoCase Remote_Addr "^31\.184\.238\." Turd
    SetEnvIfNoCase Remote_Addr "^31\.184\.241\." Turd
    SetEnvIfNoCase Remote_Addr "^37\.203\.212\." Turd
    SetEnvIfNoCase Remote_Addr "^46\.37\.165\." Turd
    SetEnvIfNoCase Remote_Addr "^46\.37\.178\." Turd
    SetEnvIfNoCase Remote_Addr "^46\.37\.185\." Turd
    SetEnvIfNoCase Remote_Addr "^50\.118\.218\." Turd
    SetEnvIfNoCase Remote_Addr "^74\.221\.209\." Turd
    SetEnvIfNoCase Remote_Addr "^78\.88\.9\." Turd
    SetEnvIfNoCase Remote_Addr "^78\.88\.41\." Turd
    SetEnvIfNoCase Remote_Addr "^78\.88\.82\." Turd
    SetEnvIfNoCase Remote_Addr "^78\.88\.106\." Turd
    SetEnvIfNoCase Remote_Addr "^78\.88\.242\." Turd
    SetEnvIfNoCase Remote_Addr "^78\.88\.243\." Turd
    SetEnvIfNoCase Remote_Addr "^78\.88\.255\." Turd
    SetEnvIfNoCase Remote_Addr "^79\.133\.200\." Turd
    SetEnvIfNoCase Remote_Addr "^80\.72\.38\." Turd
    SetEnvIfNoCase Remote_Addr "^84\.200\.77\." Turd
    SetEnvIfNoCase Remote_Addr "^91\.108\.180\." Turd
    SetEnvIfNoCase Remote_Addr "^91\.121\.25\." Turd
    SetEnvIfNoCase Remote_Addr "^91\.121\.28\." Turd
    SetEnvIfNoCase Remote_Addr "^91\.121\.50\." Turd
    SetEnvIfNoCase Remote_Addr "^91\.121\.66\." Turd
    SetEnvIfNoCase Remote_Addr "^91\.121\.104\." Turd
    SetEnvIfNoCase Remote_Addr "^91\.236\.74\." Turd
    SetEnvIfNoCase Remote_Addr "^91\.236\.75\." Turd
    SetEnvIfNoCase Remote_Addr "^91\.237\.249\." Turd
    SetEnvIfNoCase Remote_Addr "^93\.23\.141\.46" Turd
    SetEnvIfNoCase Remote_Addr "^93\.23\.142\.88" Turd
    SetEnvIfNoCase Remote_Addr "^93\.23\.139\.20" Turd
    SetEnvIfNoCase Remote_Addr "^93\.23\.139\.29" Turd
    SetEnvIfNoCase Remote_Addr "^93\.23\.194\.65" Turd
    SetEnvIfNoCase Remote_Addr "^94\.23\." Turd
    SetEnvIfNoCase Remote_Addr "^95\.211\.188\." Turd
    SetEnvIfNoCase Remote_Addr "^95\.211\.195\." Turd
    SetEnvIfNoCase Remote_Addr "^108\.62\.71\." Turd
    SetEnvIfNoCase Remote_Addr "^142\.91\.154\." Turd
    SetEnvIfNoCase Remote_Addr "^151\.237\.88\." Turd
    SetEnvIfNoCase Remote_Addr "^153\.3\.36\." Turd
    SetEnvIfNoCase Remote_Addr "^153\.3\.37\." Turd
    SetEnvIfNoCase Remote_Addr "^153\.3\.44\." Turd
    SetEnvIfNoCase Remote_Addr "^153\.3\.45\." Turd
    SetEnvIfNoCase Remote_Addr "^153\.3\.51\." Turd
    SetEnvIfNoCase Remote_Addr "^153\.3\.52\." Turd
    SetEnvIfNoCase Remote_Addr "^153\.3\.53\." Turd
    SetEnvIfNoCase Remote_Addr "^174\.139\.56\." Turd
    SetEnvIfNoCase Remote_Addr "^174\.139\.82\." Turd
    SetEnvIfNoCase Remote_Addr "^174\.139\.83\." Turd
    SetEnvIfNoCase Remote_Addr "^174\.139\.163\." Turd
    SetEnvIfNoCase Remote_Addr "^176\.31\." Turd
    SetEnvIfNoCase Remote_Addr "^178\.33\.181\." Turd
    SetEnvIfNoCase Remote_Addr "^178\.137\.83\." Turd
    SetEnvIfNoCase Remote_Addr "^178\.238\.130\." Turd
    SetEnvIfNoCase Remote_Addr "^192\.119\.144\." Turd
    SetEnvIfNoCase Remote_Addr "^192\.119\.154\." Turd
    SetEnvIfNoCase Remote_Addr "^198\.46\." Turd
    SetEnvIfNoCase Remote_Addr "^198\.50\." Turd
    SetEnvIfNoCase Remote_Addr "^198\.52\." Turd
    SetEnvIfNoCase Remote_Addr "^198\.55\." Turd
    SetEnvIfNoCase Remote_Addr "^198\.143\." Turd
    SetEnvIfNoCase Remote_Addr "^198\.148\." Turd
    SetEnvIfNoCase Remote_Addr "^198\.245\." Turd
    SetEnvIfNoCase Remote_Addr "^205\.209\.135\.229" Turd
    SetEnvIfNoCase Remote_Addr "^205\.209\.135\.231" Turd
    SetEnvIfNoCase Remote_Addr "^205\.209\.135\.235" Turd
    SetEnvIfNoCase Remote_Addr "^220\.255\.1\." Turd
    Order Allow,Deny
    Deny from env=Turd
    Allow from all
    </FilesMatch>
    
    # Universal Anti-Spam 1
    # These Super Special Turds should win a Spammer award
    SetEnvIfNoCase Remote_Host ".*\.vpn999\.com" SuperTurd
    SetEnvIfNoCase Remote_Host ".*\.quadranet\.com" SuperTurd
    SetEnvIfNoCase Remote_Host ".*\.dynamic\..*\.com\.cn" SuperTurd
    
    Order Allow,Deny
    Allow from All
    Deny from env=SuperTurd
    
    # BuddyPress Anti-Spam Registration 1
    # Filter by HTTP/1.0 ONLY GET or POST
    RewriteCond %{REQUEST_URI} ^(/register|/activate/|wp-login\.php)$
    RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
    RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
    RewriteRule ^(.*)$ /spam-prevention [R=301,L]
    
    # BuddyPress Anti-Spam Registration 2
    # Filter by HTTP/1.0 & Referer GET or POST
    RewriteCond %{REQUEST_URI} ^(/register|/activate/|wp-login\.php)$
    RewriteCond %{HTTP_REFERER} !^.*ait-pro.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^(|-?)$ [NC,OR]
    RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
    RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
    RewriteRule ^(.*)$ /spam-prevention [R=301,L]
    #9027

    Todd
    Participant

    I’m assuming that you’re doing a 301 in order to trick the bot into thinking the page doesn’t exist instead of a 403 where it will re-attempt?

    #9029

    AITpro Admin
    Keymaster

    It is not a matter of trying to trick Spammer bots.  The Spammer bot will be unable to complete the Registration form submission since the 301 redirect will redirect the bot away from the Registration page to the Spam Prevention template page.  The Spam Prevention custom template page that we created serves the additional purpose of creating a user friendly page in the case of a legitimate user being seen as a Spammer.  At some point we will add some additional help info on how to add/create a WordPress custom template Spam Prevention page.

    forum.ait-pro.com/spam-prevention

    Spam Registration / Prevention Page

    Your Forum Registration was seen as a Spammer Registration. If you are unable to Register to the BulletProof Security Forum please send an email using this Contact Form link http: //www.ait-pro.com/contact/ to notify us of this error. Thank you.

    #9070

    AITpro Admin
    Keymaster

    Correction for this statement:

    The Spammer bot will be unable to complete the Registration form submission since the 301 redirect will redirect the bot away from the Registration page to the Spam Prevention template page.  

    If the Spam bot script does not follow redirects in the automated spam bot script then the end result is the same – the spam bot will be unable to access the Registration page either way.

    #9102

    AITpro Admin
    Keymaster

    This is a very interesting fact that I did not know about.

    Source:  http://www.spamhaus.org/rokso/

    100 Known Spam Operations responsible for 80% of your spam.

    80% of spam received by Internet users in North America and Europe can be traced via aliases, addresses, redirects, locations of servers, domains and dns setups, to a hard-core group of around 100 known spam operations, almost all of whom are listed in the ROKSO database.

    Each spam operation, or “spam gang”, consists on average of between 1 to 5 spammers (giving an etimated total of 300-400 spammers).

    #9123

    AITpro Admin
    Keymaster

    Disregard the IP Blocking Code method.  We have found a new method that so far has produced these results:  0 spam registrations in 12 hours:  http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/#post-9378

    Universal (works on all WordPress site types) Anti-Spam currently being tested.  Checking/testing performance and other factors.  The end goal is to automate this by adding/creating a one-click BPS option to add/block/forbid/redirect spammer IP addresses or spammer hosts to the root .htaccess file automatically.

    Dev Notes:

    This code directly below is too complex and not practical for both manual manipulation and automation (unless an entire CIDR block was being blocked).

    (58\.2[02]\.|58\.34\.155\.|58\.48\.32\.|58\.51\.148\.|58\.64\.175\.|58\.2[145][237]\.[0-9]+\.)

    Using the Pipe Operator “or” condition vs individual RewriteCond lines improves performance.  This code is a good balance of simplicity/complexity for both manual and automated manipulation.

    Spam Prevention page new text:  Your IP Address was detected as a Spammer IP Address. If this is a mistake please send an email using this Contact Form link http://www.ait-pro.com/contact/ to notify us of this error. Thank you.

    Note:  This anti-spammer code is intended to be used in addition to your current anti-spam plugins, such as Akismet.

    Test Phase 2:  9-4-2013

    Notes:  Leaving registered spammer user accounts intact that have their login account locked out are still able to submit spam via xml-rpc.  Testing ranges, methods, capabilities in order to make a final assessment.

    # Universal Anti-Spam 1
    # Block/Forbid known Spammers from accessing wp-login.php page
    # This code will work on any WordPress site type
    # Note: XML-RPC spammers can bypass this
    # testing adding xmlrpc.php to FilesMatch - 9-4-2013
    # testing adding profile.php to FilesMatch - 9-4-2013
    <FilesMatch "^(wp-login\.php|xmlrpc\.php|profile\.php)$">
    SetEnvIfNoCase Remote_Host ".*\.vpn999\.com" Spammer
    SetEnvIfNoCase Remote_Host ".*\.ubiquity\.io" Spammer
    SetEnvIfNoCase Remote_Host ".*\.ubiquityservers\.com" Spammer
    SetEnvIfNoCase Remote_Host ".*\.kimsufi\.com" Spammer
    SetEnvIfNoCase Remote_Host ".*\.quadranet\.com" Spammer
    SetEnvIfNoCase Remote_Host ".*\.dynamic\..*\.com\.cn" Spammer
    SetEnvIfNoCase Remote_Host ".*\.vectranet\.pl" Spammer
    SetEnvIfNoCase Remote_Host ".*\.kyivstar\.net" Spammer
    SetEnvIfNoCase Remote_Host ".*\.ukfast\.net" Spammer
    SetEnvIfNoCase Remote_Host ".*\.btcentralplus\.com" Spammer
    SetEnvIfNoCase Remote_Addr "^5\.39\.44\." Spammer
    SetEnvIfNoCase Remote_Addr "^5\.135\.42\." Spammer
    SetEnvIfNoCase Remote_Addr "^5\.135\.47\." Spammer
    SetEnvIfNoCase Remote_Addr "^5\.135\.60\." Spammer
    SetEnvIfNoCase Remote_Addr "^5\.135\.90\." Spammer
    SetEnvIfNoCase Remote_Addr "^5\.135\.93\." Spammer
    SetEnvIfNoCase Remote_Addr "^5\.135\.112\." Spammer
    SetEnvIfNoCase Remote_Addr "^5\.135\.127\." Spammer
    SetEnvIfNoCase Remote_Addr "^5\.135\.214\." Spammer
    SetEnvIfNoCase Remote_Addr "^5\.135\.240\." Spammer
    SetEnvIfNoCase Remote_Addr "^23\.27\.36\." Spammer
    SetEnvIfNoCase Remote_Addr "^23\.81\.65\." Spammer
    SetEnvIfNoCase Remote_Addr "^31\.11\.143\." Spammer
    SetEnvIfNoCase Remote_Addr "^31\.184\.238\." Spammer
    SetEnvIfNoCase Remote_Addr "^31\.184\.241\." Spammer
    SetEnvIfNoCase Remote_Addr "^37\.59\.131\." Spammer
    SetEnvIfNoCase Remote_Addr "^37\.203\.212\." Spammer
    SetEnvIfNoCase Remote_Addr "^46\.37\.165\." Spammer
    SetEnvIfNoCase Remote_Addr "^46\.37\.178\." Spammer
    SetEnvIfNoCase Remote_Addr "^46\.37\.185\." Spammer
    SetEnvIfNoCase Remote_Addr "^50\.117\.76\." Spammer
    SetEnvIfNoCase Remote_Addr "^50\.118\.218\." Spammer
    SetEnvIfNoCase Remote_Addr "^69\.147\.240\." Spammer
    SetEnvIfNoCase Remote_Addr "^74\.221\.209\." Spammer
    SetEnvIfNoCase Remote_Addr "^78\.88\.9\." Spammer
    SetEnvIfNoCase Remote_Addr "^78\.88\.41\." Spammer
    SetEnvIfNoCase Remote_Addr "^78\.88\.82\." Spammer
    SetEnvIfNoCase Remote_Addr "^78\.88\.106\." Spammer
    SetEnvIfNoCase Remote_Addr "^78\.88\.242\." Spammer
    SetEnvIfNoCase Remote_Addr "^78\.88\.243\." Spammer
    SetEnvIfNoCase Remote_Addr "^78\.88\.255\." Spammer
    SetEnvIfNoCase Remote_Addr "^79\.133\.200\." Spammer
    SetEnvIfNoCase Remote_Addr "^80\.72\.38\." Spammer
    SetEnvIfNoCase Remote_Addr "^84\.200\.77\." Spammer
    SetEnvIfNoCase Remote_Addr "^86\.129\.33\.79" Spammer
    SetEnvIfNoCase Remote_Addr "^91\.108\.180\." Spammer
    SetEnvIfNoCase Remote_Addr "^91\.121\.25\." Spammer
    SetEnvIfNoCase Remote_Addr "^91\.121\.28\." Spammer
    SetEnvIfNoCase Remote_Addr "^91\.121\.50\." Spammer
    SetEnvIfNoCase Remote_Addr "^91\.121\.66\." Spammer
    SetEnvIfNoCase Remote_Addr "^91\.121\.70\." Spammer
    SetEnvIfNoCase Remote_Addr "^91\.121\.104\." Spammer
    SetEnvIfNoCase Remote_Addr "^91\.236\.74\." Spammer
    SetEnvIfNoCase Remote_Addr "^91\.236\.75\." Spammer
    SetEnvIfNoCase Remote_Addr "^91\.237\.249\." Spammer
    SetEnvIfNoCase Remote_Addr "^93\.23\.141\.46" Spammer
    SetEnvIfNoCase Remote_Addr "^93\.23\.142\.88" Spammer
    SetEnvIfNoCase Remote_Addr "^93\.23\.139\.20" Spammer
    SetEnvIfNoCase Remote_Addr "^93\.23\.139\.29" Spammer
    SetEnvIfNoCase Remote_Addr "^93\.23\.194\.65" Spammer
    SetEnvIfNoCase Remote_Addr "^94\.23\." Spammer
    SetEnvIfNoCase Remote_Addr "^95\.211\.188\." Spammer
    SetEnvIfNoCase Remote_Addr "^95\.211\.195\." Spammer
    SetEnvIfNoCase Remote_Addr "^108\.62\.71\." Spammer
    SetEnvIfNoCase Remote_Addr "^109\.241\.131\.81" Spammer
    SetEnvIfNoCase Remote_Addr "^142\.91\.154\." Spammer
    SetEnvIfNoCase Remote_Addr "^149\.255\.111\." Spammer
    SetEnvIfNoCase Remote_Addr "^151\.237\.88\." Spammer
    SetEnvIfNoCase Remote_Addr "^153\.3\.36\." Spammer
    SetEnvIfNoCase Remote_Addr "^153\.3\.37\." Spammer
    SetEnvIfNoCase Remote_Addr "^153\.3\.44\." Spammer
    SetEnvIfNoCase Remote_Addr "^153\.3\.45\." Spammer
    SetEnvIfNoCase Remote_Addr "^153\.3\.51\." Spammer
    SetEnvIfNoCase Remote_Addr "^153\.3\.52\." Spammer
    SetEnvIfNoCase Remote_Addr "^153\.3\.53\." Spammer
    SetEnvIfNoCase Remote_Addr "^166\.78\.161\.49" Spammer
    SetEnvIfNoCase Remote_Addr "^174\.139\.56\." Spammer
    SetEnvIfNoCase Remote_Addr "^174\.139\.82\." Spammer
    SetEnvIfNoCase Remote_Addr "^174\.139\.83\." Spammer
    SetEnvIfNoCase Remote_Addr "^174\.139\.163\." Spammer
    SetEnvIfNoCase Remote_Addr "^176\.31\." Spammer
    SetEnvIfNoCase Remote_Addr "^178\.32\.232\." Spammer
    SetEnvIfNoCase Remote_Addr "^178\.33\.25\." Spammer
    SetEnvIfNoCase Remote_Addr "^178\.33\.181\." Spammer
    SetEnvIfNoCase Remote_Addr "^178\.137\.83\." Spammer
    SetEnvIfNoCase Remote_Addr "^178\.238\.130\." Spammer
    SetEnvIfNoCase Remote_Addr "^182\.91\." Spammer
    SetEnvIfNoCase Remote_Addr "^184\.154\.115\." Spammer
    SetEnvIfNoCase Remote_Addr "^190\.245\.43\." Spammer
    SetEnvIfNoCase Remote_Addr "^192\.95\.0\." Spammer
    SetEnvIfNoCase Remote_Addr "^192\.119\.144\." Spammer
    SetEnvIfNoCase Remote_Addr "^192\.119\.154\." Spammer
    SetEnvIfNoCase Remote_Addr "^199\.180\.128\." Spammer
    SetEnvIfNoCase Remote_Addr "^198\.46\." Spammer
    SetEnvIfNoCase Remote_Addr "^198\.50\." Spammer
    SetEnvIfNoCase Remote_Addr "^198\.52\." Spammer
    SetEnvIfNoCase Remote_Addr "^198\.55\." Spammer
    SetEnvIfNoCase Remote_Addr "^198\.143\." Spammer
    SetEnvIfNoCase Remote_Addr "^198\.148\." Spammer
    SetEnvIfNoCase Remote_Addr "^198\.245\." Spammer
    SetEnvIfNoCase Remote_Addr "^205\.209\.135\.229" Spammer
    SetEnvIfNoCase Remote_Addr "^205\.209\.135\.231" Spammer
    SetEnvIfNoCase Remote_Addr "^205\.209\.135\.235" Spammer
    SetEnvIfNoCase Remote_Addr "^217\.195\.202\." Spammer
    SetEnvIfNoCase Remote_Addr "^220\.255\.1\." Spammer
    SetEnvIfNoCase Remote_Addr "^208\.89\.208\." Spammer
    Order Allow,Deny
    Deny from env=Spammer
    Allow from all
    </FilesMatch>
    
    # Universal Anti-Spam 2
    # Block/Forbid known Spam Hosts
    SetEnvIfNoCase Remote_Host "^.*\.vpn999\.com$" SpamHost
    SetEnvIfNoCase Remote_Host "^.*\.quadranet\.com$" SpamHost
    SetEnvIfNoCase Remote_Host "^.*\.dynamic\..*\.com\.cn$" SpamHost
    
    Order Allow,Deny
    Allow from All
    Deny from env=SpamHost
    
    # Universal Anti-Spam 3
    # Redirect by HTTP/1.0 to /spam-prevention page
    RewriteCond %{REQUEST_URI} ^(/register|/activate/|wp-login\.php)$
    RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
    RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
    RewriteRule ^(.*)$ /spam-prevention [R=301,L]
    
    # Universal Anti-Spam 4
    # Redirect by HTTP/1.0 & Referer to /spam-prevention page
    RewriteCond %{REQUEST_URI} ^(/register|/activate/|wp-login\.php)$
    RewriteCond %{HTTP_REFERER} !^.*ait-pro.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^(|-?)$ [NC,OR]
    RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
    RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
    RewriteRule ^(.*)$ /spam-prevention [R=301,L]
    
    # Universal Anti-Spam 5
    # Redirect XML-RPC Exploit spam methods
    # Login bypass/Remote Post spammers
    # May be simpler just to disable XML-RPC altogether or try creating an xmlrpc.php URI RewriteCond next
    # The Universal Anti-Spam 1 code now includes xmlrpc.php for the next testing phase
    RewriteCond %{REMOTE_ADDR} ^(50\.117\.76\.|91\.108\.180\.|91\.121\.25\.|91\.121\.28\.|91\.121\.50\.|91\.121\.66\.|91\.121\.70\.|91\.121\.104\.|91\.236\.74\.|91\.236\.75\.|91\.237\.249\.|113\.96\.)
    RewriteRule ^(.*)$ /spam-prevention [R=301,L]
    
    # Universal Anti-Spam 6
    # Redirect known Chinese Spammers to /spam-prevention page
    # if a legitimate person is sent to the spam prevention page
    # a contact email address on the page allows them to report the mistake
    RewriteCond %{REMOTE_ADDR} ^(14\.18\.175\.|14\.122\.120\.|14\.145\.|14\.146\.|14\.147\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(23\.19\.236\.50) [OR]
    RewriteCond %{REMOTE_ADDR} ^(27\.19\.162\.|27\.46\.118\.|27\.46\.122\.|27\.151\.104\.|27\.152\.126\.|27\.153\.|27\.154\.|27\.155\.|27\.156\.|27\.159\.|27\.186\.210\.|27\.194\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(36\.33\.|36\.248\.|36\.249\.|36\.250\.|36\.251\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(37\.58\.71\.170|37\.59\.45\.8) [OR]
    RewriteCond %{REMOTE_ADDR} ^(49\.65\.190\.140) [OR]
    RewriteCond %{REMOTE_ADDR} ^(58\.20\.|58\.22\.|58\.34\.155\.|58\.48\.32\.|58\.51\.148\.|58\.64\.175\.|58\.212\.159\.|58\.213\.46\.|58\.247\.250\.|58\.253\.216\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(59\.41\.8\.|59\.57\.|59\.58\.|59\.60\.|59\.173\.|59\.174\.|59\.182\.83\.188|59\.182\.112\.95) [OR]
    RewriteCond %{REMOTE_ADDR} ^(60\.10\.|60\.55\.|60\.166\.|60\.168\.|60\.170\.|60\.173\.|60\.176\.|60\.177\.|60\.215\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(61\.38\.186\.|61\.38\.252\.|61\.131\.74\.|61\.131\.127\.|61\.135\.179\.|61\.144\.103\.|61\.149\.13\.|61\.152\.249\.|61\.154\.155\.|61\.164\.163\.|61\.166\.55\.|61\.190\.82\.|61\.231\.230\.|61\.241\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(63\.223\.125\.|63\.237\.252\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(67\.198\.143\.58|67\.229\.68\.98) [OR]
    RewriteCond %{REMOTE_ADDR} ^(69\.163\.33\.52|69\.197\.189\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(70\.32\.38\.84|70\.181\.194\.28|70\.197\.196\.88) [OR]
    RewriteCond %{REMOTE_ADDR} ^(74\.80\.20\.42) [OR]
    RewriteCond %{REMOTE_ADDR} ^(75\.157\.50\.59) [OR]
    RewriteCond %{REMOTE_ADDR} ^(76\.105\.85\.151) [OR]
    RewriteCond %{REMOTE_ADDR} ^(80\.220\.225\.237) [OR]
    RewriteCond %{REMOTE_ADDR} ^(81\.31\.124\.153) [OR]
    RewriteCond %{REMOTE_ADDR} ^(83\.13\.58\.138) [OR]
    RewriteCond %{REMOTE_ADDR} ^(84\.86\.113\.236) [OR]
    RewriteCond %{REMOTE_ADDR} ^(87\.98\.166\.141) [OR]
    RewriteCond %{REMOTE_ADDR} ^(91\.121\.28\.135|91\.121\.66\.18) [OR]
    RewriteCond %{REMOTE_ADDR} ^(98\.126\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(101\.18\.192\.|101\.68\.79\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(110\.80\.|110\.82\.|110\.83\.|110\.84\.|110\.85\.|110\.86\.|110\.87\.|110\.89\.|110\.90\.|110\.153\.9\.|110\.203\.83\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(111\.73\.46\.|111\.142\.|111\.145\.|111\.147\.|111\.161\.77\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(112\.5\.234\.|112\.86\.|112\.93\.229\.|112\.95\.|112\.111\.|112\.120\.66\.|112\.124\.6\.|112\.215\.|112\.249\.216\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(113\.6\.|113\.10\.|113\.64\.|113\.65\.|113\.68\.|113\.69\.|113\.71\.|113\.72\.|113\.87\.|113\.96\.|113\.97\.|113\.107\.|113\.108\.|113\.111\.|113\.119\.|113\.139\.|113\.205\.|113\.206\.|113\.212\.|113\.240\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(114\.40\.21\.|114\.44\.18\.|114\.80\.136\.|114\.141\.|114\.221\.1\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(115\.25\.216\.|115\.196\.|115\.200\.222\.|115\.203\.152\.|115\.210\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(116\.1\.|116\.5\.62\.|116\.21\.|116\.22\.|116\.23\.|116\.112\.66\.|116\.205\.72\.|116\.251\.214\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(117\.24\.|117\.25\.|117\.26\.|117\.27\.|117\.29\.|117\.30\.|117\.62\.174\.|117\.63\.178\.|117\.64\.225\.|117\.88\.184\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(119\.59\.|119\.96\.|119\.98\.|119\.130\.|119\.131\.|119\.145\.|119\.147\.|119\.167\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(120\.32\.|120\.33\.|120\.35\.|120\.36\.|120\.37\.|120\.40\.|120\.42\.|120\.43\.|120\.50\.|120\.85\.|120\.197\.206\.|120\.237\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(121\.15\.253\.|121\.204\.|121\.205\.|121\.207\.|121\.225\.|121\.237\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(122\.161\.|122\.225\.|122\.226\.|122\.228\.|122\.233\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(123\.11\.|123\.53\.|123\.82\.|123\.82\.|123\.116\.|123\.125\.|123\.126\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(124\.202\.190\.|124\.202\.191\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(125\.34\.5\.|125\.39\.68\.|125\.70\.124\.|125\.73\.61\.|125\.77\.|125\.78\.|125\.86\.119\.|125\.95\.29\.|125\.112\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(126\.114\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(134\.241\.101\.200) [OR]
    RewriteCond %{REMOTE_ADDR} ^(140\.224\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(142\.0\.134\.13|142\.54\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(153\.3\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(171\.4\.197\.19|171\.113\.240\.|171\.216\.59\.|171\.217\.167\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(173\.95\.157\.247|173\.164\.45\.221|173\.208\.2\.|173\.224\.112\.122|173\.234\.53\.99|173\.254\.224\.254) [OR]
    RewriteCond %{REMOTE_ADDR} ^(174\.131\.77\.159|174\.139\.83\.117) [OR]
    RewriteCond %{REMOTE_ADDR} ^(175\.42\.|175\.43\.107\.|175\.44\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(176\.252\.198\.202) [OR]
    RewriteCond %{REMOTE_ADDR} ^(178\.32\.172\.128|178\.33\.173\.188) [OR]
    RewriteCond %{REMOTE_ADDR} ^(180\.76\.|180\.96\.16\.|180\.109\.100\.|180\.110\.86\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(182\.39\.9\.|182\.91\.|182\.114\.15\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(183\.5\.37\.|183\.14\.195\.183\.23\.|183\.26\.|183\.27\.17\.|183\.27\.18\.|183\.28\.8\.|183\.47\.230\.|183\.60\.121\.|183\.60\.212\.|183\.61\.240\.|183\.62\.192\.|183\.160\.|183\.235\.130\.|183\.238\.163\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(188\.165\.157\.22) [OR]
    RewriteCond %{REMOTE_ADDR} ^(192\.184\.42\.130|192\.74\.247\.193) [OR]
    RewriteCond %{REMOTE_ADDR} ^(198\.2\.|198\.46\.132\.|198\.46\.150\.|198\.200\.|198\.204\.226\.|198\.211\.7\.|198\.211\.9\.|198\.244\.63\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(199\.119\.139\.3|199\.119\.140\.197|199\.119\.205\.5|199\.193\.64\.176) [OR]
    RewriteCond %{REMOTE_ADDR} ^(202\.101\.|202\.105\.63\.177) [OR]
    RewriteCond %{REMOTE_ADDR} ^(204\.12\.217\.171|204\.12\.226\.147|204\.12\.226\.148) [OR]
    RewriteCond %{REMOTE_ADDR} ^(205\.164\.1\.246) [OR]
    RewriteCond %{REMOTE_ADDR} ^(207\.118\.62\.184) [OR]
    RewriteCond %{REMOTE_ADDR} ^(209\.21\.67\.203) [OR]
    RewriteCond %{REMOTE_ADDR} ^(210\.21\.|210\.22\.115\.|210\.75\.23\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(211\.20\.50\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(216\.172\.130\.133|216\.172\.154\.182|216\.172\.154\.184) [OR]
    RewriteCond %{REMOTE_ADDR} ^(218\.1\.71\.|218\.6\.|218\.15\.|218\.28\.|218\.29\.|218\.46\.|218\.59\.|218\.66\.|218\.77\.|218\.85\.|218\.86\.|218\.106\.|218\.107\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(219\.72\.|219\.137\.|219\.139\.|219\.140\.|219\.145\.|219\.150\.|219\.159\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(220\.67\.|220\.130\.|220\.132\.|220\.160\.|220\.161\.|220\.169\.|220\.180\.|220\.181\.|220\.185\.|220\.200\.|220\.212\.|220\.249\.|220\.250\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(221\.175\.|221\.176\.|221\.232\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(222\.37\.|222\.76\.|222\.77\.|222\.79\.|222\.90\.|222\.92\.|222\.95\.|222\.161\.|222\.187\.|222\.210\.|222\.245\.|222\.247\.) [OR]
    RewriteCond %{REMOTE_ADDR} ^(223\.240\.)
    RewriteRule ^(.*)$ /spam-prevention [R=301,L]
    #9145

    silas88
    Participant

    I am just wondering wouldn’t the redirect to Spam Prevention page eventually result in a loop for any legitimate users inadvertently caught? I am thinking that they wouldn’t be able to go to the link in the page as the redirect would take them back to the Spam Prevention page.

    #9148

    AITpro Admin
    Keymaster

    The link goes to a contact page on another website that does not use this anti-spammer code so they can send an email.  So far only 1 legitimate person in the last 4 months was blocked.  That person was using an outdated version of Squid Proxy that uses the old HTTP/1.0 Server Protocol.  Once that person upgraded to a new version of Squid Proxy the issue was resolved.

    But yes this is a valid point in general and the simple solution would be to add a contact email address on the Spam Prevention page instead of or in addition to a contact form link.

    The ait-pro.com main site where the contact form is located does not have commenting allowed/turned On so that site does not have any need for anti-spammer code.

    #9152

    AITpro Admin
    Keymaster

    This code is helpful to take away a spammers ability to check what new spam attack methods are working or not.  Only display new member registrations in the Activity Stream to site admins.  Since the Universal anti-spam code is overlapping then some spammers are stopped right away, some make it to the next level of spam filtering before being stopped, some make it all the way to getting a new member registration to display in the Activity Stream and finally some that are new spammers make it all the way to posting a spam comment (Akismet has caught 99.99% of these so they never actually show up on the site) and these spammers IP addresses, etc are then added to spam filters.  They get 1 shot and after that they are done/denied/blocked forever.

    So if you are asking the question why even bother doing all of this if Akismet is catching most of the spam, then the answer is to reduce the amount of daily site maintenance time that you have to spend deleting whatever spammers leave behind that needs to be deleted.  Example:  initially we were spending 30 minutes per day cleaning up the crap that spammers leave behind.  The daily site maintenance/nuisance time is now down to 1 minute since around 1 in 100 spammers make it all the way to posting a spam comment.  That number is being reduced even more as we add more and more spammer IPs, etc to the Universal anti-spammer code.

    This code goes in your Theme’s functions.php file.

    // Only display new member registration to site admin in Activity Stream
    function aitpro_hidden_activities($a, $activities) {
    
    if ( is_site_admin() )
    return $activities;
    
    $nothanks = array('new_member');
    
    foreach ( $activities->activities as $key => $activity ) {
    
    if ( in_array($activity->type, $nothanks, true) ) {
    unset( $activities->activities[$key] );
    $activities->activity_count = $activities->activity_count-1;
    $activities->total_activity_count = $activities->total_activity_count-1;
    $activities->pag_num = $activities->pag_num -1;
    }
    }
    
    // Renumber the array keys to account for missing items.
    $activities_new = array_values( $activities->activities );
    $activities->activities = $activities_new;
    
    return $activities;
    }
    add_action('bp_has_activities', 'aitpro_hidden_activities', 10, 2 );
    #9158

    silas88
    Participant

    Thanks for your answer to my previous question. I had missed that it was a different domain.

    I noticed that you have moved away from the previous technique you had to block spam addresses which didn’t block the traffic altogether.

    <FilesMatch "^(wp-comments-post\.php)">
    Order Allow,Deny
    Deny from 11.222.33.
    Allow from all
    </FilesMatch>

    Is there a disadvantage with this approach versus your new method?

    Thanks.

    #9215

    AITpro Admin
    Keymaster

    That approach works fine for standard WordPress sites.  BuddyPress has different methods of handling commenting/posting/registering/etc.

    The general idea is this:  We do not want too spend much time on dealing with spammers since that would put us right back in the same boat – loss of time and money.  So what we are doing is trying several different things at the same time.  So far overall what is looking like the best approach for BuddyPress is to use the base code we have so far and only deal with adding new IP addresses to block for those spammers that make it all the way to posting a spam comment.  This Topic and code is still in the experimental development stages.

    Important notes:

    It is more important to ensure that you do not block legitimate visitors to your site then to deal with/block spammers.

    Akismet is catching 99% of the spam so it never actually makes it to being posted.  The spammers try to adapt and modify their spam methods and spam does appear to get through occaisonally.

    The overall goal is to minimize time and money spent on dealing with these turds.

    Originally we were dealing with 50,000+ spam comments/commenters per month.  That number is now down to around 60-100 per month.

    For BuddyPress specifically – using the hide Activity Stream registrations code so that spam registrations are only displayed to Administrators is very helpful since your activity stream is not cluttered with Spam registrations.  What we are discovering is something like this – by blocking some spammer subnets it appears to aggravate these turds and they launch a full scale spam assault with every single IP subnet that they have – kind of like hitting a bees nest with a bat.  By not displaying these spam registrations that actually never make it as far as being able to post a comment then the activity stream fills up with spam turds registrations, BUT these are only displayed to Admins so that this does not make the activity stream cluttered.  In the end, it may just be best to ignore these turds and just ensure that they cannot post spam by blocking them at the end Universal code and then with one-click in the Activity backend delete all of these spam registrations in the activity stream.  We will put together a final summary that explains what is the best time saving method to deal with these turds.  Wasting time and money on these turds would defeat the original purpose.  😉

    #9315

    AITpro Admin
    Keymaster

    A combination of this code and this new method for anti-spam in this link will be the end result of development:   http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/#post-9378

    So far what is proving to be the most time effective & simple method of handling spammer registrations is to just simply use the Activity Stream code to not display spammer registrations (link below) and then just delete the spammer registrations from Activity whenever you feel like it.  The nice thing about this is the spammers do not cause any sort of negative impact for your site and you can delete them all with one click.  For the occaisonal spammer that is able to post a spam comment Akismet catches most of them, but maybe it is worthwhile to spend a minute or two on blocking those IP addresses.  The primary goal is to minimize time spent on these clowns. 😉

    http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/#post-9152

    And then building on that approach create a simple MySQL Query that deletes all spammer registrations with user status = 2 from the DB with one click.  And possibly demoting spammers with user status = 0 to user status = 2.  Other possibilites could include adding a spammer user status = ?.  Or just remove all spammer user accounts from the wp_users DB table with one click.

    And this would be an even better automated approach:

    Cron check x time for activity stream registrations and the user accounts in general

    If user has not created a post within X time delete the new member activity stream registration and the user account.

    #9378

    AITpro Admin
    Keymaster

    Very interesting and exciting new results:

    First off some details that actually caused spam registrations to increase exponentially.  We tested creating a security question in BuddyPress Humanity that used simple math:  What is the total of 100 + 40 + 3 =.  The spam bots were easily able to automate the process of login/spam registration by getting the source code of the Register page (or more likely just randomly trying all possible numbers from 0 to X), completing the math question automatically and automating the registration process by automaticaly populating the math question answer.  The simplest way to automate that is try 1, try 2, try 3, etc with a list of numbers from 0 to X.

    We are using the BuddyPress Humanity plugin and have customized it further to include a graphic that displays objects with various colors.

    BuddyPress Humanity Mod

    The Security Question:  What color is the telephone

    Spam Registrations since implementing this:  0 – YES, 0 spam registrations in the last 12 hours.

    What we will be doing next is removing most of the IP Address blocking code, to test the effectiveness of this new anti-spam registration technique on its own and then most likely what will happen is that a combination of this technique and one code block of IP addresses for spam registrations will probably need to still be used for persistent spammers that may or may not be human.

    This is a very crude graphic for testing and the final mod should include a way to change “image bars” so that spammers cannot auto-populate a list of answers.  Taking that logic further to make random guessing difficult then different combinations of security questions could be asked.

    Crude Example variations/combinations for randomness:
    Spell out the names of the 2 blue images without any spaces for the security question answer.
    Example of what not to do:
    How many animal images do you see
    It would be very easy for the spammer to auto-populate math/number answers.  try 1, try 2, try 3, etc.
    Test Start with simple one word security answer:  9-4-2013 @ 11 PM
    Test Start with only the Universal Anti-spam code above: 9-5-2013 @ 11 AM
    Test End:  9-5-2013 @ 11 PM

    Results:
    2 spam registrations after 24 hours of using only a simple one word security answer “blue”.  The security question has been made more complex for the next testing period.

Viewing 15 posts - 1 through 15 (of 21 total)

You must be logged in to reply to this topic.