After my last article on Cleaning your Site after a WordPress Injection Attack I figure that it's time to take the old "an ounce of prevention us better than a pound of a cute" (or something like that). So here is a nice easy way to enhance your Akismet spam protection and quickly and easily blacklist an offending IP.
Personally I get really sick of blog spammers, especially since my blog is DoFollow. It doesn't stand for the same thing as DoSpam. Very annoying time consuming and potentially harmful - alot of these same idiots who blog spam would also be the same people who will try to inject your WordPress theme and plugins with Click Counter code.
Anyhow in this post I'm going to use the following plugins:
- Akismet (setup properly but that goes without saying.)
- WP Security Scan
- Secure WordPress
- Redirection Plugin
The first thing you need to do is install all of the above plugins and ensure each of them work. As a side note: I had trouble with WP-EasyBan on WordPress 2.7.1 but I corrected it. To be honest I am not 100% sure if it was a conflicting plugin issue or a core problem with WP-EasyBan. If you have a problem, contact me or comment here and I will share my fix (I wasn't able to see "Add Ban" in the user menu but a few changes to the plugin fixed it without any issue).
Ok moving right along.
Let's say you are getting a substantial amount of Spam in your Spam Bin in Akismet. You will easily be able to tell if it comes from one particular IP address. First go to your Spam Box and identify the IP address - see below:
Next step: Check your Security logs under "Tools -> Security Logs" - now if the person is simply annoying you can skip that step but the Security logs will identify if the user is on a blacklist:
Once you've done that it's time to "Add Ban" provided by WP-EasyBan. It's got a great interface for you to add various options. We want to add a specific IP address (adding a block if IP's could cause you to block legit visitors to your site.
Also as an ounce of prevention you can set a time limit and maybe you'll discourage the blog spammers after a period of time. The reason I like this method is that Spammers never give up unless they are certain that their stuff is not getting through. Blacklisting will let you send a message that there is no getting through to you.
As a last note: I like to add a personalized message to these idiots. Sometime I venture into more colourful language depending on how badly one IP is offending my site and messing with my hard work.
Then you can set another site to redirect them to as well. Get creative here you can have fun with this, there is also a sense of satisfaction to mess around with these people.
Anyone else have any tips? Let me know!