Looking back, I find it has been a little more than a month since I installed WP-Ban.
In that time, it has blocked 30,257 spam attempts. That’s 30,257 spam comments I haven’t had to delete.
Where are these coming from? I thought it might be interesting to post a Top Twenty list of IP addresses.
IPs | Attempts | % | Country | ISP |
94.23.60.124 | 2,214 | 7.32% | France | OVH Systems |
200.220.196.23 | 1,862 | 6.15% | Brazil | Nelson Quintas Telecom |
192.74.228.193 | 1,083 | 3.58% | United States | Peg Tech |
192.74.228.145 | 770 | 2.54% | United States | Peg Tech |
192.74.248.161 | 650 | 2.15% | United States | Peg Tech |
96.47.225.66 | 551 | 1.82% | United States | IPTelligent LLC |
96.47.225.82 | 550 | 1.82% | United States | IPTelligent LLC |
142.4.116.58 | 548 | 1.81% | United States | Peg Tech |
96.47.225.74 | 548 | 1.81% | United States | IPTelligent LLC |
192.74.236.165 | 546 | 1.80% | United States | Peg Tech |
142.4.98.226 | 513 | 1.70% | United States | Peg Tech |
117.21.226.205 | 503 | 1.66% | China | Chinanet Jiangxi |
142.0.133.89 | 496 | 1.64% | United States | Peg Tech |
117.21.225.25 | 381 | 1.26% | China | Chinanet Jiangxi |
117.21.225.42 | 374 | 1.24% | China | Chinanet Jiangxi |
142.4.119.170 | 356 | 1.18% | United States | Chinanet Jiangxi |
142.4.98.210 | 354 | 1.17% | United States | Peg Tech |
5.9.7.208 | 351 | 1.16% | Germany | Hetzner Online |
192.74.230.69 | 339 | 1.12% | United States | Peg Tech |
117.21.227.47 | 330 | 1.09% | China | Chinanet Jiangxi |
44.02% |
The percentage figures are based on the number of spam attempts coming from each IP address, as a percentage of the total spam attempts. So, for example, a little over 7% of the total spam attempts to my blog came from one IP address, 94.23.60.124, which is located in a block of IP addresses assigned to France (according to the Country IP Block database).
What conclusions can we draw from this? Blocking certain IP address ranges can be a big win if you don’t want to spend time mucking out Akismet. Specifically:
- 94.23.0.0 – 94.23.255.255
- 200.220.192.0 – 200.220.207.255
- 192.74.224.0 – 192.74.255.255
- 96.47.224.0 – 96.47.239.255
- 142.4.96.0 – 142.4.127.255
- 117.21.0.0 – 117.21.255.255
- 142.0.128.0 – 142.0.143.255
- 5.9.0.0 – 5.9.255.255
I am a little surprised at the number of spam attempts coming from IP addresses in the United States. My impression before I started using WP-Ban was that most of my spam was coming from China and countries in Latin America. My reading of the stats indicates that I do get a lot of spam from those sources, but larger percentages come from the United States and various countries in Europe (France, Germany, the United Kingdom, etc.)
For the record, I have yet to get any email from anyone in an IP range I’ve blocked requesting that I make an exception. I am happy to do so for any legitimate readers of my blog who are blocked: my email address is displayed on the page informing users they are banned.
Edited to add: Mike the Musicologist asked an interesting question: had I tried to associate the spam IP addresses with specific providers? The answer: no. I’ve gone back and attempted to add provider information based on what I’m finding at CQCounter.com.
However, I’m finding some issues between CIPB and CQCounter. For example, CIPB shows 142.0.133.89 as a United States IP block: CQCounter shows it as a Chinese block with Peg Tech as the ISP. I’d like to do some more work on this; if anyone has any suggestions, or especially if anyone has any information on Peg Tech, please feel free to leave it in the comments.
Yesterday, 67% of the email delivery attempts to my mail server were rejected outright by spamhaus.
This is a typical day. It usually ranges between 50-80%.
Yeah. The reason I started working with WP-Ban is that Akismet does a fantastic job of trapping spam. Almost nothing gets through the Akismet filters (and what does get through, mostly the e-ticaret scum, gets blocked because I have to approve first-time posters), and I can count the number of false positives on one hand.
But I was cleaning out Akismet at night before I went to bed, and when I’d wake up in the morning and check the filter, I’d have upwards of 300 new spam comments to clean out. And since many of them seemed to come from the same (or similar) addresses, I thought WP-Ban would be a big win.
I’m now down to about 30 a day.