Techblogging: Barbarians at the Gates
I spent a fair amount of time yesterday typing
delete from wp_comments where comment_author = “poker games";
into my mySQL console to get rid of comment spam. Annoying as this was, it beats the hell out of the Movable Type comment deletion process. WordPress, annoyingly, doesn’t let you ban IP’s by default.
I had a look at my Apache logs to see if there was a UserAgent common to all of these connections, and sure enough there was: “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.0; PCUser)". PCUser? Googling revealed that other people had seen this.
Per the instructions on this thread, I added two lines to my Apache configuration file: SetEnvIfNoCase User-Agent “PCUser” bad_bots under IfModule mod_setenvif.c, and Deny from env=bad_bots under the Directory entry for where WordPress lives.
Not one spam since then. But I’m sure there’ll be more where “poker games” came from.