Spamblock blocked IP address is server's

[Don Chambers]

A site is experiencing moderate spam comments. The spam protector plugin is configured to block bad IP addresses via .htaccess. However, some of these spam comments are being saved with an IP address very similar that of the server. When that happens, it will write this into the .htaccess:

Code: Select all

#SPAMDENY
Deny From 123.456.182.168 123.456.182.169
#/SPAMDENY

Once that line gets written into .htaccess, the entire site is 403 forbidden. Now, the actual server address, when I ping it is 123.456.183.85. So I am guessing that the first two sets of numbers are the actual server and that is why everything is being blocked?

Next question - why are so many of the comments coming from the server's IP address, even when they are, in fact, uniquely different comment authors?

[garvinhicking]

Hi!

That can't be; IP adresses only range from 0 to 255! .456 is not possible, that can't be...

Of course, maybe the server itself is spam-infected and is ACTUALLY sending the spam.

Regards,
Garvin

[Don Chambers]

Hi!

That can't be; IP adresses only range from 0 to 255! .456 is not possible, that can't be...

Of course, maybe the server itself is spam-infected and is ACTUALLY sending the spam.

Regards,
Garvin

Garvin - I blocked the actual up address.... hence 123.456. The last two blocks of numbers are correct.

[garvinhicking]

Hi!

Hm, okay. The SPAMDENY experimental thing actually had a lot of problems and never really worked up to its original intent.

It could list the server's own address depending on which plugins are involved; especially if spambayes or other external antispam services are called up, which would use the server address as the "client" address.

I actually recommend to not use the .htaccess based block...

Regards,
Garvin

[Don Chambers]

I can tell you that one particular problem is that when it re-writes .htaccess, it does not limit itself to the closing #/SPAMDENY comment...

I am still curious though - when I look at comments, many legitimate comments by an entry author, or a visitor, often have the server IP address instead of that visitor's unique IP address. Any idea why?

[garvinhicking]

Hi!

That sounds very odd to me. Maybe the server setup is using some kind of reverse proxy?

The IP should be fetched form $_SERVER['REMOTE_ADDR'], I wouldn't know why that should point to the server instead of the client.

Regards,
Garvin

[Czorneboh]

Hi!

That sounds for me, as Don would have observed my blog in the last days.
I have such problems and my fellow, who owns the server, on which my blog is running, was scolding, that I am experimenting with those plugins, which cause such problems ...

After saving/actualizing a draft suddenly I was thrown out and I got that message on a white page:

Forbidden
You don't have permission to access /serendipity_admin.php on this server.
------------------------------------------------------------------------------------------
Apache/2.2.21 (Debian) Server at blog.ost-impuls.de Port 80

and on next day (1th february, after my fellow was 2 hours looking for the causes, till he could get running the blog again) that:

Internal Server Error
the server encountered an internal error or misconfiguration and was unable to complete your request
Please contact the server administrator ... and inform them of the type of error occured and everything you might have done that may have caused the error....

My fellow has found the reason. He wrote:

Nein diesmal is es dein paranoider BLOG (=no, this time it was your paranoid Blog)

# BEGIN s9y
ErrorDocument 404 /index.php
DirectoryIndex /index.php

<Files *.tpl.php>
deny from all
</Files>

<Files *.tpl>
deny from all
</Files>

<Files *.sql>
deny from all
</Files>

<Files *.inc.php>
deny from all
</Files>

<Files *.db>
deny from all
</Files>

# END s9y
#SPAMDENY
# Deny From 127.0.0.1
#/SPAMDENY


it was Deny From 127.0.0.1

.htaccess was faulty.

He has after this taken away my rights for writing into htaccess-file, he wrote. I do not know yet, how much it hinders me on working fluently.

I read now Garvins recommentation to not use spamblock-plugin.
Okay, I want to follow than the recommendation to use bayes, written in the thread from before christmas (my answer is yet open).

best regards
Joerg

[Timbalu]

I read now Garvins recommentation to not use spamblock-plugin.

He did not say that!
His note was about not recommending the use of the .htaccess based block... option inside the spamblock-plugin, which is needed and usefull as ever!

[Czorneboh]

He did not say that!

Oh! Excuse me. It was to late for best concentration.