Yawn, another boring post about spam prevention
Looking through my logs, one of the worst offenders in trying to spam There Is No Cat are hosts with IP addresses from BezeqNet in Israel. In particular, I get a ton of attempted spams from IP addresses in the range 84.110.224.0 through 84.110.255.255. I decided tonight that I’ve had enough of BezeqNet and that, despite the fact that my spam filters are catching all of their requests and filtering them out, I just want to prevent hosts on that net from accessing my site at all, period, end of sentence, full stop, hey hey hey, good bye. I do this occasionally for the worst offenders by adding their IP addresses to my .htaccess file. Typically, if you want to deny access from a single host, an entry like the following would suffice:
Deny from 84.110.224.90
But that would only prevent accesses from that one host. I get spam attempts from a number of IP addresses in that subnet. So maybe I want to be a little more aggressive and ban everything from that subnet:
Deny from 84.110.224
Now any machine with an IP address starting with those numbers will be prevented from accessing There Is No Cat. But my logs show that I’m being hit by computers in every subnet from 84.110.224 to 84.110.255. That’s a lot of entries to cover each individual set of IP addresses.
There’s a quicker way of doing this.
Classless Inter Domain Routing, or CIDR, is a way of specifying a range of IP addresses that doesn’t cover an entire group, just a large section of it. This is done by adding a slash and a number representing a bit mask at the end of the IP address representing the network. In the case of the Bezeqnet network I wanted to block, this could be represented as follows:
Deny from 84.110.224.0/19
Now, binary math is not my strong suit, and I’m not really inclined to explain why this works, but if you find yourself in a situation where you need to specify a number of networks like this, there are calculators online that will help you out. I like this subnet calculator, which also includes other pages for other formats of IP addresses if you’re a network administrator and need such things. For the purposes of adding a list of networks to deny access to in your .htaccess file, the CIDR calculator should suffice.
I really hope at some point to be able to stop writing about this stuff. It seems silly to maintain a weblog that then draws spam and devote the whole damned thing to preventing spam. If that’s all I’m going to write about, then the most effective prevention would be to not have the weblog to start with. I do expect to do one more post exploring what are the characteristics of the spam POST requests I get, then hopefully that will be it for a while.
Tags: spam IP addresses CIDR
Posted at 10:37 PM