Guest post
by Gordon Long
For those of you who run blogs (and don’t we all?) and are getting a lot of spam emails and attempts to put up garbage in your comments section, I’ve been doing some work on it. Last month I got trouble from my website host for too much database use. In trying to figure out why, I discovered that I had over 10,000 spam emails in my mailbox! In one month. Sort of fills up the disc space.
So what can you do about it? Most of us think, “That’s too complicated,” but I found out I could at least get started. It’s a learning process we all should take a stab at.
1. What Is an Internet Protocol (IP) Address?
It’s a set of four numbers with periods in between. Like 25.227.13.157. I just made that one up; I hope it isn’t yours. (It might also look like 2001:db8:0:1234:0:567:8:1 but don’t worry about that. It works the same way.) It identifies your computer, unique from every other computer in the world. It’s how the techies find you if you’ve been naughty.
2. Go Hunting!
The first step is to go into your web host dashboard and find the useful apps. I can’t tell you the specific ones; every website host has its own apps. You should get familiar with these programs anyway. Mine (shown in the picture) is from Cpanel X, which I believe is quite common. I have “Webmail” in the Mail section, “Latest Visitors” in the Logs section, and “IP Deny Manager” in the Security section. These are the three I used.
3. Is It a Spammer?
Look in “Latest Visitors” at each IP address, page viewed, and date of entry. (Screen Grab below) If you’re getting a response from your latest blog, it’s probably a legitimate reader.
If you are getting a constant response from a post that is several months old, that URL is probably on a spam list, and it will keep getting targeted.
You can sometimes tell by the timing; another reason to post regularly. If you always post on Sunday, like I do, then you can assume the largest number of legitimate visitors will be near the beginning of the week. More spammers near the end.
If you zero in on a suspicious user, go to <network-tools.com> and enter the IP address. What you find there will give you a better idea of who you are looking at. (I suggest that few of us who post in English have many legitimate readers in China and the Ukraine.) Then return to your dashboard and find a program like “IP Deny Manager,” paste the IP address in and Presto! You’ve blocked a possible spammer.
Step-By-Step
- Go to your mail inbox and find a recent “Mail Delivery Failed” report. Note the time and the page on your site it came from.
- Go to your “Latest Visitors” Log and find that visit. There will often be several other visits from the same IP address, all in the same minute. (If you are using captcha filter, one of the visits will be from the filter.) I had one IP visited 28 pages in two minutes. Nobody reads that fast. This is a spammer. Copy the IP address into your clipboard.
- Go to your IP Deny Manager page and deny that IP access.
It takes less than a minute for this process. You can have a tab for each of the three pages open, and just jump between them.
Note in the example below from my “Recent Visitors,” 195.211.155.166 hit my blog 8 times in two minutes. I had two “Undeliverable Mail” messages from the “Update from Last Week” URL on my blog at 4:53 as well. Definitely a spammer. I went to my “IP Deny Manager” and denied that IP. Job done.
Browse a Bit
While you’re in the Latest Visitors log, a bit of browsing gives you an idea of what your customers (and the spammers) are doing; it’s worth checking out. You may find that a few IPs are visiting you a lot of times. Unless you can trace the pattern of their visit through the navigation paths in your website, they are probably spammers.
I spent about an hour at this little game, and denied about 30 IPs. Mostly from China and Ukraine, one from France and one from Montreal. My spam level dropped noticeably. So did my website hits. However, my % of visitors who stayed more than 30 seconds shot up, so I assume more of my hits are real customers, now.
It took me a while to learn this, and an hour to do the first sweep, but now that I know how, I can go to my mail every once in a while and spend 15 minutes blocking the latest round of spammers. This will keep my site clean, keep my statistics more accurate, and make me feel a whole lot better.
Do Your Duty
Another action that made me feel good. I entered the IP of the spammer in Montreal at the Network-tools.com site, and got the name of the company that provided that IP with internet service. I went to their website, got their free phone number. The nice man there guided me to their “Spam Report” page, and I ratted on the turkey. Vengeance is mine!
Final Warning: Find Out Your Own IP Address!
Easiest thing in the world. Go to whatsmyip.org. It displays your IP address in big numbers at the top of the page.
Reason for this? Your own visits show up suspiciously different from a reader’s on the Latest Visitors log. In my enthusiasm, I denied myself access to my own site. Gave me quite a shock when I tried to look at my own website and was denied. At least I know it was working.
My Results
Well, I tried it for a couple of weeks, and was making some progress, but I got impatient. I had IPs from China and the Ukraine that had hit my site 5,000 times this year! Finally, I simply went into my “Deny Access” page and denied all numbers from those two countries. Instant drop in readers, of course, but I’m going to leave it that way for a month or so, then take further action. I don’t know what. Hopefully, I’ll learn.
Gordon A. Long is a writer, editor, publisher, playwright, director and teacher. Learn more about Gordon and his writing from his blog. Don’t expect to make comments on his blog at the moment, though. He has removed that function for a while! All of Gordon’s books are available through his Author Central page.