htaccess not blocking spam/IPs

  • Hello all,

    My website is running on IIS7 on SBS 2008. The blog is setup as domain.com/blog. I have the .htaccess file located in the domain.com/blog directory with the following:

    # Protect from spam bots
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteLog C:/inetpub/wwwroot/mydomain.com/blog/rewrite_log.txt
    RewriteLogLevel 2
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !.mydomain.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) ^https://%{REMOTE_ADDR}/$ [R=301,L]
    </IfModule>

    # block ips
    Order allow,deny
    Deny from 216.152.251.6
    Deny from 36.250.178.161
    Deny from 199.15.234.44
    Allow from all

    # BEGIN WordPress

    However, I’ve tried adding IP addresses of people outside the LAN to test and they are still able to comment. I also have nothing in the rewrite_log.txt file notifying me that it’s working.

    Any suggestions?

Viewing 4 replies - 1 through 4 (of 4 total)

  • .htaccess is not a valid file extension when using an IIS server. An .htaccess file will be ignored in a Windows server environment.

    Thread Starter chris32lr

    (@chris32lr)

    Understood. I’ve tried using the IIS URL rewrite module but it doesn’t work for the above script. Any other suggestions?

    Thread Starter chris32lr

    (@chris32lr)

    I downloaded and installed helicon ape. Within the httpd.conf file inside helicon, I have this:

    RewriteLog “C:\Program Files (x86)\Helicon\Ape\rewrite.log”
    RewriteLogLevel 9

    And my .htaccess file says:

    # Helicon Ape version 3.1.0.113

    # Protect from spam bots
    RewriteEngine On
    RewriteLog “C:\Program Files (x86)\Helicon\Ape\rewrite.log”
    RewriteLogLevel 2
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !.*mydomain.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) ^https://%{REMOTE_ADDR}/$ [R=301,L]

    But still nothing showing up in the log as my “comments” continues to be spammed.

    Hi Chris,

    You need to set up web.config as i suppose instead of .htaccess.

    There are many plugins to block spam for comments. Also try using a comment captcha plugin. It should reduce spam by a lot of margin.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘htaccess not blocking spam/IPs’ is closed to new replies.