Recent flood of SPAM via ping/trackback

If you have his IP address (and it’s always the same one), try putting this in your .htaccess file:

Deny from 111.222.333.444

That may deny him access to your website at all.

Hey DianeV,

Thank you so much for replying. I have heard of this .htaccess file before, but never fiddled with it and confess complete ignorance.

Using FTP, I looked around the site but can’t seem to find it. I went into subdirectories, poked around everywhere but no luck.

I also tried looking in the “Admin” section of WordPress itself, but again, no luck.

Would you be so kind as to give me the basic clues on how to go about accessing/editing this “magic” .htaccess file?

Is it simply a case that it doesn’t exist until I create one? But if so, how can one create in W2K a file that doesn’t have a nme, but only an extension?

Thank you again for your response. This guy is driving me bonkers.
Philippe

Create a text file. Put the text in it. Save it. Then rename the file to “.htaccess”. Windows will let you do it. Then put it in the main WordPress directory.

As for blocking the spam on a more generic level, I recommend installing the Bad Behavior plugin. It stops most automated spam instantly. And if Spam Karma isn’t catching these, you might consider using Akismet instead.

Thanks Otto42.

I followed your instructions, and after entering the “Deny from 64.92.164.138” line, saved that “news text document.txt” file.

However when I went to rename it to “.htaccess”, W2K yelled loudly telling me “you must enter a filename”.

On the other hand, just out of curiosity, I FTP’ed the text file to the blog anyway, and then, within the FTP program, tried to rename the file on the site itself, and it accepted the change of name. I think the site runs on Unix.

So, I’ll see if it does the trick.

I will also investigate the “Bad Behavior” and “Akismet” plug-ins.

Thank you for the help!

Huh. I would have though W2K would allow that. XP certainly does. Oh well. Your method will work too.

XP does NOT allow you to rename or create files with names that begin with a . (dot)

I’ve _never_ had a Windows install that allowed it

Otto42,

The strangest thing is that once I renamed the file on the site itself, just out of curiosity, I thought “let’s try FTPing back to my PC”, and W2K didn’t blink an eye.

In fact I was able to open the local copy with UltraEdit (a text/hex editor), and again W2K didn’t mind in the least.

Go figure, eh!

Interesting you mention XP allows a ‘no-name’ file to be created whereas W2K doesn’t (at least not on my desktop PC).

I have 2 notebooks which have XP on them, so if I ever need to do that kind of trick again, I’ll keep it in mind.

By the way, the good news is that it’s now been some 12 hours that the flood of SPAM has stopped completely.

I’m still not 100% sure the problem is fixed because that idiot would flood my blog but not all day long. It was like 2 or 3 times a day, nothing happening in between, but when he got started, it was pouring by the bucketful.

But it’s now been around 12 hours without his SPAM, so I’m starting to feel that the trick is working.

Many thanks again to you and DianeV ??
Philippe

PS: I’ll have to find out more about what else this .htaccess file can do.

Huh. whoami is right, I just tried it. XP doesn’t allow it through the normal Explorer interface. I guess I’ve always used programs like Textpad to create those, and it has no problem saving a filename with a dot.

The command prompt will allow you to do it as well. Just checked. ??

Ok, thanks again. The “Deny from…” .htaccess thing certainly did the trick. No more of that idiot’s SPAM bombardment.

If I may ask one more question, where should I go to find out more about this .htaccess file – what it can do, the syntax, etc?

I’m sorry I’m so clueless. A friend of mine installed WordPress for me and has taught me the very basics so that I could maintain the site, but I’m definitely not a pro.

Philippe

Look here:
https://codex.www.ads-software.com/Using_Permalinks#Creating_Rewrite_Rules_.28.htaccess.29
In fact, the whole page is beneficial.

Some of the terms on this page may help you, also.
https://codex.www.ads-software.com/Glossary

WhyNot, if you want your WP blog to use the “pretty” URLs instead of site.com/index.php?=123, the commands that control that also go into the .htaccess file. However, WP is able to insert that into the .htaccess by itself.

.htaccess is lovely, if confusing at first.

Thank you for the tip DianeV.

I’ve been reading Samboll’s links, and yes, you’re right, this .htaccess is pretty daunting stuff. Well, at least for someone as ignorant as I am, lol.

Philippe

In the links you ppl kindly provided, I found the following information:

“To completely disable trackbacks, you will have to edit each past post and uncheck Allow Pings from the Write Post SubPanel. Alternatively, you could just simply delete the wp-trackback.php file, or run this MySQL query, from the command line on a shell account, or using PHPMyAdmin: UPDATE wp_posts SET ping_status=”closed”;”

This last solution (the SQL query) looks like a pretty neat one. I have 2 questions about it:

1. has anyone tried it and is it safe (and is the syntax correct)?

2. if at any stage down the track I wanted to “undo” it, what would be the corresponding SQL query?

Philippe

backup your db prior to running the query. to undo it, change ‘closed’ to ‘open’.