Whipped Cream Difficulties

Looking back, I find it has been a little more than a month since I installed WP-Ban.

In that time, it has blocked 30,257 spam attempts. That’s 30,257 spam comments I haven’t had to delete.

Where are these coming from? I thought it might be interesting to post a Top Twenty list of IP addresses.

IPs	Attempts	%	Country	ISP
94.23.60.124	2,214	7.32%	France	OVH Systems
200.220.196.23	1,862	6.15%	Brazil	Nelson Quintas Telecom
192.74.228.193	1,083	3.58%	United States	Peg Tech
192.74.228.145	770	2.54%	United States	Peg Tech
192.74.248.161	650	2.15%	United States	Peg Tech
96.47.225.66	551	1.82%	United States	IPTelligent LLC
96.47.225.82	550	1.82%	United States	IPTelligent LLC
142.4.116.58	548	1.81%	United States	Peg Tech
96.47.225.74	548	1.81%	United States	IPTelligent LLC
192.74.236.165	546	1.80%	United States	Peg Tech
142.4.98.226	513	1.70%	United States	Peg Tech
117.21.226.205	503	1.66%	China	Chinanet Jiangxi
142.0.133.89	496	1.64%	United States	Peg Tech
117.21.225.25	381	1.26%	China	Chinanet Jiangxi
117.21.225.42	374	1.24%	China	Chinanet Jiangxi
142.4.119.170	356	1.18%	United States	Chinanet Jiangxi
142.4.98.210	354	1.17%	United States	Peg Tech
5.9.7.208	351	1.16%	Germany	Hetzner Online
192.74.230.69	339	1.12%	United States	Peg Tech
117.21.227.47	330	1.09%	China	Chinanet Jiangxi
		44.02%

The percentage figures are based on the number of spam attempts coming from each IP address, as a percentage of the total spam attempts. So, for example, a little over 7% of the total spam attempts to my blog came from one IP address, 94.23.60.124, which is located in a block of IP addresses assigned to France (according to the Country IP Block database).

What conclusions can we draw from this? Blocking certain IP address ranges can be a big win if you don’t want to spend time mucking out Akismet. Specifically:

• 94.23.0.0 – 94.23.255.255
• 200.220.192.0 – 200.220.207.255
• 192.74.224.0 – 192.74.255.255
• 96.47.224.0 – 96.47.239.255
• 142.4.96.0 – 142.4.127.255
• 117.21.0.0 – 117.21.255.255
• 142.0.128.0 – 142.0.143.255
• 5.9.0.0 – 5.9.255.255

I am a little surprised at the number of spam attempts coming from IP addresses in the United States. My impression before I started using WP-Ban was that most of my spam was coming from China and countries in Latin America. My reading of the stats indicates that I do get a lot of spam from those sources, but larger percentages come from the United States and various countries in Europe (France, Germany, the United Kingdom, etc.)

For the record, I have yet to get any email from anyone in an IP range I’ve blocked requesting that I make an exception. I am happy to do so for any legitimate readers of my blog who are blocked: my email address is displayed on the page informing users they are banned.

Edited to add: Mike the Musicologist asked an interesting question: had I tried to associate the spam IP addresses with specific providers? The answer: no. I’ve gone back and attempted to add provider information based on what I’m finding at CQCounter.com.

However, I’m finding some issues between CIPB and CQCounter. For example, CIPB shows 142.0.133.89 as a United States IP block: CQCounter shows it as a Chinese block with Peg Tech as the ISP. I’d like to do some more work on this; if anyone has any suggestions, or especially if anyone has any information on Peg Tech, please feel free to leave it in the comments.

This entry was posted on Friday, March 22nd, 2013 at 10:20 am and is filed under Admin. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.