Blocking comment spam bots requesting replytocom

Forum Moderators: phranque

Message Too Old, No Replies

Blocking comment spam bots requesting replytocom

How to block comment spam bots requesting replytocom

spiritualseo

10:31 am on Dec 30, 2011 (gmt 0)

I would like to know if there is anyway to block bots requesting a page using spammy query string.

For the past few days, there have been lot of comment spam bots requesting pages on my wordpress blog using the string ?replytocom=

For instance,
Actual Page: www.examplesite.com/filename/
Reqested URL: www.examplesite.com/filename/?replytocom=774

Is there any way to block such requests in htaccess?

I tried using:

RewriteCond %{QUERY_STRING} ^replytocom*
RewriteRule .* - [L,F]

But it's not working.

spiritualseo

1:44 pm on Dec 30, 2011 (gmt 0)

Also tried the following with no luck:

RewriteCond %{QUERY_STRING} replytocom
RewriteRule .* - [L,F]

spiritualseo

2:36 pm on Dec 30, 2011 (gmt 0)

Just realized most of them have the following user agents:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10

Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.01

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1

Any idea how to block these agents?

lucy24

5:15 pm on Dec 30, 2011 (gmt 0)

^replytocom*

isn't valid RegEx syntax. It would mean "begins with the exact text 'replytoco' optionally followed by any number of m's"

RewriteCond %{QUERY_STRING} replytocom

ought to work, since it simply means "contains this element". I'm assuming that legitimate replies don't use the same string.

You can block any specific user-agent with a RewriteCond-- or by various other means such as SetEnvIf followed by a "Deny from..." core directive.

Remember to escape any literal periods, parentheses and spaces. The periods and parentheses are a basic RegEx rule; escaping spaces is specific to mod_rewrite (and probably some other things in Apache). Neglecting to escape . may make your rule fail, or will return false positives so it succeeds too well. Neglecting to escape () will make your rule fail. Neglecting to escape spaces will make your site fail.

spiritualseo

5:32 pm on Dec 30, 2011 (gmt 0)

thanks lucy24, I used

RewriteCond %{QUERY_STRING} replytocom
RewriteRule .* - [L,F]

but it's not working.

I accessed the following url after adding the above to htaccess and the page was still accessible:

www.examplesite.com/filename/?replytocom=774

I am guessing this some wordpress issue. The above URL basically displays the exact same/original page which is

www.examplesite.com/filename/

MickeyRoush

7:34 pm on Dec 30, 2011 (gmt 0)

This should work.

RewriteCond %{QUERY_STRING} replytocom

In this:

RewriteRule .* - [L,F]

I believe you can remove the L, as it's implied with F.

so:

RewriteRule .* - [F]

You could try REQUEST_URI

RewriteCond %{REQUEST_URI} replytocom
RewriteRule .* - [F]

You may be having a conflict with the WordPress permalink rules.