Title: Blocking comment spam Last modified: August 21, 2016 --- # Blocking comment spam * Resolved [Bunzer](https://wordpress.org/support/users/bunzer/) * (@bunzer) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/) * I installed BPS and it seems to be working well. Until today, when I noticed that a spam comment had a previously blocked IP. * Everything else seems to be okay in that section – user agents are being blocked correctly. I added myself to the comment spam blacklist, and was able to post okay. * I haven’t changed anything in that block, apart from adding a few more ranges( and myself). Any suggestions as to how to debug this problem? * [http://wordpress.org/extend/plugins/bulletproof-security/](http://wordpress.org/extend/plugins/bulletproof-security/) Viewing 15 replies - 1 through 15 (of 24 total) 1 [2](https://wordpress.org/support/topic/blocking-comment-spam/page/2/?output_format=md) [→](https://wordpress.org/support/topic/blocking-comment-spam/page/2/?output_format=md) * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843691) * Check your root .htaccess file to make sure the IP blocking htaccess code is actually in your root .htaccess file. * With the additions of the new Custom Code text areas/text boxes you can now add( should add) all your IP blocking code to the… * CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here ONLY add valid htaccess code below or text commented out with a pound sign # * …text area/text box, save your custom code, go to the Security Modes page, click the Create secure.htaccess File AutoMagic button and activate Root folder BulletProof Mode again. * By adding all of your custom IP blocking code to this Custom Code text box you can continue to build it up/add to it since it is saved permanently and then repeat the steps above each time you edit your custom code. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843692) * For folks who have a BuddyPress site and are getting hit hard by comment spammers/ comment spammer registrations like we once were – 1,500+ per day then these solutions in the link below now allow ONLY 1-2 comment spammer registrations per day. * [http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/](http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/) * Thread Starter [Bunzer](https://wordpress.org/support/users/bunzer/) * (@bunzer) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843727) * Everything is in place. It’s what I have in the last block which seems to be the problem. I think the problem may be with my implementation of the Files/FilesMatch containers. Here is what it looks like (edited for brevity). * Order Allow,Deny Deny from 46.119.35. Deny from 46.119.45. -etc- Allow from all * BrowserMatch ^-?$ badrobot BrowserMatch Ahrefs badrobot -etc- Order Allow,Deny Deny from env=badrobot Deny from 5.45.202.0/24 -etc- Allow from all * Order Allow,Deny Allow from all * I removed the last section and the problem continued, so I’m guessing it’s the middle section which is cancelling out the first. * I have done it this way because I wanted a neat way of issuing the BPS custom 403 even though access was denied (causing a double 403). * Any alternative methods suggested would be greatly accepted, as I’m not great at this stuff. * Thread Starter [Bunzer](https://wordpress.org/support/users/bunzer/) * (@bunzer) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843731) * I think I got it working… * Order Allow,Deny Allow from all * Order Allow,Deny Deny from 46.119.35.- etc- Allow from all * BrowserMatch ^-?$ badrobot BrowserMatch Ahrefs badrobot -etc- Order Allow,Deny Deny from env=badrobot Deny from 5.45.202.0/24 -etc- Allow from all * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843740) * Search Engines need to access robots.txt and a 403.php template would need to be accessed by Browsers to process 403 errors. You can just delete that code because you are saying to allow access to everyone and not block them so it is the same thing as doing nothing. * Thread Starter [Bunzer](https://wordpress.org/support/users/bunzer/) * (@bunzer) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843742) * Without that bit of code, I was getting a default 403, rather than the custom page because trying to display the custom 403 gave another 403! 😀 * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843746) * ErrorDocument 403 is an htaccess redirect directive that should point to your 403.php template file. If that is not working correctly then something is interfering with that directive. * Example of what you should see in your root .htaccess file: ErrorDocument 403/ wp-content/plugins/bulletproof-security/403.php * points to the BPS 403.php template file. * Thread Starter [Bunzer](https://wordpress.org/support/users/bunzer/) * (@bunzer) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843747) * I saw that, and I fully understand what you’re saying. * What I’m saying is that, by blocking an IP or user agent from the website, it is unable to display the 403.php you described, and the server issues a double 403 – i.e. it issues a custom 403 which is blocked causing another 403. * I added the above code so that even a blocked computer could at least access robots.txt and the custom 403 page. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843748) * You should not have to use this code below so I do not understand what exactly is causing the problem/wrong on your particular site??? What happens when you comment out this code for testing? * ``` Order Allow,Deny Allow from all ``` * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843750) * What is supposed to normally happen is this. * All 403 Forbidden errors are redirected by the ErrorDocument directive when the 403 error occurs. This should only generate 1 403 error in your Security Log. * Thread Starter [Bunzer](https://wordpress.org/support/users/bunzer/) * (@bunzer) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843751) * It may be something I added to the last block. I haven’t got any more time this weekend, but I can have a go on Monday, to check. * Thread Starter [Bunzer](https://wordpress.org/support/users/bunzer/) * (@bunzer) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843752) * This with above code hidden… * Forbidden * You don’t have permission to access /yorkshire/cawood/ on this server. * Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843753) * Wow very strange. Did you click the AutoMagic buttons before activating BulletProof Modes? * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843754) * Oh wait a minute this code does not look valid. * ``` Order Allow,Deny Deny from env=badrobot Deny from 5.45.202.0/24 -etc- Allow from all ``` * You actually need to do something like this. * ``` Order Allow,Deny Deny from env=badrobot Deny from 5.45.202.0/24 -etc- Allow from all ``` * Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/#post-3843755) * Also I have run into problems using CDIR IP blocking .0/24 and have found that just adding the dot (.) is more reliable across different hosts. And on some web hosts adding a CIDR causes 403 errors. * Deny from 5.45.202. Viewing 15 replies - 1 through 15 (of 24 total) 1 [2](https://wordpress.org/support/topic/blocking-comment-spam/page/2/?output_format=md) [→](https://wordpress.org/support/topic/blocking-comment-spam/page/2/?output_format=md) The topic ‘Blocking comment spam’ is closed to new replies. * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938) * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/) * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/) * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/) * 24 replies * 3 participants * Last reply from: [Bunzer](https://wordpress.org/support/users/bunzer/) * Last activity: [12 years, 11 months ago](https://wordpress.org/support/topic/blocking-comment-spam/page/2/#post-3843878) * Status: resolved