Marco's Blog

All content personal opinions or work.
en eo

More Comment Spammers and How to Block Them

2011-06-29 3 min read Electronics Anonymous marco

After I shut out a comment spammer that had blasted my account to the tune of 23.76 GB (I am nothing but precise), I discovered another IP address up to no good, and then a series of them. They are all from Russia (not sure why, and no disparagement of the great country intended), most of them from a single IP block.

Not to the recipe: if you want to get rid of a particularly annoying spammer, you need to do two things:

Block their IP address

To do so, install iptables on the web server:

sudo apt-get install iptables

(That’s for apt-enabled distros. If you have RPM or something else, please install iptables using your package management software).

Once installed, iptables will start itself automatically. Now you just have to tell it to shut out a particular IP address, which you do by issuing the command:

sudo iptables -A INPUT -s “address” -j DROP

Here, “address” is the network address to block. You can specify a single IP address, a set of them, or a whole network using either the network notation or the slash notation.

For instance, the IP address I blocked today was, resulting in the call:

sudo iptables -A INPUT -s -j DROP

Then I realized that there were several IP addresses starting with 94.181. so I blocked those, too:

sudo iptables -A INPUT -s -j DROP

Remove Spam Comments

This is a little tricky, depending on how many of the comments stem from spammers and how many are from followers.

If you don’t have any follower comments, as in my case, the situation is simple. You just log in to MySQL and delete the content of the table:

mysql -u “user” -p “database” -e “TRUNCATE jos_rsgallery2_comments”

Here, “user” and “database” are from the Joomla configuration file, and jos_ is the prefix (also in config). You will be asked your password (also, of course, in the config file).

If you have to preserve user comments, you need to figure out a way to mark the spammy comments by similarity – for instance, because they contain certain keywords (like V*GRA) and then delete them using the DELETE instead of the TRUNCATE command:

mysql -u “user” -p “database” -e “DELETE FROM jos_rsgallery2_comments WHERE comment LIKE ‘%V*GRA%’ “

This will delete all comments that contain the phrase V*GRA. Notice the % signs before and after the text – it’s what tells MySQL that it should look INSIDE the comment, instead of assuming the entire comment should be what you are asking for.

Hope this helps!!!