wpcomments post.php,垃圾评论带来的流量流失

11月底收到一条短信提示，

说空间流量在月底前用光了，

之前每个月的流量最多用掉50%，

真实访问量没有增加的前提下怎么会20天用掉7.5G的流量，

因为11月底换了新空间，新空间的月流量为15G，

所以对于流量的流失也没有太在意，

谁换到新空间以后流量跑的更惊人了。

12月3日竟然一天跑掉将近1G的流量，

长此以往有100g流量也不够用啊，

所以开始着手研究流量为什么跑掉。

流量为什么跑掉

还好，用的空间给提供最近3天的主机日志，

通过日志发现，流量是被来自福建莆田的一个不停更换ip地址的服务器每天数十万次垃圾请求给好用光的。

目测这个服务器是在一个拨号网络中，每隔一段时间会自动重新拨号以更换IP。

这台主机每天访问我的网站大概有30w次以上。

以下是截取了每天访问日志的冰山一角

59.58.159.32 [04/Dec/2013:14:55:18 GET /wordpress-ajax-comment-post

59.58.159.32 [04/Dec/2013:14:55:19] GET /wordpress-ajax-comment-post

59.58.159.32 [04/Dec/2013:14:55:19] GET /play-flv-in-html/

59.58.159.32 [04/Dec/2013:14:55:19] GET /play-flv-in-html

59.58.159.32 [04/Dec/2013:14:55:19] POST /wp-comments-post.php

59.58.159.32 [04/Dec/2013:14:55:19] GET /wordpress-ajax-comment-post/

59.58.159.32 [04/Dec/2013:14:55:19] GET /jquery-ctrl-enter-submit-form HTTP/1.1

59.58.159.32 [04/Dec/2013:14:55:19 POST /wp-comments-post.php

整个过程很简单，其实就是探测你当前的页面看看，然后再到你的评论提交页面提交垃圾评论。

这样很不容易被认定为是攻击访问。

从wp-comments-post.php入手

因为当前自制的主题是ajax提交评论的，所以对WordPress 自带的评论提交没有需求，

所以开始的时候我是直接将该页面删除了。

结果，所有请求都跳转到主题404页面，流量流失的更惨重了，所以失败！

从.htaccess入手

经过几番波折打算用.htaccess直接暴力屏蔽掉所有来自福建莆田的页面请求

这次流量下降明显，每天的流量降至300M多，每个月差不多也就10G左右的流量，

还是能够接受的。

具体的做法就是利用设置屏蔽来自福建莆田的几个IP段的请求，将请求都转至403页面

下面把.htaccess文件共享出来顺便感谢一下原作者

非黑白的生活-> 《垃圾来袭》

order allow,deny

allow from all

deny from 108.162.216.

deny from 110.85.102.

deny from 110.85.106.

deny from 110.85.107.

deny from 110.85.113.

deny from 110.85.114.

deny from 110.85.115.

deny from 110.85.68.

deny from 110.85.69.

deny from 110.85.70.

deny from 110.85.72.

deny from 110.85.104.

deny from 110.86.165.

deny from 110.86.167.

deny from 110.86.185.

deny from 110.89.13.

deny from 110.89.34.

deny from 110.89.35.

deny from 110.89.46.

deny from 110.89.52.

deny from 110.89.53.

deny from 110.89.60.

deny from 110.89.61.

deny from 110.89.9.

deny from 112.111.160.

deny from 112.111.188.

deny from 112.111.189.

deny from 112.111.190.

deny from 117.26.117.

deny from 117.26.118.

deny from 117.26.119.

deny from 117.26.192.

deny from 117.26.193.

deny from 117.26.195.

deny from 117.26.200.

deny from 117.26.201.

deny from 117.26.202.

deny from 117.26.203.

deny from 117.26.248.

deny from 117.26.252.

deny from 117.26.254.

deny from 117.26.76.

deny from 117.26.77.

deny from 117.26.78.

deny from 117.26.79.

deny from 117.26.85.

deny from 117.26.86.

deny from 120.33.240.

deny from 120.33.241.

deny from 120.33.242.

deny from 120.33.243.

deny from 120.37.208.

deny from 120.37.210.

deny from 120.37.211.

deny from 120.37.216.

deny from 120.37.226.

deny from 120.37.228.

deny from 120.37.234.

deny from 120.37.238.

deny from 120.37.243.

deny from 120.40.148.

deny from 120.40.149.

deny from 120.40.150.

deny from 120.43.10.

deny from 120.43.26.

deny from 120.43.30.

deny from 120.43.4.

deny from 120.43.6.

deny from 120.43.8.

deny from 121.205.196.

deny from 121.205.198.

deny from 121.205.199.

deny from 121.205.215.

deny from 121.205.239.

deny from 121.205.242.

deny from 121.205.243.

deny from 121.205.247.

deny from 121.205.248.

deny from 121.207.140.

deny from 123.116.37.

deny from 139.227.62.

deny from 14.18.171.

deny from 175.42.92.

deny from 175.44.59.

deny from 182.118.20.

deny from 182.118.21.

deny from 182.118.22.

deny from 182.118.25.

deny from 218.85.146.

deny from 218.86.50.

deny from 218.86.51.

deny from 220.161.96.

deny from 220.161.127.

deny from 222.77.205.

deny from 222.77.206.

deny from 222.77.207.

deny from 222.77.212.

deny from 222.77.214.

deny from 222.77.225.

deny from 222.77.228.

deny from 222.77.229.

deny from 222.77.238.

deny from 222.77.246.

deny from 222.77.247.

deny from 27.150.223.

deny from 27.150.229.

deny from 27.153.128.

deny from 27.153.160.

deny from 27.153.161.

deny from 27.153.162.

deny from 27.153.163.

deny from 27.153.184.

deny from 27.153.185.

deny from 27.153.186.

deny from 27.153.187.

deny from 27.153.209.

deny from 27.153.218.

deny from 27.153.219.

deny from 27.153.228.

deny from 27.153.233.

deny from 27.153.249.

deny from 27.153.250.

deny from 27.153.251.

deny from 27.154.206.

deny from 27.159.195.

deny from 27.159.197.

deny from 27.159.205.

deny from 27.159.209.

deny from 27.159.211.

deny from 27.159.229.

deny from 27.159.231.

deny from 27.159.238.

deny from 27.159.254.

deny from 36.248.168.

deny from 36.248.171.

deny from 36.250.182.

deny from 58.23.237.

deny from 59.58.113.

deny from 59.58.136.

deny from 59.58.137.

deny from 59.58.138.

deny from 59.58.139.

deny from 59.58.158.

deny from 60.168.18.