How to block IP address for comment spam for wordpress/joomla

Today, I am going to share my experience on fighting against the comment spams. This is not only good for those webmasters who use WordPress or Joomla, Drupal platform to build websites.

Joomla/WordPress 100% RAM/CPU usage

We use the Joomla to build our website, we are the fan of Joomla, since it can provide easiest way to built your professional website with huge amount of extensions and plugins. From Joomla 1.5 to Joomla 2.5, our website is quite stable, we randomly experienced website offline or 500 error. But after we upgraded to Joomla 3, we encountered many problems.

Joomla running speed is very slow (taking 7 - 10 seconds to load homepage).

I have tried many extensions and plugins to cache the pages, unfortunately it didn't bring positive feedback. The webpage loading was still slow. The working solution is go to your Joomla configuration page, enable debug function, then go to your homepage to see the database queries.

In my case, when I enabled the debug functions on my Joomla website, it displayed hundreds of duplicated queries error. Firstly, I thought some extension or plugin caused these problems, after disabled all the components and plugins, the errors still exist.

Template is the culprit

Setup a new website in sub-folder, then install the original template (ZooTemplate), then enable debug function.
The homepage still show hundreds of duplicated queries for database. The loading speed is 6 - 15 seconds

The same website, but install another Joomla template from different company (Yootheme).
The homage page show twenty duplicated queries errors for database, and the loading speed is one second.

Apparently, the template caused the problem, and the solution is changing your template. Please note that using the template from different company. In my case, all templates from ZooTemplate shows hundreds duplicate queries errors.

The relevant post in Joomla forum: http://forum.joomla.org/viewtopic.php?t=845394

100% RAM and CPU usage, when online users reaches up to 20.

If your website experiences this problem, don't think upgrading your hosting can solve your problem. For Joomla, you need to check whether the website is still running on low PHP version. I solved this problem through upgrading the PHP version to latest.

The comment spam bots

The comment bots regularly crawl our website with queries of ?q=user/register, since my website is based on Joomla platform, it will redirect to 404 page. This causes huge bandwidth consumption, and when the comment spots crawl our websites, the CPU usage will surge up to 100% usage. We used to host our website in business share hosting plan, then we decided to upgrade to VPS hosting, because we know VPS can give better performance to handle the traffic. Unfortunately, we failed.

After we moved to VPS solution to host our website, the hosting provider (company) suspended our account, they replied me my website was attacked by zombies.

How to ban/block comment spam bots

Since my website isn't based on Drupal or WordPress, thus there is no comments, but I have a newsletter module which allow our customers to register her/his Email address. The spam bots also submitted its fake yahoo email address to our newsletter database. After IP physique address tracking, I found almost spam IP addresses are from Putian, Fujian province, China. I decide to ban these IPs.

• For Cloudflare users: If you are using free Cloudflare plan, you can block the IP address through your [Threat control] panel.
• For Cpanel users: You can use the [IP Deny Manager] to ban any IP address, or IP range.
• .htaccess to ban IP: This is the fastest way to ban IP address or IP range.

.htaccess to ban comment bots IP

Open your .htaccess file, and put below code into your .htaccess file, then save it, it's done.

deny from 110.85.102. 
deny from 110.85.106. 
deny from 110.85.107. 
deny from 110.85.113. 
deny from 110.85.114. 
deny from 110.85.115. 
deny from 110.85.68. 
deny from 110.85.69. 
deny from 110.85.70. 
deny from 110.85.72. 
deny from 110.85.104. 
deny from 110.86.165. 
deny from 110.86.167. 
deny from 110.86.185. 
deny from 110.89.13. 
deny from 110.89.34. 
deny from 110.89.35. 
deny from 110.89.46. 
deny from 110.89.47.
deny from 110.89.52. 
deny from 110.89.53. 
deny from 110.89.60. 
deny from 110.89.61. 
deny from 110.89.9. 
deny from 112.111.160. 
deny from 112.111.188. 
deny from 112.111.189. 
deny from 112.111.190. 
deny from 117.26.117. 
deny from 117.26.118. 
deny from 117.26.119. 
deny from 117.26.192. 
deny from 117.26.193. 
deny from 117.26.195. 
deny from 117.26.200. 
deny from 117.26.201. 
deny from 117.26.202. 
deny from 117.26.203. 
deny from 117.26.248. 
deny from 117.26.252. 
deny from 117.26.254. 
deny from 117.26.76. 
deny from 117.26.77. 
deny from 117.26.78. 
deny from 117.26.79. 
deny from 117.26.85. 
deny from 117.26.86. 
deny from 120.33.240. 
deny from 120.33.241. 
deny from 120.33.242. 
deny from 120.33.243. 
deny from 120.37.208. 
deny from 120.37.210. 
deny from 120.37.211. 
deny from 120.37.216. 
deny from 120.37.226. 
deny from 120.37.228. 
deny from 120.37.234. 
deny from 120.37.238. 
deny from 120.37.243. 
deny from 120.40.148. 
deny from 120.40.149. 
deny from 120.40.150. 
deny from 120.43.10. 
deny from 120.43.26.  
deny from 120.43.60. 
deny from 120.43.80. 
deny from 121.205.196. 
deny from 121.205.198. 
deny from 121.205.199. 
deny from 121.205.215. 
deny from 121.205.239. 
deny from 121.205.242. 
deny from 121.205.243. 
deny from 121.205.246. 
deny from 121.205.247. 
deny from 121.205.248. 
deny from 121.207.140. 
deny from 175.42.92. 
deny from 175.44.59. 
deny from 182.118.20. 
deny from 182.118.21. 
deny from 182.118.22. 
deny from 182.118.25. 
deny from 218.85.146. 
deny from 218.86.50. 
deny from 218.86.51. 
deny from 220.161.96. 
deny from 220.161.127. 
deny from 222.77.205. 
deny from 222.77.206. 
deny from 222.77.207. 
deny from 222.77.212. 
deny from 222.77.214.
deny from 222.77.215. 
deny from 222.77.225. 
deny from 222.77.228. 
deny from 222.77.229. 
deny from 222.77.238. 
deny from 222.77.246. 
deny from 222.77.247. 
deny from 27.150.223. 
deny from 27.150.229.
deny from 27.150.199. 
deny from 27.153.128. 
deny from 27.153.160. 
deny from 27.153.161. 
deny from 27.153.162. 
deny from 27.153.163.
deny from 27.153.184. 
deny from 27.153.185. 
deny from 27.153.186. 
deny from 27.153.187. 
deny from 27.153.209. 
deny from 27.153.218. 
deny from 27.153.219. 
deny from 27.153.228. 
deny from 27.153.233. 
deny from 27.153.249. 
deny from 27.153.250. 
deny from 27.153.251.
deny from 27.153.239. 
deny from 27.154.206. 
deny from 27.159.195. 
deny from 27.159.197. 
deny from 27.159.205. 
deny from 27.159.209. 
deny from 27.159.211. 
deny from 27.159.229. 
deny from 27.159.231. 
deny from 27.159.238. 
deny from 27.159.254. 
deny from 36.248.168. 
deny from 36.248.171. 
deny from 36.250.182. 
deny from 58.23.237. 
deny from 59.58.113. 
deny from 59.58.136. 
deny from 59.58.137. 
deny from 59.58.138. 
deny from 59.58.139. 
deny from 59.58.158.