Looking through the sources for WordPress SPAM comments, some IPs came back a lot. This post explains how to list your top comment spammers for WordPress.
Not sure if my eyes were fooling me I quickly dived into the database to query the comments tables. Note that I have about 10000 comments currently in that table.
mysql> select count(comment_author_IP) as c,comment_author_IP from wp_comments group by comment_author_IP order by c desc limit 15; +-----+-------------------+ | c | comment_author_IP | +-----+-------------------+ | 479 | 199.15.233.147 | | 434 | 199.15.233.148 | | 401 | 199.15.233.144 | | 385 | 199.15.233.153 | | 385 | 199.15.232.42 | | 379 | 199.15.233.145 | | 378 | 199.15.233.133 | | 377 | 199.15.233.146 | | 377 | 199.15.233.143 | | 374 | 199.15.233.157 | | 262 | 199.15.233.158 | | 236 | 142.54.184.181 | | 138 | 195.211.155.183 | | 79 | 140.237.12.45 | | 70 | 110.89.40.214 | +-----+-------------------+ 15 rows in set (0.03 sec) mysql>
This result clearly shows that blocking subnet 199.15.232.0/23 on my firewall certainly wouldn’t hurt. It will also take away a lot of stress on the akismet service which is being used by my WordPress configuration.