Over the last 48 hours or so, I’ve gotten upwards of 400 identical comments on my blog. Fortunately, comment spammers are really really stupid, so they were all identical.
I’ve got mod_security installed. I put the following block into my vhost block:
<LocationMatch comment>
SecFilterEngine On
SecFilterScanPOST On
SecAuditLog /dev/null
SecFilterDefaultAction “deny,log,status:402”
SecFilter “your[[:space:]]fat[[:space:]]ass”
SecFilter “poker”
SecFilter “phentermine”
SecFilter “craps strategy”
SecFilter “seend a card”
</LocationMatch>
This has blocked all attempts in the last 10 hours or so. And, when they change their tactics, you can alter the rules appropriately.