Because some people ask, we are not talking about spammers here, we are talking about xss attacks, brute force attempts, sql injections, you name it. Attacks for hours, very coordinated, same type of attack and same target from different IP every 2-3 seconds.
After been hacked (via a vulnerable WordPress plugin named YUZO Related), we decided to change our security net and add an other layer of protection. That extra layer, that doesn’t depend on WordPress anymore, provides a huge amount of detailed statistics per month.
We had to block the whole range of IPs of this dangerous network from France, using .htaccess. We were gettings hundreds of spam and hack attempts from them daily. We wrote about this French “network” here.
Here is what to add (or merge the “deny” only IPs) in your .htaccess …