Post details: Referrer spam take 2.2

08/18/05

Permalink 12:06:04 pm, Categories: TechTus, TechTus, 496 words   English (CA)

Referrer spam take 2.2

include dirname(Blocking the IP of a referer spammer is good but this is not a 100% solution as some of them change there ips as fast as you block them. Using some mod-rewrite rules is another way for blocking referrer spam. After g O o O o O o O o O o O o gling and technorati tagging on the subject a little I found a neat rule that send the culprit from where they came from instead of just serving them a simple forbidden page.
If you are on an Apache webserver you can add some rules to your "htaccess" file in order to implement this function.
I found also this rule :

RewriteCond %{HTTP_REFERER} ^(http://www.)[a-z]+-[a-z]+- [NC]

which block any domain where there is 2 - (dashes) in the domain name like "www.some-spammer-referer.com" as most spammer do use this type of domain name. I modified it to :

RewriteCond %{HTTP_REFERER} ^http://([a-z0-9-]+\.)[a-z]+-[a-z]+- [NC,OR]

as some don't use the www in the beginning like "whatever.some-spammer-referer.com"
Another rule for those that don't use 2 - in the domain name

RewriteCond %{HTTP_REFERER} ^http://([a-z0-9-]+\.)?keyword.*$

Replacing keyword with your favorite spammer domain.
Adding the lines below to the "htaccess" helped a lot.

RewriteEngine On

RewriteCond %{HTTP_REFERER} ^http://([a-z0-9-]+\.)[a-z]+-[a-z]+- [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://www.)[a-z]+-[a-z]+- [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)[a-z]+-[a-z]+- [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?keyword1(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://([a-z0-9-]+\.)?keyword2.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?keyword3.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://([a-z0-9-]+\.)?keyword4*$

RewriteRule ^(.*) %{HTTP_REFERER}/ [R=301,L]

Don't forget to replace the word Keyword with whatever is needed like porn, vicodin, poker....

This is still not 100% efficient as you still need to add more keywords as new ones appear in your logfiles.

What I did also is a redirection from the public stats page whenever it is accessed with a referrer, as most of the spammer try to access mostly this page. So those who manage to pass the rules of the "htaccess" get redirected anyway. The only way to access this page is through a direct access (paste the URL in your browser location try it http://dondy.awebmedia.com/index.php?disp=stats and if you click here you get redirected back to this page). And instead of the referrer stats this page displays the banned IPs.
In order to do this redirection you need to make those changes below to the _main.php and to _stats.php pages from your b2evolution skin:

Add those lines in the very beginning of _main.php:

$ref = $_SERVER["HTTP_REFERER"];

if( $disp == 'stats' && $ref ) {
require( dirname(__FILE__).'/_stats.php');
break;
}

and those lines in _stats.php just after if( $disp == 'stats' ) :

$ref = $_SERVER["HTTP_REFERER"];

if ($ref){
header("Location: $ref");
exit();

This seems to work for around 98% of the referrer spam I get here.
Coupled with Antispam cron and the B2 Antispam Bandwidth

Permalink

Comments, Pingbacks:

No Comments/Pingbacks for this post yet...

Comments are closed for this post.

Tactus de Sonus

Experimental Cyberjam with electronic & acoustic instruments, plus mixes of sounds from the ordinary. The players are 1000 km apart and jam online.

jamZradio :a:

WebEcho  :a:

GuessThis :a:

<  September 2017  >
Mon Tue Wed Thu Fri Sat Sun
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  

Search

Categories


Archives

Heard & Read (Linksroll)

Sound links

Unsound links

Misc

Syndicate this blog XML

Creative Commons License
All works under the Categorie
"Mp3 to download"
are licensed under a
Creative Commons License.

powered by
b2evolution

Visually linked by
Visually linked by Icon.awebmedia.com




Valid XHTML 1.0!

Valid CSS!

Valid RSS!

Valid Atom!

© 2003 - 2005 Ze1 cWnD Productions