Hi there guys!

I'm having a problem on one of my community sites:

My referrers are being spammed. It was easy to block initially, because keywords were in the URL's that would never be found in a legitimate keyword for my site, and I could safely block them. Now the spammers are using ambiguous URL's in hopes of a click to sell their wares, no longer relying on keywords in the URL:

Old referrer: http:// www . buyillegalviagra . com
New referrer: http:// www . mormonsarecool . com/#

the majority of the spam referrers have "/#" appended to them, so I thought I'd simply add a rule blocking that, but I'm having a problem doing that. Here's my current method of blocking via htaccess:

SetEnvIfNoCase Referer "^/\#" BadReferrer

order deny,allow
deny from env=BadReferrer
deny from 80.227.0.153
deny from 69.16.200.85

<Files 403.shtml>
order deny,allow
allow from all
</Files>


ErrorDocument 403 /403.shtml
ErrorDocument 404 /404.shtml

but it's not working. I created a page linking to my site on another domain, and accessed it with a pound sign at the end of the URL, and when linking, it doesn't get blocked.

How do I get my current rule to block any referrers ending with "/#"?

I'm very appreciative of any help you might be able to provide.

thanks,
json

    plehse hep meh...

    I am being overrun by spammers.

    thanks,
    json

      how are they spamming you? just by accessing the site or are they taking advantage of a form or something of the like?

        hi there stolzyboy, and thanks very much for the reply.

        It is a very simple case of referrer spam. I don't display referrers, so they are not gaining anything from this, but the 10's of thousands of hits a day (from 1,000's of IPs) have caused my bandwidth to skyrocket. This partial month has me 6 times over the b/w of the last month before the spammers began hitting me.

        I am trying to do this simply to reclaim some of my bandwidth. I would have thought that the bots wouldn't pull images, but that is clearly not the case, as my b/w reports have shown.

        I would appreciate any help in the matter.

        thanks,
        json

          is this a hosted server?? if it is, your host should help you with such spam issues, as there is no script being compromised... if that is not the case... i'll look into it a bit more

            hehe, I am the server host, so I guess the buck stops here 🙂

            thanks,
            json

              I can recommend you do a bit of packet logging, and determine if there's anything else you can use to identify the spam traffic.

              Obviously referer spams shouldn't really matter, as nobody is gaining anything by this (except ruining your data analysis).

              One option you could use is to only make referer logs if they have a believable user agent string. This can be done in Apache using conditional logging.

              On the other hand, the lamebots might be sending a believable user agent string; you could potentially spot it based on the presence or absence of other headers.

              Another thing you could consider doing is only logging referrers from HTTP 1.1 requests - spam bots invariably use 1.0

              Mark

                Thanks very much for your reply Mark,

                I'll direct my question towards an apache forum as my need is very simple.

                thanks,
                json

                  Write a Reply...