Jump to content

.htaccess Referral Spam Blocking


Recommended Posts

OK! I've been having a ton of problems with my .htaccess blocking sites I didn't want it to; using keywords even though I couldn't *find* the keywords.

 

It was also doing 302's rather than 404's, giving a JS popup about "redirection's exceeded" which is not what I want... =) I really want this to go to my own 403/forbidden page. The js popup/302's even caused some browser crashes, so no good.

 

So I changed the method, ditched that method and am using re-write rules. But now I have two sets, one for hotlinking and one for spam referrers.

 

Can someone with more knowledge in this area have a look and make sure I haven't set up any conflicts or done anything really ridiculous? Comments included so you can see what I am *intending*

 

thanks all =)

 

># Added for Custom 404 Error
ErrorDocument 404 /errors/404.php
ErrorDocument 401 /errors/401.php
ErrorDocument 500 /errors/500.php

# prepend to refer 2.0, site referral script, robots excluded

php_value auto_prepend_file /home/distdky/public_html/refer/refer.php

#hotlink protection and exceptions

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$      [NC]
RewriteCond %{HTTP_REFERER} !^http://lisa-jill.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://lisa-jill.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.lisa-jill.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.lisa-jill.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.bloglines.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.bloglines.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://bloglines.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://bloglines.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://technorati.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://technorati.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.technorati.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.technorati.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://chris.lisa-jill.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://chris.lisa-jill.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://lisajill.livejournal.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://lisajill.livejournal.com$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.livejournal.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^http://www.livejournal.com$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ http://www.lisa-jill.com/images/hotlink.jpe [R,NC]

# block the following sites, referrer spam

RewriteEngine On
RewriteCond %{HTTP_REFERER} ghettoinc\.com [OR]
RewriteCond %{HTTP_REFERER} allinternal\.biz [OR]
RewriteCond %{HTTP_REFERER} sampo\.cz
RewriteRule .* - [F,L]

# block these ip's, they've been problematic

deny from 203.71.62.250
deny from 212.227.127.209
deny from 216.130.172.224
deny from 207.44.248.42
deny from 216.117.199.235
deny from 69.61.11.163
deny from 66.115.148.29
deny from 66.102.15.101
deny from 194.126.99.88
deny from 24.69.156.45
deny from 217.207.235.106
deny from 68.166.110.242
deny from 212.0.150.7
deny from 194.6.122.162

 

I edited out about 50 sites in the spam referrer section; some nasty words and just to conserve space. I included the last one (no OR statement) and a good sample.

 

What I would like to happen is if someone hits me up from one of the banned sites, it goes to my error 403 page (that's not defined above, so it doesn't happen now, I will implement it when I'm sure conflicts are gone; I have no idea how to test this, at that...)

 

Anyone that can explain this I'd really appreciate it, thank you =)

Edited by TCH-Lisa
Link to post
Share on other sites

Here's the superscript HTACCESS that MikeJ and myself came up with:

 

>RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(.*\.)?omgn.com(:.*)?/*.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(.*\.)?darqness.net(:.*)?/*.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(.*\.)?friendsurveys.com(:.*)?/*.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(.*\.)?eclipseprime.com(:.*)?/*.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(.*\.)?darqstuff.com(:.*)?/*.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(.*\.)?darqbyte.com(:.*)?/*.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(.*\.)?antietem.com(:.*)?/*.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(.*\.)?paypal.com(:.*)?/*.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://(.*\.)?google.com(:.*)?/*.*$ [NC]
RewriteRule ^/*images/.*$ http://www.omgn.com/undef.gif [R,NC]

 

This way it handles all subdomains, ports, and even https. Folders too.

Link to post
Share on other sites

Robert,

 

Can you clarify for me a bit? I'm in unknown territory here. Would I use that to totally replace my referral spam stuff? I note its https, that will still stop the non secure http tho?

 

And it will block anyone with the domains specified, sending them to a particular image? I just want to have people that got blocked sent to the forbidden 403 page...

 

Or is that portion for the hotlinking section?

 

I think I'm just really confused about what I would be replacing in my script and what it does. :)

 

Thank you!

Link to post
Share on other sites

The code he gave you can be used to replace the referrer blocking part of your .htaccess file. The important thing to note is the format. He set it up quite nicely to block everything coming from that site instead of just one part of it (as your current code does). Use that format for all of the referrers you want to block.

 

The other thing he changed was, as you said, at the end, it redirects to a gif file someplace else.

 

If you just want it to redirect to your 403 page, then you had it right in the first place

 

RewriteRule .* - [F, L]

 

If you want to test it out, put your own site in the list and follow a link on your site to yourself. You could also do something like add google to the list and search for yourself....you get the idea. Just be sure to remove that line when you’re done testing, or else things might not work how you'd like them to.

 

Oddly enough, I just found out about referrer spam a couple of days ago myself and I found that the

mod_rewrite docs to be helpful.

 

But the way you have it setup now it should work (though I'm not sure that the second "RewriteEngine On" is needed). Just change your RewriteCond lines so you make sure you block everything coming from that site.

Link to post
Share on other sites

Yes, it goes for http and https.

 

You just add one line per domain, and can have it do a variety of things with the RewriteRule.. I just have mine block out everything under images/ to an "undefined" image in my base directory.

 

Suggestion: When making changes to HTACCESS, save a copy of your current one. I did that, and it helped when I made an idiotic mistake. lol

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...