PDA

View Full Version : Referrer spam - how do I block an IP block/domain?



FZ
07-10-2003, 12:42 PM
*sigh* As if 50+ spam e-mails a day was not enough...

Looking at my webalizer stats today, I noticed that the number of hits I got yesterday increased 6-fold from the average that I get. Looking further down on this page, I noticed lots of new referrers near the top of my top 30 referrers - all of them porn sites. I knew immediately that I had become the latest victim of referrer log spam. Anyone else here had this problem?

Here's a line from my access-log (excuse the site - don't go to it):

213.76.138.97 - - [09/Jul/2003:18:46:41 -0500] "GET // HTTP/1.0" 200 4912 "http://www.1downloadsblvd.com" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"

There were about 500 requests (within 45 minutes!) in the access-log from this IP (but with differing domain names and browsers) all with those nasty domains as referrers.

Anyway, I can block the domains in webalizer, but I am equally concerned with the waste of bandwidth/resources on losers that do this. What is the best way for me to block an IP (or IP block or domain) such that nothing is sent to this loser if he tries it again (or to disallow him from showing up in my access logs, etc.)?

Thanks in advance for any advice!

WestHost - CSimiskey
07-11-2003, 11:08 AM
With WestHost 2.0, you will be able to block access to your site for specific IP's, or even entire blocks of IP's if you wish. Unfortunately until then the best you can do is look into how to block access to your site through use of a .htaccess and the deny rule. Here is a sample .htaccess you could use:


order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
allow from all


Note the second address does not include a full IP address like the second one. That rule basically blocks that entire class C (1.2.3.*) and with that, you can also block even larger sets of addresses.

FZ
07-11-2003, 12:08 PM
Thanks Chris. I believe I did try that, with my own IP to see if it worked, but for some reason it did not. My syntax was exactly as yours is. Checking my access-log, I see my ISP automatically used another IP to request the page I wanted to, thereby bypassing the block (weird!). Once I removed it, I tried again, and it switched back to using my own IP!

Anyway, I'll wait for Westhost 2.0 - doubt this guy will come back anyway. Can you give us an idea as to how the progress is coming along? Will it be released by August as planned?