################# # flashesofpanic.com - how we're telling some people to fuck off. # Last revised 15 April 2005 # THIS FILE IS NO LONGER BEING UPDATED # I've gone over to mod_security. See /htaccess.txt instead. # mod_rewrite options RewriteEngine on RewriteOptions MaxRedirects=30 ################# # Comment spam rules: we start assuming all POSTs are spam, then make exceptions # This is adapted from the mod_rewrite version from Kasia: # http://www.unix-girl.com/blog/archives/001444.html SetEnvIfNoCase Request_Method POST spam_com # Especially for mt-comment.cgi, which isn't my comment script anymore SetEnvIfNoCase Request_URI mt-comment.cgi spam_com # Make an exception for trackbacks SetEnvIfNoCase Request_URI FoP-tb\.cgi !spam_com # Make an exception for XML-RPC (ecto et al) SetEnvIfNoCase Request_URI mt-xmlrpc\.cgi !spam_com # Make an exception for local referer SetEnvIfNoCase Referer .*flashesofpanic\.com.* !spam_com # This might be local referrer, but it's also no referrer. (Big loophole, here...) SetEnvIfNoCase Referer "^$" !spam_com ################# # Referer spam rules: # Anti-referer-spam regex, courtesy of Dorothea: # http://cavlec.yarinareth.net/archives/2005/01/11/killing-referrer-spam/ # and extended by myself, Dorothea, and Laurel (http://www.niceperson.org) # Note that one needs to be *careful* with regexes, to # avoid matching more than you intended to! # IMPORTANT NOTE: If a *Google Search* (or other search) containing any # of these terms could find your site, this will *reject* a click-through # on the search result! See below for exceptions. SetEnvIfNoCase Referer ".*(humor\.com|flower-delivery-2day|dvdwizardpro|e-pills|xanax|buy-2005|registrarprice|life-insurance|rasterweb|squirting\.personalsites|lesbian\.|covert-call|tranny|iwantu|smutdemon|pregnant-anal|mature-grannies|lkh.*\.de|gangbang|bignaturals|shemale-cock|cleanmypcs|milfhunter|firsttimeauditions|welivetogether|big-fat-woman|top-gift-baskets|bukake|private-krankenkasse|hobby-huren|pkv-iq|doobu|motherboard-finder|name-registration-4u|extremetracking|lkh\.de|krankenversicherung|camfun24|skin-care-companies|rowdd|roody|weight-diet|miccel|adultactioncam|coupon-net|refinancing|webcamsgirls|musicbox1|isacommie|qualityonlinejewelry|cologne-perfume|niceshoesonsale|kloony|nakedphoto|italiancharms|lemonrider01|costpercustomer|111-111-4u|quickcontactsonline|shitsite|chat-nett|psxtreme|terashells|yelucie|crescentarian|ronnieazza|lemonrider|insurancequotecity|homeloans4u|smsportal|personal-loans|flowersdeliveredquick|chat-nett|avantbrowser|keljob|phentermine|findwebhostingnow|onlywebhosting4u|book\.skip\.pl|diet-pills|online-bargains|dvdsqueeze|coresat|exitq|asiangen|backupc|cheat-elite|a-bargain|4u\.info|insurancequoteweb|sysrem|mcdortaklar|books\.livenet\.pl|jfcadvocacy|ingyensms|hasslerenterprises|bigyonet|gargzdai|1a1merchantaccounts|neweighweb|darkangelclan|mp-forum|jmsimonr|middlecay|neweighweb|targetindustries|zalaszentgrot|zone-b51|krantas|azian|mor-lite|formula42|paramountseedfarms|reservedining|hdic|ansar-|stories-on|hometeaminspection|catchathief|sportingcolors|ingenysms|rifp|parkviewsoccer|lvcpa|twinky|psychexams|marshallyachts|krantas|devilofnights|rethy|tecrep|tclighting|atlanta2000|suttonjames|nehrucollege|pagetwo|locators|popex|teenassearch|massearch|teensearch|2pursuit|hq_inform|adultfriendfinder|insuranceinfo|lee-hom|itipa|find-it-buy-it|9sekund|kylos|roxtet|spy-software|ionic-bonds|iconsurf|viagra|cialis|tramadol|bill-consolidation|onlinegamingassociation|free-sms|brandimensions|defunctportal|credit|canadianlabels|8gold|texas-hold|hold-em|holdem|fidelityfunding|condo|sportsparent|mortgage|spoodles|money|cash|hotel|houseofseven|stmaryonline|newtruths|popwow|oiline|flafeber|thatwhichis|tmsathai|pisoc|crepesuzette|mediavisor|commerce|easymoney|911|.vi|gb.com|4free|macsurfer|pussy|discount|blogincome|lillystar|aizzo|webdevsquare|laser-eye|escal8|xopy|vixen1|linkerdome|youradulthosting|fick|inkjet-toner|fuck|ime.nu|perfume-cologne|italiancharmsbracelets|shoesdiscount|psnarones|hasfun|casino|gambling|poker|porn|sex|paris|gabriola|nude|xxx|hilton|pics|video|adminshop|devaddict|iaea|empathica|insuranceinfo|atelebanon|handy-sms|peng|just-deals|pisx|rimpim).*" spam_ref=yes ###### # Anti-referer-spam by domain. Clunkier, but more precise. SetEnvIfNoCase Referer .*\.hq_inform\.com.* spam_ref=yes SetEnvIfNoCase Referer .*\.9sekund\.pl.* spam_ref=yes SetEnvIfNoCase Referer .*tramadol\..* spam_ref=yes # I need an exception for eBay, since I'm hosting images for # my auctions here... so we unset the variable for them SetEnvIfNoCase Referer ".*\.ebay\.com.*" !spam_ref # Here's another exception for Google searches. # We can be very specific here, because we know what a proper Google # referer looks like! SetEnvIfNoCase Referer "^http://www.google\..+/search.*" !spam_ref # And I need to make specific exceptions for my own MT use - # this can keep me from getting at MT-Blacklist! SetEnvIf Request_URI "move/mt\.cgi.*" !spam_ref SetEnvIf Request_URI "move/plugins/Blacklist/mt-blacklist\.cgi.*" !spam_ref ###### # And the ones too dumb to spoof user-agent: SetEnvIfNoCase User-Agent ".*(hdic|bdfetch|npbot).*" spam_ua ###### # Also from Dorothea, deny by user-agent. This is a known spammer # UA: NT 5.2 is Win2003 Server, .NET. I guess it's the 1.1.4322 that matters. SetEnvIfNoCase User-Agent ".*\(compatible; MSIE 6\.0; Windows NT 5\.2; \.NET CLR 1\.1\.4322\)" spam_ref=yes # Looks like Reffy can randomize UAs, so we're still vulnerable there. # Here's one sucker, though, via http://www.annelisabeth.com/blog/archives/000244.html # pineapple baby - comment spammer - see below for an explanation of # what the rewrite rule does. RewriteCond %{HTTP:VIA} ^.+pinappleproxy [NC] RewriteCond %{HTTP_REFERER} ^(.*)$ [NC] RewriteRule ^(.*)$ %1 [R=301,L] ###### # Both of these fail on flashesofpanic.com. I think it's # a server issue, not the code? # Both from http://epcostello.net/articles/2004/05/blocking_referer_spam.php # If the request is not for this site, redirect to requesting source # RewriteCond %{HTTP_HOST} !^flashesofpanic.com$ [NC] # RewriteCond %{REMOTE_ADDR} ^(.*)$ [NC] # RewriteRule ^(.*)$ http://%1 [R=301,L] # If the request is not for this site, redirect to referrer # RewriteCond %{HTTP_HOST} !^flashesofpanic.com$ [NC] # RewriteCond %{HTTP_REFERER} ^(.*)$ [NC] # RewriteRule ^(.*)$ %1 [R=301,L] # Extending that idea, if the environment variable "spam_ref" was set, above, # we redirect that request to the referrer, and let them deal with their own # traffic. RewriteCond %{ENV:spam_ref} ^yes$ [NC] RewriteCond %{HTTP_REFERER} ^(.*)$ [NC] RewriteRule ^(.*)$ %1 [R=301,L] # No files ending with underscores on this site... RewriteRule ^.*_$ - [F,L] ################# # Access section (where the rubber hits the road.) # This is where we act on the environment variables set above. Order Deny,Allow Deny from env=spam_ref Deny from env=spam_com Deny from env=spam_ua # A few known sources Deny from 67.19.91.50 Deny from 69.50.160.0/19