« Going nuclear | Main | No vehicles »

A little meanness

I’m extending my anti-referrer-spam .htaccess file a bit. The idea was to take a mod_rewrite idea from Ed Costello (which, for some reason, isn’t working on this site anyway) and apply it to the giant mod_setenvif regexp I’ve been building from Dorothea’s suggestions and my own logs.

The first step is to extend my existing SetEnvIfNoCase rules. Until now, I’ve been simply setting the environment variable, because deny works based on its mere existence. However, to make it play nicely with mod_rewrite, I’ve added a value (yes) to the variable, so SetEnvIfNoCase lines now look like this:

SetEnvIfNoCase Referer .*\.hq_inform\.com.* spam_ref=yes

Now, we swipe some of Ed’s mod_rewrite code, but change the conditions. (Note that you need to have RewriteEngine on somewhere above this in your .htaccess file for this to work.)

RewriteCond %{ENV:spam_ref} ^yes$ [NC]
RewriteCond %{HTTP_REFERER} ^(.*)$ [NC]
RewriteRule ^(.*)$ %1 [R=301,L]

Line by line, it goes like this: First, if the environment variable spam_ref contains the value “yes” (nothing more or less than those three letters in that order, and (second line) there is a “Referer” value in the HTTP request, then we apply the rule. (The second rule looks redundant, considering that if there was no “Referer” the spam_ref variable wouldn’t be set. You’ll hit both rules, or neither. But we need that second rule to get the “Referer” value stored, for the) Third line, if the above two matched, rewrite the request URL to the value of the “Referer” value (the %1 is expanded to the previous match, which was on the second line.) This gets sent out as a 301 Redirected response, which, according to Ed, then gets logged on their site as entirely tail-chasing and not involving my site at all. (Hey, I didn’t ask for the traffic; they did.)

See the access file for the whole workup.

Now Playing: Best Black Dress from Live From Northampton (Disc 2) by The Nields


Listed below are links to weblogs that reference A little meanness:

» Die spammers die! from Laurabelle's Blog
Using tricks from Parker and Dorothea, I've grown my own referer-spam-fighting fu. In addition, I've translated my old bot-fighting rules... [Read More]

» Using .htaccess to deal with a recent flood of trackback ping spam from Heal Your Church Web Site
"Holy smokes, I've been hit! My comment spam 'secret code' filter is working like a charm - no spam in weeks, but now they've decided to spam through trackback. The other day I had two new trackback pings on older... [Read More]


I think it didn’t work because what I was seeing wasn’t necessarily referer spam. Well, it was in a way, but it appears that some spammer thought my site was an open proxy, so the requests I saw were for a paid affiliate sort of thing, with the referer being also referrer spam. I plan to write up an article on it when I get a chance.

Post a comment