Recent Topics

whoo's anti-spam techniques in one simple thread

Started by on Apr 02, 2005 – Contents updated: Apr 02, 2005

Apr 02, 2005 07:43    

8/17/06 Edit: this is NOT a hack or a plugin, however the information in this thread is in keeping with the topic of this area. A few other ideas expressed here use the same approach and of course, we have the same goal - a spam free blog.

---

The code posting below include COMMENTS. They are for informational purposes, NOT to be pasted into files.. If you copy and paste code into your .htaccess, leave out the comments

1. b2evo comes with a blacklist. Update that frequently.

2. Change the URL to your trackback and comments.
Details follow:

A. Rename the /htsrv directory within your b2evolution installation. You may call it ANYTHING you like as long as you do NOT introduce spaces.

B. Edit conf/_advanced.php and change the following variable to match what you renamed htsrv to in step #A. See example below.

Code

* Location of the HTml SeRVices folder.
* @global string $htsrv_subdir
*/
$htsrv_subdir = 'htsrv'; //   < -- change this

3. Using an .htaccess, fix it so your comments can ONLY be called locally. In other words, you are blocking them from being accessed remotely using a script on another server.
Details below:

here is captsolo's way (pasted from below) (verified to work):

Code

# Fix for comments
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://yourdomain.net/.*$ [NC]
RewriteCond %{REQUEST_URI} ^.*comment_post\.php$
RewriteRule .* - [F]

...and mine.. works for me, may not for you..

Code

RewriteCond %{HTTP_REFERER} "!^http://www.domain.org/.*$" [NC]
RewriteCond %{REQUEST_URI} ".*comment_post.php$"
RewriteRule .* - [F]

4. If you are interested in blocking referer spam, use an .htaccess to turn spam away by domain name.
Details below:

Code

RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)cialis(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)forex(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)adultactioncam(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)andrewsaluk(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)sexsearchcom(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)cumfiesta(.*)$ [NC,OR]
RewriteRule ^(.*) http://%{REMOTE_ADDR}/ [R=301,L]

5. Use the same .htaccess to turn away all of the spamming domains that are listed here: http://www.candygenius.com/spamvertised_domains_raw.php

in the event the above page doesnt come up for you.. a snapshot of the old page is up at:
http://www.village-idiot.org/p-proxy/search.html

Details below:

Code

RewriteCond %{HTTP:VIA} ^.+pinappleproxy [NC,OR]

6. Especially paranoid? Block ALL .info and .biz tlds in your .htaccess. Yes they spam alot.

Code

RewriteCond %{HTTP_REFERER} \.us [NC,OR]
RewriteCond %{HTTP_REFERER} \.info [NC,OR]

7. Use a captcha. Details are here: http://forums.b2evolution.net/viewtopic.php?t=2976&highlight=captcha

------------------------------------------------

An .htaccess that combines #s 4,5, and 6 above would look like this:

Code

RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)cialis(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)forex(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)adultactioncam(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)andrewsaluk(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)sexsearchcom(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)cumfiesta(.*)$ [NC,OR]
RewriteCond %{HTTP:VIA} ^.+pinappleproxy [NC,OR]
RewriteCond %{HTTP_REFERER} \.us [NC,OR]
RewriteCond %{HTTP_REFERER} \.info [NC] //
RewriteRule ^(.*) http://%{REMOTE_ADDR}/ [R=301,L]

And assumes you have enabled Apache's mod_rewrite in your .htaccess using the following:

Code

RewriteEngine On
RewriteBase /

Apache docs on mod_rewrite: http://httpd.apache.org/docs/mod/mod_rewrite.html
Apache docs on using an .htaccess: http://httpd.apache.org/docs/howto/htaccess.html

-----------------

Remember what I said above about the comments within the code. Remove them, and be aware of fancy quotes too. (i think ive fixed them all though)

If something doesnt work after you have tried these things, come back and read this thread before you post .. there's a good chance its already covered in the rest of this thread.

Apr 02, 2005 11:36

Thats great, whoo

thanks.

mikel

Apr 02, 2005 17:58

Thanks for this handy tutorial. Can you clarify what directory the .htaccess file should go in?

Thanks.

Apr 02, 2005 18:14

sure, nate ..

you may already have one in the "root" directory ( where index.php, mms.php, etc.. is ) of your blog install -- if not, thats where you would want to put it for all of the examples above to work.

a poorly formatted .htaccess is VERY unforgiving. One simple typo can render your site unavailable.

If you happen to mes up, and something "breaks", dont panic, just rename your .htaccess to something else, and take another look at the syntax you're using.

bold formatting == corrections

Apr 02, 2005 18:16

a short addition for ppl who can't use mod_rewrite.
it's also possible to stop spammer without it.

e.g.

Code

setenvifnocase referer .glamour-models-gone-bad.biz ban
setenvifnocase referer texas-holdem ban
setenvifnocase referer texas-hold-em ban
setenvifnocase referer .free-poker.vpshs.com ban
setenvifnocase referer .world-poker-tour-1998.com ban
 
# Ban Formmail requests
setenvifnocase Request_URI formmail ban
 
# Ban .htaccess & .htpasswd requests
setenvifnocase Request_URI \.ht(access|passwd)$ ban
 
SetEnvIfNoCase Via pinappleproxy ban
 
<FilesMatch "^.*$">
order allow,deny
deny from env=ban
allow from all
</FilesMatch>

Apr 02, 2005 18:45

You mentioned _config.php being in the root directory of the blog. Mine is actually in the blogs/conf/ directory. So to further clarify, should the .htaccess file be in the root directory (in my case blogs/) or in the conf/ directory?

I'm asking because if I put the .htaccess code from your #3 above in my blogs/ directory I get an error. If I put it in the conf/ directory things keep running but I'm not sure it's doing anything either. :)

Apr 02, 2005 19:17

yes, i apologize.. I was actually looking on my hdd at the files as opposed to on the server.

To clarify:

the root of your blog install is NOT where your _config.php is .. It is where your mms.php, index.php, multiblogs.php, and others are. In fact, a newly unzipped b2evo has a sample.htaccess in the root directory already for you

---

As for the errors, I cant help there without more info.

Apr 05, 2005 21:23

Whoo, thanks for a comprehensive guide to spam prevention.

I had problems with part #3 - Apache rewrite engine going mad when it is entered into .htaccess. A fix for that:

Code

# Fix for comments
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://captsolo.net/.*$ [NC]
RewriteCond %{REQUEST_URI} ^.*comment_post\.php$
RewriteRule .* - [F]

Problems that I had:
1) the fancy quotes around the regexp strings turned into dots when copy/pasting
2) the comments after // were driving apache mad
3) in REQUEST_URI line the regexp should not begin with '*'

Now it works. :)

Apr 06, 2005 04:11

your welcome :) anytime! and thank you to you guys for helping to make this thread more informational :)

Apr 06, 2005 11:32

Whoo, Captsolo: Maybe I'm getting confused here but I thought the .htaccess snippets I was using were for blocking referrer spam. Comment spam isn't a problem on my site, it's the .ro and .pl referrer spam coming via a proxy at marketscore.com that are driving my traffic through the roof.

F

Apr 07, 2005 10:09

Dear Whoo & Co,

I've come across another way of modifying the .htaccess file to prevent certain domains from making requests (i.e. getting referrers):

Code

<Limit GET>
  Order deny,allow
  Deny from marketscore.com
  Allow from all
</Limit>

Seems to have this function. Anyone know whether it would work?

F

Apr 07, 2005 12:57

here is a pretty good working example of an .htaccess

hopefully this will clear up general questions about how things work..

Code

## Standard stuff
 
DirectoryIndex index index.html index.php index.cgi
RemoveHandler .pl
 
## Image redirects
 
Redirect permanent /newestpost.png http://www.village-idiot.org/stat-thingy/newestpost.php
Redirect permanent /newestpost10.png http://www.village-idiot.org/stat-thingy/newestpost10.php
Redirect permanent /whoo.jpg http://www.village-idiot.org/piccys/whoo.php
 
## User agents and Ips I dont like
 
SetEnvIf User-Agent ^BDFetch keep_out
SetEnvIf User-Agent ^curl keep_out
SetEnvIf User-Agent ^Wget keep_out
SetEnvIf User-Agent ^lwp keep_out
SetEnvIf User-Agent "Fetch\ API\ Request" keep_out
SetEnvIfNoCase User-Agent ".*\(compatible; MSIE 6\.0; Windows NT 5\.2; \.NET CLR 1\.1\.4322\)" keep_out
SetEnvIf Referer "^XXXX:" keep_out
order allow,deny
allow from all
deny from env=keep_out
deny from 82.55.69.126
 
 
## 403 file
 
<Files 403.shtml>
order allow,deny
allow from all
</Files>
 
## No .htacccess reading
 
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>
 
## No reading my phpBB templates either
 
<Files ~ "\.tpl$">
Order allow,deny
Deny from all
Satisfy All
</Files>
 
## Enabling mod_rewrite
 
RewriteEngine On
RewriteBase /
 
## WordPress Stuff
 
RewriteRule ^archives/category/(.*)/(feed|rdf|rss|rss2|atom)/?$ /wp-feed.php?category_name=$1&feed=$2 [QSA]
RewriteRule ^archives/category/?(.*) /index.php?category_name=$1 [QSA]
RewriteRule ^archives/author/(.*)/(feed|rdf|rss|rss2|atom)/?$ /wp-feed.php?author_name=$1&feed=$2 [QSA]
RewriteRule ^archives/author/?(.*) /index.php?author_name=$1 [QSA]
RewriteRule ^archives/([0-9]{4})?/?([0-9]{1,2})?/?([0-9]{1,2})?/?([_0-9a-z-]+)?/?([0-9]+)?/?$ /index.php?year=$1&monthnum=$2&day=$3&name=$4&page=$5 [QSA]
RewriteRule ^archives/([0-9]{4})/([0-9]{1,2})/([0-9]{1,2})/([_0-9a-z-]+)/(feed|rdf|rss|rss2|atom)/?$ /wp-feed.php?year=$1&monthnum=$2&day=$3&name=$4&feed=$5 [QSA]
RewriteRule ^archives/([0-9]{4})/([0-9]{1,2})/([0-9]{1,2})/([_0-9a-z-]+)/idiot/?$ /idiot.php?year=$1&monthnum=$2&day=$3&name=$4 [QSA]
RewriteRule ^feed/?([_0-9a-z-]+)?/?$ /wp-feed.php?feed=$1 [QSA]
RewriteRule ^comments/feed/?([_0-9a-z-]+)?/?$ /wp-feed.php?feed=$1&withcomments=1 [QSA]
 
## Comments only called from this server
 
RewriteCond %{HTTP_REFERER} "!^http://www.village-idiot.org/.*$" [NC]
RewriteCond %{REQUEST_URI} ".*vi-comment.php$"
RewriteRule .* - [F]
 
 
## I'm so tricky
 
RewriteCond %{REQUEST_URI} idiot\.php
RewriteCond %{REQUEST_METHOD} ^POST$
RewriteCond %{HTTP_USER_AGENT} ^Mozilla
RewriteRule ^.*$ - [F]
 
## Bad referers and pinapple start here
 
 
 
## Get the pinapple proxy first
 
RewriteCond %{HTTP:VIA} ^.+pinappleproxy [NC,OR]
 
## Bad TLDs not covered above
 
RewriteCond %{HTTP_REFERER} \.us [NC,OR]
RewriteCond %{HTTP_REFERER} \.info [NC,OR]
 
## Everyone else I hate
 
RewriteCond %{HTTP_REFERER} ^(.*)poker(.*)$ [OR]
RewriteCond %{HTTP_REFERER} ^(.*)adultactioncam(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)andrewsaluk(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)sexsearchcom(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)cumfiesta(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)welivetogether(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)bignaturals(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)firsttimeauditions(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)mikesapartment(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)terashells(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)milfhunter(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)inthevip(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)12.163.72.13(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)boysfirsttime(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)gradfinder(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)passions(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)outpersonals(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)iwantu(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)covert-call(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)ro7kalbe(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)texas-hold-em(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)isacommie(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)loan(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)ambien(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)cialis(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)forex(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://miriam.camfun24.com$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://viagra.cn.mediavisor.com$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)anal(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)pus*y(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)casino(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)teen(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)tits(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)tramadol(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?houseofsevengables.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)musicbox1(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)*.dvdcopying.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)*.musicbox1.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?camgirlslive.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?latinonakedgirl.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?jardimed.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?1stcall.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?zoker9.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?dvd-squeeze.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?dvdsqueeze.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?alt.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?angeles2.com.*$ [NC]
 
## Where I want them to go
RewriteRule ^(.*) http://%{REMOTE_ADDR}/ [R=301,L]

Notice that you can have multiple sets of conditions that follow different rules.

ONE thing to remember is that the longer your list gets, the more work the server has to do.. and will slow down your server. Thats why its best to combine things.. the pinapple proxy thing kills off a whole ton of work for your server. I removed atleast 20 domains off my longer list after I added that.

Apr 10, 2005 20:43

yes, that does the same thing that the corresponding mod_rewrite rules do in the first post, your just applying it differently :)

cheers!

Apr 13, 2005 20:48

Thanks for this excellent information, whoo.

Apr 15, 2005 03:51

you're welcome :)

for what its worth, wordpresss has about 20 plugins that provide some sort of deterrant to spam, and I raised quite a stink with a few ppl posting an entry about wordpress and spam on my blog (plugins being under-rated, and an htaccess being the answer). Today i got a bit of a reprieve when I found another more-intelligent-than-I, wp user that also uses an .htacess and has ditched plugins all together. His .htaccess is up for looking at too @ http://www.tomrafteryit.net/htaccess.txt

Apr 15, 2005 05:02

Well, whoo, also for what it's worth, I pointed a friend of mine who maintains a large group blog running wp to this thread, and he is now eternally grateful, so chalk up one more convert.

Apr 15, 2005 07:25

woohhhooo! ya know, bryce, i really love plugins, and i truly love wordpress, BUT if you spend any time reading their support forums, the majority of the spam plugins are like Vioxx; they might work, they might not, and they all cause liver damage. 8|

You would think with all of those plugins available, that there would not be ANY threads about spam over there, and yet there still are, every day. :( My goal if I were developing any sort of web based app would be to eliminate the need for ANY spam threads, regardless of the form the solution took. Thats just me, though.

Apr 19, 2005 20:35

Whoo, after moving /htsrv to another location I was getting quite a lot error messages (in apache error log) that trackback.php was not found. This does not influence the work of b2evo, but still i'd prefer to get rid of these messages.

Would it make sense to redirect those coming to the old /htsrv location? To their own IP address or something? And if yes, what would be the appropriate .htaccess lines?

Apr 20, 2005 07:07

captsolo wrote:

Whoo, after moving /htsrv to another location I was getting quite a lot error messages (in apache error log) that trackback.php was not found. This does not influence the work of b2evo, but still i'd prefer to get rid of these messages.

Would it make sense to redirect those coming to the old /htsrv location? To their own IP address or something? And if yes, what would be the appropriate .htaccess lines?

ahhh, so you are seeing spam attempts at the old location for trackbacks? yes you can send them back to their own ip

use this in the old dir :

Code

RewriteEngine on
RewriteRule ^(.*) http://%{REMOTE_ADDR}/ [R=301,L]

note that you will still see them in your apache logs..

you can remove the "R=301," (just leave the L) also, but youre still gonna see them.

Apr 21, 2005 15:35

FYI, if anyone has read this far, and is looking for information linked to in point #5 in whoo's original post re: pinapple proxy, that page is no longer publicly available, although whoo's directions should still work.

However, I'm guessing that the pinapple spammer has changed something recently. Can anyone confirm? I'm not being targeted, but a friend of mine is, and I've noticed a lot of spam this morning on his blog.

May 14, 2005 07:47

Thanks for this thread! I finally got sick enough of spam to get into the hardcore prevention. I slamed into it head first and now I have a head ache.

What went wrong:
I have to use the www in www.racerx.info now. Before the www wasn't needed.

RewriteCond %{HTTP_REFERER} type lines like in Whoo's original post in .htaccess seem to catch ALL links. Even if I hand type the address.
I'm guessing my server doesn't support mod-rewrite?
I tried this test from Whoo to another person and it did not work for me. My page loads normaly instead of loading Whoo's as it should.

Code

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.geencommentaar.nl.*$ [NC]
RewriteRule ^(.*) http://www.village-idiot.org/ [R=301,L]

I settled on the .htaccess Kiesow posted for people with out mod-rewrite. I'll use that untill I get Micfo to turn on mod-rewrite. Has anyone expanded on Kiesow's version? I can't be as good as Whoo's. Its just to short! :)

While I'm wating on Micfo, anyone know how to get my url to work with or with out the WWW?

-Shane
www.racerx.info

May 31, 2005 17:19

I'm not a fan of blacklists. They steal my time (in upkeep) and my webhost's CPU usage (in execution).

The following htaccess entry would block any referrer spam I've received to date.

Code

# Try to prevent referrer spam
RewriteCond %{HTTP_REFERER} "!^http://www.yourdomain.com/.*$" [NC]
RewriteCond %{QUERY_STRING} "disp=stats"
#RewriteRule .* - [F]
RewriteRule ^(.*) http://%{REMOTE_ADDR}/ [R=301,L]

The commented out rule would be an alternative to the rule I'm using (it gives a 403 error instead of a 301 redirect back to the source).

Maybe this is just a temporary solution, but all referrer spam I've seen (so far) has targetted the stats display page. What is the experience of other users?

May 31, 2005 23:48

Okay I added the

Code

# Try to prevent referrer spam
RewriteCond %{HTTP_REFERER} "!^http://www.bushsamerica.com/.*$" [NC]
RewriteCond %{QUERY_STRING} "disp=stats"
#RewriteRule .* - [F]
RewriteRule ^(.*) http://%{REMOTE_ADDR}/ [R=301,L]

to my .htaccess

I am still getting span from there, so I ask... what am I doing wrong?

Jun 01, 2005 00:08

Ioo

You did not give much background. You have Apache with mod_rewrite? .htaccess is in your document root? Maybe change "disp=stats" to ^.*disp=stats.*$ -- shouldn't matter, I don't think.

Jun 01, 2005 12:14

Dan,

I will have to ask the sys admin, about the rewrite thing, because I am not sure.. HTML I am there, php and I am kinda there, this part hear, I have no clue what so ever :(

I will find out ant let you know, thanks

Jun 18, 2005 04:56

Hi all,
Thanks Whoo for starting an excellent thread.

I have an .htaccess which I would appreciate feedback on.

# Apache configuration for the blog folder

# this will select the default blog template to be displayed
# if the URL is just .../blogs/
<IfModule mod_dir.c>
DirectoryIndex index.php
</IfModule>

# this will make register globals off in b2's directory
# just put a '#' sign before these three lines if you don't want that
<IfModule mod_php4.c>
php_flag register_globals off
</IfModule>

# this is used to make b2 produce links like http://example.com/archives/m/200209
# if you renamed the file 'archives' to another name, please change it here too
<Files archives>
ForceType application/x-httpd-php
</Files>

# Last updated 30th May 05

RewriteEngine On
RewriteBase /

# Fix for comments
RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC]
RewriteCond %{REQUEST_URI} ^.*comment_post\.php$
RewriteRule .* - [F]

# Bad referers and pinapple start here
# Get the pinapple proxy first
RewriteCond %{HTTP:VIA} ^.+pinappleproxy [NC,OR]

# Atrivo Technologies
deny from 69.50.160.0/19

# Bad TLDs not covered above
RewriteCond %{HTTP_REFERER} \.biz [NC,OR]
RewriteCond %{HTTP_REFERER} \.ru [NC,OR]

# Try to prevent referrer spam
RewriteCond %{HTTP_REFERER} "!^http://www.mydomain.com/.*$" [NC]
RewriteCond %{QUERY_STRING} "disp=stats"
#RewriteRule .* - [F]
RewriteRule ^(.*) http://%{REMOTE_ADDR}/ [R=301,L]

I noticed that Atrivo has not been mentioned in other posts.
I recently moved my blog (still within the same domain, but different name) which made it easier to see who is hitting it. In the first 10 minutes after the change I had a number of IP's in the Atrivo block appearing in my error logs.

If you want to see what sites are hosted by Atrivo, check this out...
http://www.bluetack.co.uk/forums/index.php?showtopic=9119

There is more info on http://www.rojisan.com/spam/archives/2004/11/spam_hosting_atrivocom.html

and http://www.thebishop.net/geodog/archives/2004/09/18/anatomy_of_comment_spam_script_vendors_emil_kacperski_and_eugene_blagodarny_and_corporate_helpers.html

In the 24 hours after my blog was moved I was hit every 10 seconds by 5 IP's within the Atrivo block. Since I added the "deny" = nothing.
If you are getting hit on by any of the domains listed in that first link I gave I would recommend you take steps to block. Seems like this host has been around a while and has no intention of enforcing its own AUP.

Jun 18, 2005 17:52

WOW! I cant say that I have ever been hit by them but I will be on the look out now. Nice catch :)

Jul 13, 2005 16:01

I wondered if that might be the case. Can't he just add

Code

deny from 82.***.25.**

to his .htaccess file? Of course, you'll need to use the real ip address. That will prevent this person from any access to your web site. If his IP changes (because his ISP uses dynamic addressing or becuase he goes through a proxy) then this will stop working.

Jul 13, 2005 16:33

Works like a charm, I'm so happy! Thanks a lot, guys! :).

Aug 03, 2005 01:39

I've been trying to get my .htaccess file to work, but for some reason my cgi script isn't working and I'm getting a 500 error, could someone please either post their .htaccess file or e-mail me their file at eljacek@yahoo (nospam) .com

sorry for being a pain, but i've been having one hell of a time. thanks.

Aug 31, 2005 16:41

Whoo and Graham, among others, have loudly touted the effectiveness of renaming the htsrv directory as a component of your anti-spam arsenal. Until recently, I had relied exclusively on some blocks in .htaccess (discussed previously in this thread) to stop spam, but this week I started getting a ton of trackback spam.

I wrote a simple perl script, hidehtsrv.pl, to automate (1) renaming the htsrv directory and (2) updating the _advanced.php configuration file with the change. I set up a cron job to run this script periodically, and so far so good.

Here's a link to the [url=http://www.yabfog.com/files/hidehtsrv.pl]script[/url] and to my [url=http://www.yabfog.com/blog/yabfog/2005/08/30/trackback_spam]blog post[/url].

Note that I use another of my perl scripts to generate a pseudo-random string that is used by hidehtsrv.pl to generate a new name for the htsrv directory. If you like that method, feel free to grab [url=http://www.yabfog.com/files/randpass.pl]randpass.pl[/url], too. Otherwise, you'll need to come up with an alternative.

Aug 31, 2005 18:32

that is wonderful Dan, awesome!!

Aug 31, 2005 21:42

whoo wrote:

that is wonderful Dan, awesome!!

Thanks, Whoo!

I should note that you could also hack comment_post.php and trackback.php to run hidehtsrv.pl every time a comment or trackback is posted. That might be even more effective at stopping spam floods. I'm not doing that right now because I want to limit the number of hacks I'll need to migrate to the next release.

Sep 23, 2005 02:56

whoo wrote:

6. Especially paranoid? Block ALL .info and .biz tlds in your .htaccess. Yes they spam alot.

Code

RewriteCond %{HTTP_REFERER} \.us [NC,OR]
RewriteCond %{HTTP_REFERER} \.info [NC,OR]

I'm now blocking all .to TLDs in my .htaccess thus:

Code

RewriteCond %{HTTP_REFERER} \.to [NC,OR]

I've been getting a lot of referral spam from .to domains lately, and I don't think I've ever seen a "legit" company or site using a .to domain, so screw 'em.

Until I can figure out how to successfully auto-recheck the antispam list, I'll keep these settings in my .htaccess. I have the auto-update working, but can't seem to get the auto-recheck working under .12

jj.

Sep 23, 2005 07:57

Code

## Bad TLDs not covered above
RewriteCond %{HTTP_REFERER} \.by [NC,OR]
RewriteCond %{HTTP_REFERER} \.su [NC,OR]
RewriteCond %{HTTP_REFERER} \.ru [NC,OR]
RewriteCond %{HTTP_REFERER} \.us [NC,OR]
RewriteCond %{HTTP_REFERER} \.info [NC,OR]

mine. i'll keep on the lookout for .to's :) thank you!!

also, on a semi-related note. I came across an interesting anti-spam .htaccess -- ill paste below.

Code

# IP BLOCKS (RANGES)
 
deny from 193.251.169.
deny from 66.98.238.
deny from 220.160.5.
deny from 212.87.26.
deny from 203.174.65.
deny from 67.15.14.
deny from 83.31.165.
deny from 202.101.173.
deny from 83.31.165.
deny from 67.15.14.
deny from 209.66.122.
deny from 216.151.106.
deny from 64.162.110.
deny from 207.58.178.
deny from 69.28.242.
deny from 209.200.31.
deny from 159.61.240.
deny from 222.79.16.
deny from 216.120.184.
deny from 216.177.233.
deny from 216.195.35.
deny from 216.56.240.
deny from 218.12.29.
deny from 218.189.215.
deny from 218.86.126.
deny from 218.98.193.
deny from 219.117.248.
deny from 219.127.248.
deny from 220.178.240.
deny from 220.245.179.
deny from 221.15.5.
deny from 221.186.133.
deny from 222.122.4.
deny from 222.35.11.
deny from 222.45.33.
deny from 24.2.2.
deny from 61.19.219.
deny from 61.219.64.
deny from 61.220.232.
deny from 61.31.195.
deny from 62.110.122.
deny from 63.239.116.
deny from 65.25.70.
deny from 66.215.127.
deny from 67.149.147.
deny from 67.169.19.
deny from 67.171.24.
deny from 67.71.237.
deny from 67.72.25.
deny from 68.46.204.
deny from 68.56.184.
deny from 69.182.46.
deny from 69.57.138.
deny from 70.17.253.
deny from 70.228.44.
deny from 70.85.153.
deny from 80.169.166.
deny from 80.17.233.
deny from 80.55.189.
deny from 80.74.4.
deny from 80.80.51.
deny from 80.81.24.
deny from 81.113.40.
deny from 81.12.0.
deny from 81.50.135.
deny from 82.110.130
deny from 82.135.30.
deny from 82.165.41.
deny from 82.224.136.
deny from 83.100.160.
deny from 83.103.167.
deny from 83.143.18.
deny from 84.112.18.
deny from 85.99.247.
deny from 86.127.4.
deny from 86.34.2.
deny from 12.2.196.
deny from 129.206.55.
deny from 12.96.249.
deny from 129.7.233.
deny from 130.194.11.
deny from 133.9.68.
deny from 134.173.117.
deny from 134.76.10.
deny from 140.121.135.
deny from 140.96.178.
deny from 141.30.84.
deny from 142.179.223.
deny from 143.229.120.
deny from 145.253.178.
deny from 148.223.200.
deny from 148.235.180.
deny from 148.243.6.
deny from 148.244.150.
deny from 148.244.223.
deny from 150.187.117.
deny from 159.61.240.
deny from 159.6.99.
deny from 161.53.156.
deny from 161.53.86.
deny from 161.58.49.
deny from 162.39.225.
deny from 162.40.91.
deny from 163.17.117.
deny from 163.17.127.
deny from 163.17.129.
deny from 163.17.151.
deny from 163.17.161.
deny from 163.17.212.
deny from 163.17.7.
deny from 163.28.48.
deny from 164.100.104.
deny from 164.100.149.
deny from 164.100.150.
deny from 164.164.127.
deny from 165.138.197.
deny from 165.194.121.
deny from 165.228.236.
deny from 166.87.255.
deny from 167.206.79.
deny from 168.10.27.
deny from 168.143.113.
deny from 168.187.0.
deny from 168.216.148.
deny from 168.234.181.
deny from 168.243.232.
deny from 192.204.2.
deny from 192.31.106.
deny from 192.35.35.
deny from 192.55.214.
deny from 192.91.147.
deny from 193.0.74.
deny from 193.126.23.3.
deny from 193.136.157.
deny from 193.140.140.
deny from 193.147.240.
deny from 193.188.77.
deny from 193.194.68.
deny from 193.194.84.
deny from 193.205.153.
deny from 193.251.10.
deny from 193.251.147.
deny from 193.251.149.
deny from 193.251.41.
deny from 193.252.0.
deny from 193.252.28.
deny from 193.43.108.
deny from 193.52.185.
deny from 193.68.5.
deny from 193.77.153.
deny from 193.95.113.
deny from 193.95.90.
deny from 194.105.30.
deny from 194.117.134.
deny from 194.152.185.
deny from 194.154.230.
deny from 194.167.168.
deny from 194.200.3.
deny from 194.209.227.
deny from 194.226.94.
deny from 194.228.61.
deny from 194.2.41.
deny from 194.249.140.
deny from 194.249.248.
deny from 194.27.158.
deny from 194.63.235.
deny from 194.89.17.
deny from 194.90.18.
deny from 194.90.190.
deny from 195.113.148.
deny from 195.113.161.
deny from 195.116.60.
deny from 195.130.76.
deny from 195.136.107.
deny from 195.136.7.
deny from 195.141.101.
deny from 195.145.214.
deny from 195.146.134.
deny from 195.178.53.
deny from 195.215.8.
deny from 195.216.34.
deny from 195.229.241.
deny from 195.234.112.
deny from 195.235.180.
deny from 195.24.194.
deny from 195.245.185.
deny from 195.252.106.
deny from 195.39.213.
deny from 195.54.8.
deny from 195.70.50.
deny from 195.74.122.
deny from 195.96.195.
deny from 195.97.106.
deny from 196.15.164.
deny from 196.200.25.
deny from 196.203.32.
deny from 196.207.230.
deny from 196.2.68.
deny from 196.40.60.
deny from 196.40.61.
deny from 198.209.176.
deny from 198.54.202.
deny from 198.63.211.
deny from 198.79.101.
deny from 200.107.42.
deny from 200.114.199.
deny from 200.114.235.
deny from 200.115.153.
deny from 200.118.115.
deny from 200.12.238.
deny from 200.126.192.
deny from 200.135.240.
deny from 200.1.41.
deny from 200.149.244.
deny from 200.153.112.
deny from 200.153.218.
deny from 200.159.30.
deny from 200.168.66.
deny from 200.171.111.
deny from 200.171.140.
deny from 200.171.70.
deny from 200.175.252.
deny from 200.183.10.
deny from 200.196.101.
deny from 200.196.114.
deny from 200.204.196.
deny from 200.206.160.
deny from 200.207.11.
deny from 200.210.233.
deny from 200.21.21.
deny from 200.213.82.
deny from 200.226.137.
deny from 200.23.166.
deny from 200.242.249.
deny from 200.245.10.
deny from 200.28.83.
deny from 200.30.79.
deny from 200.35.81.
deny from 200.35.90.
deny from 200.42.216.
deny from 200.45.71.
deny from 200.54.176.
deny from 200.67.149.
deny from 200.67.169.
deny from 200.7.105.
deny from 200.75.112.
deny from 200.75.123.
deny from 200.77.144.
deny from 200.84.69.
deny from 200.93.135.
deny from 200.94.210.
deny from 200.95.121.
deny from 201.128.51.
deny from 201.13.1.
deny from 201.140.133.
deny from 201.144.74.
deny from 201.147.199.
deny from 201.153.211.
deny from 201.153.213.
deny from 201.17.147.
deny from 201.224.177.
deny from 201.243.248.
deny from 201.243.38.
deny from 201.243.58.
deny from 201.28.62.
deny from 201.6.233.
deny from 202.107.250.
deny from 202.111.183.
deny from 202.130.84.
deny from 202.134.165.
deny from 202.141.156.
deny from 202.143.137.
deny from 202.143.138.
deny from 202.143.150.
deny from 202.14.68.
deny from 202.147.228.
deny from 202.156.2.
deny from 202.158.165.
deny from 202.164.182.
deny from 202.175.234.
deny from 202.177.82.
deny from 202.181.176.
deny from 202.185.111.
deny from 202.224.23.
deny from 202.239.172.
deny from 202.28.204.
deny from 202.28.27.
deny from 202.29.136.
deny from 202.29.15.
deny from 202.47.247.
deny from 202.61.30.
deny from 202.63.168.
deny from 202.64.21.
deny from 202.64.79.
deny from 202.68.130.
deny from 202.69.200.
deny from 202.7.176.
deny from 202.81.63.
deny from 202.84.100.
deny from 202.84.106.
deny from 202.85.137.
deny from 202.86.205.
deny from 202.92.68.
deny from 202.92.86.
deny from 202.94.229.
deny from 203.101.43.
deny from 203.109.87.
deny from 203.113.143.
deny from 203.115.23.
deny from 203.116.214.
deny from 203.121.131.
deny from 203.125.88.
deny from 203.126.19.
deny from 203.130.255.
deny from 203.131.185.
deny from 203.140.175.
deny from 203.140.56.
deny from 203.144.216.
deny from 203.146.136.
deny from 203.146.86.
deny from 203.147.0.
deny from 203.154.113.
deny from 203.155.1.
deny from 203.160.171.
deny from 203.160.64.
deny from 203.162.128.
deny from 203.162.17.
deny from 203.162.230.
deny from 203.162.247.
deny from 203.162.29.
deny from 203.162.3.
deny from 203.166.96.
deny from 203.166.99.
deny from 203.167.253.
deny from 203.170.226.
deny from 203.172.129.
deny from 203.172.131.
deny from 203.172.200.
deny from 203.187.176.
deny from 203.187.245.
deny from 203.192.206.
deny from 203.197.196.
deny from 203.199.92.
deny from 203.215.81.
deny from 203.22.67.
deny from 203.53.113.
deny from 203.59.162.
deny from 203.79.66.
deny from 204.101.206.
deny from 204.131.46.
deny from 204.131.48.
deny from 204.157.11.
deny from 204.183.208.
deny from 204.186.238.
deny from 204.248.54.
deny from 204.249.97.
deny from 204.8.228.
deny from 204.8.64.
deny from 205.136.240.
deny from 205.148.35.
deny from 205.209.191.
deny from 205.218.66.
deny from 205.234.145.
deny from 205.238.226.
deny from 206.196.125.
deny from 206.225.86.
deny from 206.49.140.
deny from 206.75.228.
deny from 207.109.85.
deny from 207.134.196.
deny from 207.17.47.
deny from 207.200.116.
deny from 207.225.27.
deny from 207.234.208.
deny from 207.243.70.
deny from 207.248.240.
deny from 207.46.98.
deny from 207.67.97.
deny from 207.69.167.
deny from 207.71.248.
deny from 208.147.70.
deny from 208.189.232.
deny from 208.34.84.
deny from 208.53.138.
deny from 209.114.235.
deny from 209.121.91.
deny from 209.161.5.
deny from 209.175.173.
deny from 209.195.170.
deny from 209.212.118.
deny from 209.240.253.
deny from 209.25.147.
deny from 209.253.4.
deny from 209.67.27.
deny from 209.74.45.
deny from 209.79.218.
deny from 209.86.122.
deny from 209.91.207.
deny from 210.0.200.
deny from 210.0.209.
deny from 210.111.247.
deny from 210.1.13.
deny from 210.117.186.
deny from 210.132.169.
deny from 210.162.237.
deny from 210.17.210.
deny from 210.172.95.
deny from 210.174.105.
deny from 210.177.252.
deny from 210.18.94.
deny from 210.19.204.
deny from 210.192.213.
deny from 210.196.191.
deny from 210.212.1.
deny from 210.212.204.
deny from 210.212.253.
deny from 210.21.227.
deny from 210.212.31.
deny from 210.245.164.
deny from 210.3.4.
deny from 210.68.141.
deny from 210.71.57.
deny from 210.73.84.
deny from 210.7.76.
deny from 210.82.214.
deny from 211.114.193.
deny from 211.117.169.
deny from 211.118.206.
deny from 211.138.109.
deny from 211.155.235.
deny from 211.157.104.
deny from 211.170.79.
deny from 211.185.59.
deny from 211.22.114.
deny from 211.22.24.
deny from 211.24.137.
deny from 211.24.161.
deny from 211.38.141.
deny from 211.46.196.
deny from 211.48.62.
deny from 211.7.240.
deny from 211.75.91.
deny from 211.78.176.
deny from 211.94.140.
deny from 212.0.128.
deny from 212.0.132.
deny from 212.0.138.
deny from 212.0.158.
deny from 212.109.59.
deny from 212.117.152.
deny from 212.138.113.
deny from 212.138.47.
deny from 212.142.138.
deny from 212.155.169.
deny from 212.157.64.
deny from 212.175.113.
deny from 212.184.102.
deny from 212.191.34.
deny from 212.199.249.
deny from 212.202.164.
deny from 212.214.78.
deny from 212.234.179.
deny from 212.239.17.
deny from 212.250.79.
deny from 212.251.14.
deny from 212.35.34.
deny from 212.41.228.
deny from 212.49.85.
deny from 212.7.9.
deny from 212.98.36.
deny from 213.114.21.
deny from 213.130.117.
deny from 213.139.151.
deny from 213.156.52.
deny from 213.176.73.
deny from 213.18.248.
deny from 213.186.167.
deny from 213.223.67.
deny from 213.236.144.
deny from 213.243.30.
deny from 213.249.155.
deny from 213.249.17.
deny from 213.25.206.
deny from 213.25.223.
deny from 213.30.188.
deny from 213.37.79.
deny from 213.41.1.
deny from 213.41.176.
deny from 213.42.2.
deny from 213.45.38.
deny from 213.61.29.
deny from 213.76.152.
deny from 213.81.187.
deny from 213.92.96.
deny from 216.103.204.
deny from 216.104.196.
deny from 216.126.141.
deny from 216.130.129.
deny from 216.13.18.
deny from 216.132.3.
deny from 216.135.202.
deny from 216.136.2.
deny from 216.168.230.
deny from 216.168.99.
deny from 216.185.178.
deny from 216.189.194.
deny from 216.196.59.
deny from 216.201.163.
deny from 216.20.117.
deny from 216.216.32.
deny from 216.239.175.
deny from 216.252.181.
deny from 216.60.21.
deny from 216.69.164.
deny from 216.77.62.
deny from 216.86.156.
deny from 217.109.194.
deny from 217.118.101.
deny from 217.133.0.
deny from 217.133.58.
deny from 217.14.142.
deny from 217.148.1.
deny from 217.160.75.
deny from 217.17.41.
deny from 217.199.209.
deny from 217.219.151.
deny from 217.219.18.
deny from 217.33.2.
deny from 217.34.52.
deny from 217.37.77.
deny from 217.40.132.
deny from 217.52.253.
deny from 217.56.101.
deny from 217.67.22.
deny from 217.97.134.
deny from 217.97.237.
deny from 217.97.84.
deny from 218.104.80.
deny from 218.107.238.
deny from 218.13.59.
deny from 218.139.202.
deny from 218.140.212.
deny from 218.177.148.
deny from 218.188.13.
deny from 218.188.23.
deny from 218.189.222.
deny from 218.224.226.
deny from 218.226.201.
deny from 218.230.247.
deny from 218.247.171.
deny from 218.26.157.
deny from 218.28.164.
deny from 218.44.209.
deny from 218.44.225.
deny from 218.44.248.
deny from 218.45.227.
deny from 218.5.149.
deny from 218.5.27.
deny from 218.56.32.
deny from 218.85.47.
deny from 218.85.82.
deny from 218.85.83.
deny from 218.89.171.
deny from 218.91.254.
deny from 218.93.112.
deny from 218.93.119.
deny from 218.97.253.
deny from 219.116.155.
deny from 219.117.201.
deny from 219.118.190.
deny from 219.140.161.
deny from 219.142.40.
deny from 219.145.61.
deny from 219.149.233.
deny from 219.157.155.
deny from 219.163.126.
deny from 219.16.72.
deny from 219.22.18.
deny from 219.22.50.
deny from 219.239.110.
deny from 219.27.12.
deny from 219.52.160.
deny from 219.63.85.
deny from 219.93.174.
deny from 219.93.211.
deny from 219.93.72.
deny from 219.94.45.
deny from 219.95.111.
deny from 219.96.224.
deny from 220.110.164.
deny from 220.110.49.
deny from 220.132.154.
deny from 220.160.2.
deny from 220.192.24.
deny from 220.245.180.
deny from 220.255.13.
deny from 220.99.102.
deny from 221.10.124.
deny from 221.117.84.
deny from 221.142.244.
deny from 221.212.177.
deny from 222.152.158.
deny from 222.185.230.
deny from 24.11.27.
deny from 24.113.68.
deny from 24.121.60.
deny from 24.123.90.
deny from 24.203.49.
deny from 24.226.233.
deny from 24.23.207.
deny from 24.232.134.
deny from 24.232.92.
deny from 24.234.114.
deny from 24.248.80.
deny from 24.6.111.
deny from 24.75.92.
deny from 24.77.194.
deny from 24.98.82.
deny from 38.118.3.
deny from 58.65.151.
deny from 59.120.0.
deny from 59.120.39.
deny from 59.156.99.
deny from 59.56.39.
deny from 60.119.1.
deny from 61.0.62.
deny from 61.12.34.
deny from 61.150.115.
deny from 61.153.27.
deny from 61.153.30.
deny from 61.179.12.
deny from 61.19.220.
deny from 61.194.52.
deny from 61.197.218.
deny from 61.199.156.
deny from 61.201.230.
deny from 61.206.125.
deny from 61.214.29.
deny from 61.218.64.
deny from 61.218.74.
deny from 61.219.11.
deny from 61.219.232.
deny from 61.219.36.
deny from 61.221.184.
deny from 61.221.199.
deny from 61.221.30.
deny from 61.22.230.
deny from 61.24.118.
deny from 61.247.239.
deny from 61.26.204.
deny from 61.30.150.
deny from 61.78.65.
deny from 61.91.155.
deny from 61.95.133.
deny from 62.114.248.
deny from 62.116.15.
deny from 62.123.211.
deny from 62.123.216.
deny from 62.133.42.
deny from 62.141.42.
deny from 62.145.48.
deny from 62.150.25.
deny from 62.17.152.
deny from 62.176.156.
deny from 62.190.127.
deny from 62.193.231.
deny from 62.217.59.
deny from 62.220.99.
deny from 62.22.98.
deny from 62.245.167.
deny from 62.248.110.
deny from 62.24.96.
deny from 62.37.236.
deny from 62.39.176.
deny from 62.56.210.
deny from 62.7.244.
deny from 62.73.165.
deny from 62.77.41.
deny from 62.78.78.
deny from 62.81.214.
deny from 62.94.211.
deny from 62.96.103.
deny from 62.97.72.
deny from 63.165.31.
deny from 63.174.154.
deny from 63.192.198.
deny from 63.207.250.
deny from 63.218.109.
deny from 63.230.254.
deny from 63.241.72.
deny from 63.245.22.
deny from 63.80.101.
deny from 63.97.24.
deny from 64.108.5.
deny from 64.110.82.
deny from 64.128.136.
deny from 64.139.69.
deny from 64.139.90.
deny from 64.170.45.
deny from 64.174.109.
deny from 64.186.55.
deny from 64.191.73.
deny from 64.242.88.
deny from 64.247.118.
deny from 64.42.48.
deny from 64.5.245.
deny from 64.76.142.
deny from 64.76.83.
deny from 64.86.228.
deny from 64.86.235.
deny from 64.92.162.
deny from 64.9.33.
deny from 64.95.116.
deny from 64.95.78.
deny from 65.104.190.
deny from 65.106.145.
deny from 65.110.97.
deny from 65.123.150.
deny from 65.160.238.
deny from 65.164.90.
deny from 65.19.150.
deny from 65.19.154.
deny from 65.200.190.
deny from 65.205.189.
deny from 65.241.12.
deny from 65.245.103.
deny from 65.29.13.
deny from 65.31.82.
deny from 65.43.75.
deny from 65.64.31.
deny from 65.68.11.
deny from 65.75.146.
deny from 65.75.164.
deny from 65.84.245.
deny from 66.1.140.
deny from 66.133.152.
deny from 66.137.110.
deny from 66.141.184.
deny from 66.14.253.
deny from 66.148.141.
deny from 66.160.92.
deny from 66.166.209.
deny from 66.17.15.
deny from 66.183.115.
deny from 66.186.133.
deny from 66.194.55.
deny from 66.196.205.
deny from 66.196.31.
deny from 66.202.75.
deny from 66.207.120.
deny from 66.208.166.
deny from 66.208.197.
deny from 66.208.198.
deny from 66.208.200.
deny from 66.208.203.
deny from 66.208.215.
deny from 66.208.219.
deny from 66.208.220.
deny from 66.208.223.
deny from 66.208.237.
deny from 66.208.246.
deny from 66.208.250.
deny from 66.213.76.
deny from 66.246.218.
deny from 66.255.100.
deny from 66.28.108.
deny from 66.36.212.
deny from 66.36.226.
deny from 66.45.65.
deny from 66.49.33.
deny from 66.55.153.
deny from 66.62.122.
deny from 66.79.179.
deny from 66.79.181.
deny from 66.82.9.
deny from 66.90.15.
deny from 66.92.57.
deny from 66.98.164.
deny from 66.99.246.
deny from 67.106.209.
deny from 67.112.152.
deny from 67.112.95.
deny from 67.121.227.
deny from 67.15.121.
deny from 67.15.62.
deny from 67.173.254.
deny from 67.175.253.
deny from 67.18.98.
deny from 67.19.156.
deny from 67.42.10.
deny from 67.89.45.
deny from 68.111.152.
deny from 68.121.75.
deny from 68.20.44.
deny from 68.225.29.
deny from 68.236.162.
deny from 68.38.178.
deny from 68.44.125.
deny from 68.45.8.
deny from 68.52.80.
deny from 68.61.235.
deny from 68.61.244.
deny from 68.81.79.
deny from 68.91.107.
deny from 68.92.13.
deny from 68.96.160.
deny from 68.97.149.
deny from 69.105.144.
deny from 69.110.61.
deny from 69.11.157.
deny from 69.151.128.
deny from 69.168.29.
deny from 69.17.114.
deny from 69.17.55.
deny from 69.17.65.
deny from 69.20.10.
deny from 69.20.59.
deny from 69.219.98.
deny from 69.242.88.
deny from 69.30.124.
deny from 69.30.133.
deny from 69.31.79.
deny from 69.43.144.
deny from 69.48.118.
deny from 69.50.167.
deny from 69.50.171.
deny from 69.50.175.
deny from 69.50.176.
deny from 69.50.180.
deny from 69.50.191.
deny from 69.57.154.
deny from 69.60.117.
deny from 69.64.37.
deny from 69.93.56.
deny from 70.25.214.
deny from 72.36.208.
deny from 72.36.222.
deny from 80.108.20.
deny from 80.171.15.
deny from 80.188.117.
deny from 80.191.218.
deny from 80.198.101.
deny from 80.231.147.
deny from 80.237.140.
deny from 80.245.171.
deny from 80.28.207.
deny from 80.53.1.
deny from 80.53.109.
deny from 80.53.47.
deny from 80.55.233.
deny from 80.55.65.
deny from 80.58.0.
deny from 80.58.11.
deny from 80.58.14.
deny from 80.58.20.
deny from 80.58.21.
deny from 80.58.23.
deny from 80.58.24.
deny from 80.58.3.
deny from 80.58.32.
deny from 80.58.34.
deny from 80.58.4.
deny from 80.58.41.
deny from 80.58.42.
deny from 80.58.50.
deny from 80.58.5.
deny from 80.58.51.
deny from 80.58.9.
deny from 80.77.80.
deny from 80.77.86.
deny from 80.84.154.
deny from 80.96.38.
deny from 80.97.67.
deny from 80.98.53.
deny from 81.115.170.
deny from 81.115.31.
deny from 81.12.246.
deny from 81.168.158.
deny from 81.168.161.
deny from 81.168.203.
deny from 81.168.72.
deny from 81.169.168.
deny from 81.177.16.
deny from 81.177.7.
deny from 81.208.68.
deny from 81.209.141.
deny from 81.255.87.
deny from 81.28.182.
deny from 81.72.65.
deny from 81.72.97.
deny from 81.80.162.
deny from 81.80.26.
deny from 81.8.110.
deny from 81.86.105.
deny from 82.108.214.
deny from 82.127.76.
deny from 82.133.55.
deny from 82.135.201.
deny from 82.141.201.
deny from 82.154.249.
deny from 82.189.120.
deny from 82.201.185.
deny from 82.207.223.
deny from 82.208.174.
deny from 82.209.241.
deny from 82.225.195.
deny from 82.227.130.
deny from 82.231.200.
deny from 82.37.120.
deny from 82.43.155.
deny from 82.76.208.
deny from 82.76.77.
deny from 82.77.200.
deny from 82.80.133.
deny from 82.99.204.
deny from 83.137.59.
deny from 83.146.17.
deny from 83.146.56.
deny from 83.16.145.
deny from 83.217.224.
deny from 83.227.191.
deny from 83.235.54.
deny from 83.65.7.
deny from 84.109.140.
deny from 84.137.235.
deny from 84.189.197.
deny from 84.189.201.
deny from 84.189.209.
deny from 84.189.217.
deny from 84.189.223.
deny from 84.189.224.
deny from 84.189.227.
deny from 84.189.230.
deny from 84.189.232.
deny from 84.189.247.
deny from 84.189.251.
deny from 85.140.21.
deny from 85.154.198.
deny from 85.64.9.
deny from 85.65.149.
deny from 85.65.176.
deny from 12.42.48.
deny from 129.22.182.
deny from 12.96.164.
deny from 136.142.110.
deny from 148.223.103.
deny from 151.164.228.
deny from 159.134.203.
deny from 168.160.229.
deny from 168.243.227.
deny from 193.194.70.
deny from 193.225.206.
deny from 194.210.9.
deny from 195.110.154.
deny from 195.116.244.
deny from 195.135.155.
deny from 195.182.116.
deny from 195.205.195.
deny from 195.206.3.
deny from 195.228.75.
deny from 195.3.97.
deny from 196.36.80.
deny from 198.109.197.
deny from 198.172.147.
deny from 200.13.218.
deny from 200.149.132.
deny from 200.150.135.
deny from 200.153.120.
deny from 200.171.124.
deny from 200.179.220.
deny from 200.181.52.
deny from 200.181.57.
deny from 200.207.80.
deny from 200.251.128.
deny from 200.27.57.
deny from 200.39.103.
deny from 200.42.211.
deny from 200.55.209.
deny from 200.75.13.
deny from 200.95.128.
deny from 201.135.118.
deny from 202.143.156.
deny from 202.162.212.
deny from 202.164.38.
deny from 202.224.222.
deny from 202.56.236.
deny from 202.69.100.
deny from 202.69.168.
deny from 202.7.166.
deny from 202.96.1.
deny from 203.113.132.
deny from 203.125.141.
deny from 203.172.133.
deny from 203.200.218.
deny from 203.215.70.
deny from 203.82.38.
deny from 204.202.252.
deny from 207.175.180.
deny from 208.34.72.
deny from 209.163.221.
deny from 209.242.139.
deny from 209.248.224.
deny from 210.0.199.
deny from 210.118.120.
deny from 210.170.20.
deny from 210.187.65.
deny from 210.212.2.
deny from 210.236.66.
deny from 211.162.17.
deny from 211.250.181.
deny from 211.253.127.
deny from 211.77.44.
deny from 211.94.75.
deny from 212.0.141.
deny from 212.122.76.
deny from 212.138.64.
deny from 213.11.28.
deny from 213.150.173.
deny from 213.25.156.
deny from 216.141.113.
deny from 216.142.47.
deny from 216.142.90.
deny from 216.72.177.
deny from 217.194.137.
deny from 217.91.108.
deny from 218.145.145.
deny from 218.155.4.
deny from 218.248.1.
deny from 218.44.152.
deny from 218.55.115.
deny from 218.62.72.
deny from 219.101.21.
deny from 219.137.154.
deny from 219.142.111.
deny from 219.149.217.
deny from 219.163.101.
deny from 219.37.108.
deny from 219.43.116.
deny from 219.43.204.
deny from 220.135.57.
deny from 220.245.178.
deny from 221.195.72.
deny from 222.163.27.
deny from 222.240.128.
deny from 222.45.58.
deny from 222.53.125.
deny from 24.118.185.
deny from 24.130.45.
deny from 24.163.137.
deny from 24.185.71.
deny from 24.199.143.
deny from 24.20.9.
deny from 60.248.35.
deny from 61.100.187.
deny from 61.14.18.
deny from 61.187.56.
deny from 61.194.17.
deny from 61.208.100.
deny from 61.222.168.
deny from 61.74.253.
deny from 61.80.75.
deny from 62.153.135.
deny from 62.173.235.
deny from 62.212.122.
deny from 62.244.112.
deny from 62.75.220.
deny from 62.93.34.
deny from 63.100.195.
deny from 63.130.248.
deny from 63.144.59.
deny from 63.79.142.
deny from 64.0.224.
deny from 64.175.80.
deny from 64.42.246.
deny from 64.66.0.
deny from 65.113.234.
deny from 65.16.102.
deny from 65.28.213.
deny from 65.78.105.
deny from 65.89.138.
deny from 65.89.174.
deny from 66.134.121.
deny from 66.159.211.
deny from 66.187.104.
deny from 66.190.160.
deny from 66.88.133.
deny from 67.173.67.
deny from 67.175.116.
deny from 67.52.64.
deny from 67.96.201.
deny from 67.96.236.
deny from 67.98.188.
deny from 67.99.34.
deny from 68.106.215.
deny from 68.120.235.
deny from 68.51.74.
deny from 68.78.30.
deny from 69.119.253.
deny from 69.15.27.
deny from 69.167.10.
deny from 69.37.82.
deny from 69.86.23.
deny from 70.185.235.
deny from 71.11.154.
deny from 80.124.153.
deny from 80.229.63.
deny from 80.247.147.
deny from 80.55.114.
deny from 80.58.37.
deny from 80.58.43.
deny from 80.58.8.
deny from 80.98.164.
deny from 81.192.48.
deny from 81.193.115.
deny from 81.199.24.
deny from 81.56.240.
deny from 82.141.232.
deny from 82.225.61.
deny from 82.237.216.
deny from 82.70.4.
deny from 83.145.68.
deny from 84.119.253.
deny from 84.154.21.
deny from 84.189.239.
deny from 85.18.29.
deny from 85.218.20.
deny from 85.44.189.
deny from 18.60.3.
deny from 195.205.195.
deny from 195.206.3.
deny from 200.167.160.
deny from 200.30.173.
deny from 202.108.248.
deny from 202.175.181.
deny from 202.84.38.
deny from 203.101.254.
deny from 203.151.63.
deny from 203.162.92.
deny from 213.56.31.
deny from 60.248.79.
deny from 66.159.224.
deny from 68.20.47.
deny from 69.243.93.
deny from 80.53.57.
deny from 85.218.20.
 
# SINGLE WORD BLOCKS
 
# PHARMACY CRAP
 
RewriteCond %{HTTP_REFERER} medicine [NC,OR]
RewriteCond %{HTTP_REFERER} health [NC,OR]
RewriteCond %{HTTP_REFERER} retin-a [NC,OR]
RewriteCond %{HTTP_REFERER} ionamin [NC,OR]
RewriteCond %{HTTP_REFERER} adipex [NC,OR]
RewriteCond %{HTTP_REFERER} xenical [NC,OR]
RewriteCond %{HTTP_REFERER} tramadol [NC,OR]
RewriteCond %{HTTP_REFERER} cialis [NC,OR]
RewriteCond %{HTTP_REFERER} fluoxetine [NC,OR]
RewriteCond %{HTTP_REFERER} pharmacy [NC,OR]
RewriteCond %{HTTP_REFERER} ultram [NC,OR]
RewriteCond %{HTTP_REFERER} tramadol [NC,OR]
RewriteCond %{HTTP_REFERER} imitrex [NC,OR]
RewriteCond %{HTTP_REFERER} ultracet [NC,OR]
RewriteCond %{HTTP_REFERER} levitra [NC,OR]
RewriteCond %{HTTP_REFERER} triphasil [NC,OR]
RewriteCond %{HTTP_REFERER} estradiol [NC,OR]
RewriteCond %{HTTP_REFERER} diflucan [NC,OR]
RewriteCond %{HTTP_REFERER} zyban [NC,OR]
RewriteCond %{HTTP_REFERER} phentermine [NC,OR]
RewriteCond %{HTTP_REFERER} valtrex [NC,OR]
RewriteCond %{HTTP_REFERER} aldara [NC,OR]
RewriteCond %{HTTP_REFERER} condylox [NC,OR]
RewriteCond %{HTTP_REFERER} acyclovir [NC,OR]
RewriteCond %{HTTP_REFERER} famvir [NC,OR]
RewriteCond %{HTTP_REFERER} denavir [NC,OR]
RewriteCond %{HTTP_REFERER} zovirax [NC,OR]
RewriteCond %{HTTP_REFERER} cyclobenzaprine [NC,OR]
RewriteCond %{HTTP_REFERER} zanaflex [NC,OR]
RewriteCond %{HTTP_REFERER} carisoprodol [NC,OR]
RewriteCond %{HTTP_REFERER} skelaxin [NC,OR]
RewriteCond %{HTTP_REFERER} paxil [NC,OR]
RewriteCond %{HTTP_REFERER} prescription [NC,OR]
RewriteCond %{HTTP_REFERER} valium [NC,OR]
RewriteCond %{HTTP_REFERER} hydrocodone [NC,OR]
RewriteCond %{HTTP_REFERER} viagra [NC,OR]
RewriteCond %{HTTP_REFERER} propecia [NC,OR]
RewriteCond %{HTTP_REFERER} celebrex [NC,OR]
RewriteCond %{HTTP_REFERER} pills [NC,OR]
RewriteCond %{HTTP_REFERER} xanax [NC,OR]
RewriteCond %{HTTP_REFERER} meridia [NC,OR]
RewriteCond %{HTTP_REFERER} pharmacie [NC,OR]
RewriteCond %{HTTP_REFERER} viagra [NC,OR]
RewriteCond %{HTTP_REFERER} ambien [NC,OR]
 
# GAMBLING CRAP
 
RewriteCond %{HTTP_REFERER} poker [NC,OR]
RewriteCond %{HTTP_REFERER} blackjack [NC,OR]
RewriteCond %{HTTP_REFERER} black-jack [NC,OR]
RewriteCond %{HTTP_REFERER} casino [NC,OR]
RewriteCond %{HTTP_REFERER} roulette [NC,OR]
RewriteCond %{HTTP_REFERER} gambling [NC,OR]
RewriteCond %{HTTP_REFERER} texas- [NC,OR]
RewriteCond %{HTTP_REFERER} holdem [NC,OR]
 
# FINANCIAL / MARKETING CRAP
 
RewriteCond %{HTTP_REFERER} paying [NC,OR]
RewriteCond %{HTTP_REFERER} mortgage [NC,OR]
RewriteCond %{HTTP_REFERER} finance [NC,OR]
RewriteCond %{HTTP_REFERER} insurance [NC,OR]
RewriteCond %{HTTP_REFERER} credit [NC,OR]
RewriteCond %{HTTP_REFERER} credit-card [NC,OR]
RewriteCond %{HTTP_REFERER} loan [NC,OR]
RewriteCond %{HTTP_REFERER} buy [NC,OR]
RewriteCond %{HTTP_REFERER} cheap- [NC,OR]
RewriteCond %{HTTP_REFERER} commercial- [NC,OR]
RewriteCond %{HTTP_REFERER} webmaster [NC,OR]
RewriteCond %{HTTP_REFERER} affiliate [NC,OR]
RewriteCond %{HTTP_REFERER} order- [NC,OR]
RewriteCond %{HTTP_REFERER} business [NC,OR]
 
# SEX / PORN CRAP
 
RewriteCond %{HTTP_REFERER} -rape [NC,OR]
RewriteCond %{HTTP_REFERER} xxx [NC,OR]
RewriteCond %{HTTP_REFERER} bestiality [NC,OR]
RewriteCond %{HTTP_REFERER} sodomy [NC,OR]
RewriteCond %{HTTP_REFERER} rape- [NC,OR]
RewriteCond %{HTTP_REFERER} sperm [NC,OR]
RewriteCond %{HTTP_REFERER} semen [NC,OR]
RewriteCond %{HTTP_REFERER} ejacula [NC,OR]
RewriteCond %{HTTP_REFERER} blowjob [NC,OR]
RewriteCond %{HTTP_REFERER} blow-job [NC,OR]
RewriteCond %{HTTP_REFERER} gay [NC,OR]
RewriteCond %{HTTP_REFERER} -sex [NC,OR]
RewriteCond %{HTTP_REFERER} -teen [NC,OR]
RewriteCond %{HTTP_REFERER} teen- [NC,OR]
RewriteCond %{HTTP_REFERER} -pics [NC,OR]
RewriteCond %{HTTP_REFERER} sex- [NC,OR]
RewriteCond %{HTTP_REFERER} incest [NC,OR]
RewriteCond %{HTTP_REFERER} lesbian [NC,OR]
RewriteCond %{HTTP_REFERER} adult [NC,OR]
RewriteCond %{HTTP_REFERER} hentai [NC,OR]
RewriteCond %{HTTP_REFERER} porn [NC,OR]
 
# MISC
 
RewriteCond %{HTTP_REFERER} cruises [NC,OR]
RewriteCond %{HTTP_REFERER} premature [NC,OR]
RewriteCond %{HTTP_REFERER} ejaculation [NC,OR]
RewriteCond %{HTTP_REFERER} penis [NC,OR]
RewriteCond %{HTTP_REFERER} replica [NC,OR]
RewriteCond %{HTTP_REFERER} watches [NC,OR]
RewriteCond %{HTTP_REFERER} diet [NC,OR]
RewriteCond %{HTTP_REFERER} cams [NC,OR]
 
# DOMAINS AND RULES
 
RewriteCond %{HTTP_REFERER} (shemale|milf|oldfatties|lesbian).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} 6q.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} smsportali.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ronnieazza.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} future-2000.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} inkjetandtonercartridges.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} nutzu.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?[\w\-_.]*(cams)[\w\-_.]*\.[a-z]{2,} [NC,OR]
RewriteCond %{HTTP_REFERER} andrewsaluk\.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} dvdwizardpro\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} asstraffic\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} allinternal\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} givemepink\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} bizhat\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} clickncum\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} analloverz\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} xratedcities\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} (levitra|lolita|phentermine|viagra|vig-?rx|zyban|valtex|xenical|adipex|meridia\b)[\w\-_.]*\.[a-z]{2,}.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} (diet|penis)[\w\-_.]*(pills|enlargement)[\w\-_.]*\.[a-z]{2,}.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} nasty-pages\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} afreeserver\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} jxnarc\.org.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} gacicuba\.org.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} worfa\.org.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} sexushost\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} w5\.pl.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} (pharmacy|valtrex|zyrtec|\bhgh\b|ambien\b|flonase|allegra|didrex|renova\b|bontril|nexium)[\w\-_.]*\.[a-z]{2,}.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} (ultram\b|\btenuate|tramadol|pheromones|phendimetrazine|ionamin|ortho\.?tricyclen|retin\.?a\b)[\w\-_.]*\.[a-z]{2,}.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} (prozac|zoloft|xanax|valium|hydrocodone|vicodin|paxil|vioxx)[\w\-_.]*\.[a-z]{2,}.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} (online)[\w\-_.]*casino[\w\-_.]*\.[a-z]{2,}.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} xadulthosting\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} cyberfreehost\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} (blow)[\w\-_.]*job[\w\-_.]*\.[a-z]{2,}.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} bestpornhost\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} adultfreehosting\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} video-poker.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} anzwers\.org.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} 7p\.org\.uk.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} x-beat\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} (buy)[\w\-_.]*online[\w\-_.]*\.[a-z]{2,}.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} greatnow\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} 125mb\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} free-online-poker.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} t35\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} vcdrookie\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} insurancecompanies4you\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} mortgagerates4all\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} education-line\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} medicinetrail\.org.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} home-loans-inc\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} jobsearchlegal\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} (mac-hq\.com|globaleducationeurope\.net|liveplanets\.com|aeterna|foxmedia|edthomas|protzonbeer|escort).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} texas-holdem.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} medical4order\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} booktextone\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} pharmacyv\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} warp9\.to.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} freakin\.nl.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} bestall\.ru.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} flying\.to.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} szm\.sk.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} sbn\.bz.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} go\.to.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} cut\.by.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} \.ms.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} bizarresexgalleries\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} loan-boat\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} -boat\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} trumpetmission\.org.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} jaja-jak-globusy\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} penfind\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} netfirms\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} alabamaworks\.org.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} jobsteve\.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} poker.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} net\.mx.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} com\.mx.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} freewebpage\.org.*$
RewriteRule .* n [F,L]

if youve actually gotten to the bottom :P I should say that I was primarily interested in the IP blocks since i absolutely abhor the use of proxies for spamming.

Sep 23, 2005 08:14

I got to the bottom, but I scroll fast ;)

You might as well block .to if you're into wiping out entire TLDs. They are all over the antispam system now. Literally hundreds of variants of a large assortment of domain names. I think we've added almost 10 domains of the .to flavor in the past week, and I've deprecated hundreds of the variant versions.

Nov 19, 2005 15:52

Can someone knowledgeable comment on my .htaccess file and let me know what they think. Thanks

RewriteEngine On
RewriteBase /

<IfModule mod_dir.c>
DirectoryIndex index.php index.html
</IfModule>

<IfModule mod_php4.c>
php_flag register_globals off
</IfModule>
# Fix for comments
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://apologia.rtrc.net/.*$ [NC]
RewriteCond %{REQUEST_URI} ^.*comment_post\.php$
RewriteRule .* - [F]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)cialis(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)forex(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)adultactioncam(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)andrewsaluk(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)sexsearchcom(.*)$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)cumfiesta(.*)$ [NC,OR]
RewriteCond %{HTTP:VIA} ^.+pinappleproxy [NC,OR]
RewriteCond %{HTTP_REFERER} \.us [NC,OR]
RewriteCond %{HTTP_REFERER} \.info [NC] //
RewriteRule ^(.*) http://%{REMOTE_ADDR}/ [R=301,L]

# IP BLOCKS (RANGES)

deny from 193.251.169.
deny from 66.98.238.
deny from 220.160.5.
deny from 212.87.26.
deny from 203.174.65.
deny from 67.15.14.
deny from 83.31.165.
deny from 202.101.173.
deny from 83.31.165.
deny from 67.15.14.
deny from 209.66.122.
deny from 216.151.106.
deny from 64.162.110.
deny from 207.58.178.
deny from 69.28.242.
deny from 209.200.31.
deny from 159.61.240.
deny from 222.79.16.
deny from 216.120.184.
deny from 216.177.233.
deny from 216.195.35.
deny from 216.56.240.
deny from 218.12.29.
deny from 218.189.215.
deny from 218.86.126.
deny from 218.98.193.
deny from 219.117.248.
deny from 219.127.248.
deny from 220.178.240.
deny from 220.245.179.
deny from 221.15.5.
deny from 221.186.133.
deny from 222.122.4.
deny from 222.35.11.
deny from 222.45.33.
deny from 24.2.2.
deny from 61.19.219.
deny from 61.219.64.
deny from 61.220.232.
deny from 61.31.195.
deny from 62.110.122.
deny from 63.239.116.
deny from 65.25.70.
deny from 66.215.127.
deny from 67.149.147.
deny from 67.169.19.
deny from 67.171.24.
deny from 67.71.237.
deny from 67.72.25.
deny from 68.46.204.
deny from 68.56.184.
deny from 69.182.46.
deny from 69.57.138.
deny from 70.17.253.
deny from 70.228.44.
deny from 70.85.153.
deny from 80.169.166.
deny from 80.17.233.
deny from 80.55.189.
deny from 80.74.4.
deny from 80.80.51.
deny from 80.81.24.
deny from 81.113.40.
deny from 81.12.0.
deny from 81.50.135.
deny from 82.110.130
deny from 82.135.30.
deny from 82.165.41.
deny from 82.224.136.
deny from 83.100.160.
deny from 83.103.167.
deny from 83.143.18.
deny from 84.112.18.
deny from 85.99.247.
deny from 86.127.4.
deny from 86.34.2.
deny from 12.2.196.
deny from 129.206.55.
deny from 12.96.249.
deny from 129.7.233.
deny from 130.194.11.
deny from 133.9.68.
deny from 134.173.117.
deny from 134.76.10.
deny from 140.121.135.
deny from 140.96.178.
deny from 141.30.84.
deny from 142.179.223.
deny from 143.229.120.
deny from 145.253.178.
deny from 148.223.200.
deny from 148.235.180.
deny from 148.243.6.
deny from 148.244.150.
deny from 148.244.223.
deny from 150.187.117.
deny from 159.61.240.
deny from 159.6.99.
deny from 161.53.156.
deny from 161.53.86.
deny from 161.58.49.
deny from 162.39.225.
deny from 162.40.91.
deny from 163.17.117.
deny from 163.17.127.
deny from 163.17.129.
deny from 163.17.151.
deny from 163.17.161.
deny from 163.17.212.
deny from 163.17.7.
deny from 163.28.48.
deny from 164.100.104.
deny from 164.100.149.
deny from 164.100.150.
deny from 164.164.127.
deny from 165.138.197.
deny from 165.194.121.
deny from 165.228.236.
deny from 166.87.255.
deny from 167.206.79.
deny from 168.10.27.
deny from 168.143.113.
deny from 168.187.0.
deny from 168.216.148.
deny from 168.234.181.
deny from 168.243.232.
deny from 192.204.2.
deny from 192.31.106.
deny from 192.35.35.
deny from 192.55.214.
deny from 192.91.147.
deny from 193.0.74.
deny from 193.126.23.3.
deny from 193.136.157.
deny from 193.140.140.
deny from 193.147.240.
deny from 193.188.77.
deny from 193.194.68.
deny from 193.194.84.
deny from 193.205.153.
deny from 193.251.10.
deny from 193.251.147.
deny from 193.251.149.
deny from 193.251.41.
deny from 193.252.0.
deny from 193.252.28.
deny from 193.43.108.
deny from 193.52.185.
deny from 193.68.5.
deny from 193.77.153.
deny from 193.95.113.
deny from 193.95.90.
deny from 194.105.30.
deny from 194.117.134.
deny from 194.152.185.
deny from 194.154.230.
deny from 194.167.168.
deny from 194.200.3.
deny from 194.209.227.
deny from 194.226.94.
deny from 194.228.61.
deny from 194.2.41.
deny from 194.249.140.
deny from 194.249.248.
deny from 194.27.158.
deny from 194.63.235.
deny from 194.89.17.
deny from 194.90.18.
deny from 194.90.190.
deny from 195.113.148.
deny from 195.113.161.
deny from 195.116.60.
deny from 195.130.76.
deny from 195.136.107.
deny from 195.136.7.
deny from 195.141.101.
deny from 195.145.214.
deny from 195.146.134.
deny from 195.178.53.
deny from 195.215.8.
deny from 195.216.34.
deny from 195.229.241.
deny from 195.234.112.
deny from 195.235.180.
deny from 195.24.194.
deny from 195.245.185.
deny from 195.252.106.
deny from 195.39.213.
deny from 195.54.8.
deny from 195.70.50.
deny from 195.74.122.
deny from 195.96.195.
deny from 195.97.106.
deny from 196.15.164.
deny from 196.200.25.
deny from 196.203.32.
deny from 196.207.230.
deny from 196.2.68.
deny from 196.40.60.
deny from 196.40.61.
deny from 198.209.176.
deny from 198.54.202.
deny from 198.63.211.
deny from 198.79.101.
deny from 200.107.42.
deny from 200.114.199.
deny from 200.114.235.
deny from 200.115.153.
deny from 200.118.115.
deny from 200.12.238.
deny from 200.126.192.
deny from 200.135.240.
deny from 200.1.41.
deny from 200.149.244.
deny from 200.153.112.
deny from 200.153.218.
deny from 200.159.30.
deny from 200.168.66.
deny from 200.171.111.
deny from 200.171.140.
deny from 200.171.70.
deny from 200.175.252.
deny from 200.183.10.
deny from 200.196.101.
deny from 200.196.114.
deny from 200.204.196.
deny from 200.206.160.
deny from 200.207.11.
deny from 200.210.233.
deny from 200.21.21.
deny from 200.213.82.
deny from 200.226.137.
deny from 200.23.166.
deny from 200.242.249.
deny from 200.245.10.
deny from 200.28.83.
deny from 200.30.79.
deny from 200.35.81.
deny from 200.35.90.
deny from 200.42.216.
deny from 200.45.71.
deny from 200.54.176.
deny from 200.67.149.
deny from 200.67.169.
deny from 200.7.105.
deny from 200.75.112.
deny from 200.75.123.
deny from 200.77.144.
deny from 200.84.69.
deny from 200.93.135.
deny from 200.94.210.
deny from 200.95.121.
deny from 201.128.51.
deny from 201.13.1.
deny from 201.140.133.
deny from 201.144.74.
deny from 201.147.199.
deny from 201.153.211.
deny from 201.153.213.
deny from 201.17.147.
deny from 201.224.177.
deny from 201.243.248.
deny from 201.243.38.
deny from 201.243.58.
deny from 201.28.62.
deny from 201.6.233.
deny from 202.107.250.
deny from 202.111.183.
deny from 202.130.84.
deny from 202.134.165.
deny from 202.141.156.
deny from 202.143.137.
deny from 202.143.138.
deny from 202.143.150.
deny from 202.14.68.
deny from 202.147.228.
deny from 202.156.2.
deny from 202.158.165.
deny from 202.164.182.
deny from 202.175.234.
deny from 202.177.82.
deny from 202.181.176.
deny from 202.185.111.
deny from 202.224.23.
deny from 202.239.172.
deny from 202.28.204.
deny from 202.28.27.
deny from 202.29.136.
deny from 202.29.15.
deny from 202.47.247.
deny from 202.61.30.
deny from 202.63.168.
deny from 202.64.21.
deny from 202.64.79.
deny from 202.68.130.
deny from 202.69.200.
deny from 202.7.176.
deny from 202.81.63.
deny from 202.84.100.
deny from 202.84.106.
deny from 202.85.137.
deny from 202.86.205.
deny from 202.92.68.
deny from 202.92.86.
deny from 202.94.229.
deny from 203.101.43.
deny from 203.109.87.
deny from 203.113.143.
deny from 203.115.23.
deny from 203.116.214.
deny from 203.121.131.
deny from 203.125.88.
deny from 203.126.19.
deny from 203.130.255.
deny from 203.131.185.
deny from 203.140.175.
deny from 203.140.56.
deny from 203.144.216.
deny from 203.146.136.
deny from 203.146.86.
deny from 203.147.0.
deny from 203.154.113.
deny from 203.155.1.
deny from 203.160.171.
deny from 203.160.64.
deny from 203.162.128.
deny from 203.162.17.
deny from 203.162.230.
deny from 203.162.247.
deny from 203.162.29.
deny from 203.162.3.
deny from 203.166.96.
deny from 203.166.99.
deny from 203.167.253.
deny from 203.170.226.
deny from 203.172.129.
deny from 203.172.131.
deny from 203.172.200.
deny from 203.187.176.
deny from 203.187.245.
deny from 203.192.206.
deny from 203.197.196.
deny from 203.199.92.
deny from 203.215.81.
deny from 203.22.67.
deny from 203.53.113.
deny from 203.59.162.
deny from 203.79.66.
deny from 204.101.206.
deny from 204.131.46.
deny from 204.131.48.
deny from 204.157.11.
deny from 204.183.208.
deny from 204.186.238.
deny from 204.248.54.
deny from 204.249.97.
deny from 204.8.228.
deny from 204.8.64.
deny from 205.136.240.
deny from 205.148.35.
deny from 205.209.191.
deny from 205.218.66.
deny from 205.234.145.
deny from 205.238.226.
deny from 206.196.125.
deny from 206.225.86.
deny from 206.49.140.
deny from 206.75.228.
deny from 207.109.85.
deny from 207.134.196.
deny from 207.17.47.
deny from 207.200.116.
deny from 207.225.27.
deny from 207.234.208.
deny from 207.243.70.
deny from 207.248.240.
deny from 207.46.98.
deny from 207.67.97.
deny from 207.69.167.
deny from 207.71.248.
deny from 208.147.70.
deny from 208.189.232.
deny from 208.34.84.
deny from 208.53.138.
deny from 209.114.235.
deny from 209.121.91.
deny from 209.161.5.
deny from 209.175.173.
deny from 209.195.170.
deny from 209.212.118.
deny from 209.240.253.
deny from 209.25.147.
deny from 209.253.4.
deny from 209.67.27.
deny from 209.74.45.
deny from 209.79.218.
deny from 209.86.122.
deny from 209.91.207.
deny from 210.0.200.
deny from 210.0.209.
deny from 210.111.247.
deny from 210.1.13.
deny from 210.117.186.
deny from 210.132.169.
deny from 210.162.237.
deny from 210.17.210.
deny from 210.172.95.
deny from 210.174.105.
deny from 210.177.252.
deny from 210.18.94.
deny from 210.19.204.
deny from 210.192.213.
deny from 210.196.191.
deny from 210.212.1.
deny from 210.212.204.
deny from 210.212.253.
deny from 210.21.227.
deny from 210.212.31.
deny from 210.245.164.
deny from 210.3.4.
deny from 210.68.141.
deny from 210.71.57.
deny from 210.73.84.
deny from 210.7.76.
deny from 210.82.214.
deny from 211.114.193.
deny from 211.117.169.
deny from 211.118.206.
deny from 211.138.109.
deny from 211.155.235.
deny from 211.157.104.
deny from 211.170.79.
deny from 211.185.59.
deny from 211.22.114.
deny from 211.22.24.
deny from 211.24.137.
deny from 211.24.161.
deny from 211.38.141.
deny from 211.46.196.
deny from 211.48.62.
deny from 211.7.240.
deny from 211.75.91.
deny from 211.78.176.
deny from 211.94.140.
deny from 212.0.128.
deny from 212.0.132.
deny from 212.0.138.
deny from 212.0.158.
deny from 212.109.59.
deny from 212.117.152.
deny from 212.138.113.
deny from 212.138.47.
deny from 212.142.138.
deny from 212.155.169.
deny from 212.157.64.
deny from 212.175.113.
deny from 212.184.102.
deny from 212.191.34.
deny from 212.199.249.
deny from 212.202.164.
deny from 212.214.78.
deny from 212.234.179.
deny from 212.239.17.
deny from 212.250.79.
deny from 212.251.14.
deny from 212.35.34.
deny from 212.41.228.
deny from 212.49.85.
deny from 212.7.9.
deny from 212.98.36.
deny from 213.114.21.
deny from 213.130.117.
deny from 213.139.151.
deny from 213.156.52.
deny from 213.176.73.
deny from 213.18.248.
deny from 213.186.167.
deny from 213.223.67.
deny from 213.236.144.
deny from 213.243.30.
deny from 213.249.155.
deny from 213.249.17.
deny from 213.25.206.
deny from 213.25.223.
deny from 213.30.188.
deny from 213.37.79.
deny from 213.41.1.
deny from 213.41.176.
deny from 213.42.2.
deny from 213.45.38.
deny from 213.61.29.
deny from 213.76.152.
deny from 213.81.187.
deny from 213.92.96.
deny from 216.103.204.
deny from 216.104.196.
deny from 216.126.141.
deny from 216.130.129.
deny from 216.13.18.
deny from 216.132.3.
deny from 216.135.202.
deny from 216.136.2.
deny from 216.168.230.
deny from 216.168.99.
deny from 216.185.178.
deny from 216.189.194.
deny from 216.196.59.
deny from 216.201.163.
deny from 216.20.117.
deny from 216.216.32.
deny from 216.239.175.
deny from 216.252.181.
deny from 216.60.21.
deny from 216.69.164.
deny from 216.77.62.
deny from 216.86.156.
deny from 217.109.194.
deny from 217.118.101.
deny from 217.133.0.
deny from 217.133.58.
deny from 217.14.142.
deny from 217.148.1.
deny from 217.160.75.
deny from 217.17.41.
deny from 217.199.209.
deny from 217.219.151.
deny from 217.219.18.
deny from 217.33.2.
deny from 217.34.52.
deny from 217.37.77.
deny from 217.40.132.
deny from 217.52.253.
deny from 217.56.101.
deny from 217.67.22.
deny from 217.97.134.
deny from 217.97.237.
deny from 217.97.84.
deny from 218.104.80.
deny from 218.107.238.
deny from 218.13.59.
deny from 218.139.202.
deny from 218.140.212.
deny from 218.177.148.
deny from 218.188.13.
deny from 218.188.23.
deny from 218.189.222.
deny from 218.224.226.
deny from 218.226.201.
deny from 218.230.247.
deny from 218.247.171.
deny from 218.26.157.
deny from 218.28.164.
deny from 218.44.209.
deny from 218.44.225.
deny from 218.44.248.
deny from 218.45.227.
deny from 218.5.149.
deny from 218.5.27.
deny from 218.56.32.
deny from 218.85.47.
deny from 218.85.82.
deny from 218.85.83.
deny from 218.89.171.
deny from 218.91.254.
deny from 218.93.112.
deny from 218.93.119.
deny from 218.97.253.
deny from 219.116.155.
deny from 219.117.201.
deny from 219.118.190.
deny from 219.140.161.
deny from 219.142.40.
deny from 219.145.61.
deny from 219.149.233.
deny from 219.157.155.
deny from 219.163.126.
deny from 219.16.72.
deny from 219.22.18.
deny from 219.22.50.
deny from 219.239.110.
deny from 219.27.12.
deny from 219.52.160.
deny from 219.63.85.
deny from 219.93.174.
deny from 219.93.211.
deny from 219.93.72.
deny from 219.94.45.
deny from 219.95.111.
deny from 219.96.224.
deny from 220.110.164.
deny from 220.110.49.
deny from 220.132.154.
deny from 220.160.2.
deny from 220.192.24.
deny from 220.245.180.
deny from 220.255.13.
deny from 220.99.102.
deny from 221.10.124.
deny from 221.117.84.
deny from 221.142.244.
deny from 221.212.177.
deny from 222.152.158.
deny from 222.185.230.
deny from 24.11.27.
deny from 24.113.68.
deny from 24.121.60.
deny from 24.123.90.
deny from 24.203.49.
deny from 24.226.233.
deny from 24.23.207.
deny from 24.232.134.
deny from 24.232.92.
deny from 24.234.114.
deny from 24.248.80.
deny from 24.6.111.
deny from 24.75.92.
deny from 24.77.194.
deny from 24.98.82.
deny from 38.118.3.
deny from 58.65.151.
deny from 59.120.0.
deny from 59.120.39.
deny from 59.156.99.
deny from 59.56.39.
deny from 60.119.1.
deny from 61.0.62.
deny from 61.12.34.
deny from 61.150.115.
deny from 61.153.27.
deny from 61.153.30.
deny from 61.179.12.
deny from 61.19.220.
deny from 61.194.52.
deny from 61.197.218.
deny from 61.199.156.
deny from 61.201.230.
deny from 61.206.125.
deny from 61.214.29.
deny from 61.218.64.
deny from 61.218.74.
deny from 61.219.11.
deny from 61.219.232.
deny from 61.219.36.
deny from 61.221.184.
deny from 61.221.199.
deny from 61.221.30.
deny from 61.22.230.
deny from 61.24.118.
deny from 61.247.239.
deny from 61.26.204.
deny from 61.30.150.
deny from 61.78.65.
deny from 61.91.155.
deny from 61.95.133.
deny from 62.114.248.
deny from 62.116.15.
deny from 62.123.211.
deny from 62.123.216.
deny from 62.133.42.
deny from 62.141.42.
deny from 62.145.48.
deny from 62.150.25.
deny from 62.17.152.
deny from 62.176.156.
deny from 62.190.127.
deny from 62.193.231.
deny from 62.217.59.
deny from 62.220.99.
deny from 62.22.98.
deny from 62.245.167.
deny from 62.248.110.
deny from 62.24.96.
deny from 62.37.236.
deny from 62.39.176.
deny from 62.56.210.
deny from 62.7.244.
deny from 62.73.165.
deny from 62.77.41.
deny from 62.78.78.
deny from 62.81.214.
deny from 62.94.211.
deny from 62.96.103.
deny from 62.97.72.
deny from 63.165.31.
deny from 63.174.154.
deny from 63.192.198.
deny from 63.207.250.
deny from 63.218.109.
deny from 63.230.254.
deny from 63.241.72.
deny from 63.245.22.
deny from 63.80.101.
deny from 63.97.24.
deny from 64.108.5.
deny from 64.110.82.
deny from 64.128.136.
deny from 64.139.69.
deny from 64.139.90.
deny from 64.170.45.
deny from 64.174.109.
deny from 64.186.55.
deny from 64.191.73.
deny from 64.242.88.
deny from 64.247.118.
deny from 64.42.48.
deny from 64.5.245.
deny from 64.76.142.
deny from 64.76.83.
deny from 64.86.228.
deny from 64.86.235.
deny from 64.92.162.
deny from 64.9.33.
deny from 64.95.116.
deny from 64.95.78.
deny from 65.104.190.
deny from 65.106.145.
deny from 65.110.97.
deny from 65.123.150.
deny from 65.160.238.
deny from 65.164.90.
deny from 65.19.150.
deny from 65.19.154.
deny from 65.200.190.
deny from 65.205.189.
deny from 65.241.12.
deny from 65.245.103.
deny from 65.29.13.
deny from 65.31.82.
deny from 65.43.75.
deny from 65.64.31.
deny from 65.68.11.
deny from 65.75.146.
deny from 65.75.164.
deny from 65.84.245.
deny from 66.1.140.
deny from 66.133.152.
deny from 66.137.110.
deny from 66.141.184.
deny from 66.14.253.
deny from 66.148.141.
deny from 66.160.92.
deny from 66.166.209.
deny from 66.17.15.
deny from 66.183.115.
deny from 66.186.133.
deny from 66.194.55.
deny from 66.196.205.
deny from 66.196.31.
deny from 66.202.75.
deny from 66.207.120.
deny from 66.208.166.
deny from 66.208.197.
deny from 66.208.198.
deny from 66.208.200.
deny from 66.208.203.
deny from 66.208.215.
deny from 66.208.219.
deny from 66.208.220.
deny from 66.208.223.
deny from 66.208.237.
deny from 66.208.246.
deny from 66.208.250.
deny from 66.213.76.
deny from 66.246.218.
deny from 66.255.100.
deny from 66.28.108.
deny from 66.36.212.
deny from 66.36.226.
deny from 66.45.65.
deny from 66.49.33.
deny from 66.55.153.
deny from 66.62.122.
deny from 66.79.179.
deny from 66.79.181.
deny from 66.82.9.
deny from 66.90.15.
deny from 66.92.57.
deny from 66.98.164.
deny from 66.99.246.
deny from 67.106.209.
deny from 67.112.152.
deny from 67.112.95.
deny from 67.121.227.
deny from 67.15.121.
deny from 67.15.62.
deny from 67.173.254.
deny from 67.175.253.
deny from 67.18.98.
deny from 67.19.156.
deny from 67.42.10.
deny from 67.89.45.
deny from 68.111.152.
deny from 68.121.75.
deny from 68.20.44.
deny from 68.225.29.
deny from 68.236.162.
deny from 68.38.178.
deny from 68.44.125.
deny from 68.45.8.
deny from 68.52.80.
deny from 68.61.235.
deny from 68.61.244.
deny from 68.81.79.
deny from 68.91.107.
deny from 68.92.13.
deny from 68.96.160.
deny from 68.97.149.
deny from 69.105.144.
deny from 69.110.61.
deny from 69.11.157.
deny from 69.151.128.
deny from 69.168.29.
deny from 69.17.114.
deny from 69.17.55.
deny from 69.17.65.
deny from 69.20.10.
deny from 69.20.59.
deny from 69.219.98.
deny from 69.242.88.
deny from 69.30.124.
deny from 69.30.133.
deny from 69.31.79.
deny from 69.43.144.
deny from 69.48.118.
deny from 69.50.167.
deny from 69.50.171.
deny from 69.50.175.
deny from 69.50.176.
deny from 69.50.180.
deny from 69.50.191.
deny from 69.57.154.
deny from 69.60.117.
deny from 69.64.37.
deny from 69.93.56.
deny from 70.25.214.
deny from 72.36.208.
deny from 72.36.222.
deny from 80.108.20.
deny from 80.171.15.
deny from 80.188.117.
deny from 80.191.218.
deny from 80.198.101.
deny from 80.231.147.
deny from 80.237.140.
deny from 80.245.171.
deny from 80.28.207.
deny from 80.53.1.
deny from 80.53.109.
deny from 80.53.47.
deny from 80.55.233.
deny from 80.55.65.
deny from 80.58.0.
deny from 80.58.11.
deny from 80.58.14.
deny from 80.58.20.
deny from 80.58.21.
deny from 80.58.23.
deny from 80.58.24.
deny from 80.58.3.
deny from 80.58.32.
deny from 80.58.34.
deny from 80.58.4.
deny from 80.58.41.
deny from 80.58.42.
deny from 80.58.50.
deny from 80.58.5.
deny from 80.58.51.
deny from 80.58.9.
deny from 80.77.80.
deny from 80.77.86.
deny from 80.84.154.
deny from 80.96.38.
deny from 80.97.67.
deny from 80.98.53.
deny from 81.115.170.
deny from 81.115.31.
deny from 81.12.246.
deny from 81.168.158.
deny from 81.168.161.
deny from 81.168.203.
deny from 81.168.72.
deny from 81.169.168.
deny from 81.177.16.
deny from 81.177.7.
deny from 81.208.68.
deny from 81.209.141.
deny from 81.255.87.
deny from 81.28.182.
deny from 81.72.65.
deny from 81.72.97.
deny from 81.80.162.
deny from 81.80.26.
deny from 81.8.110.
deny from 81.86.105.
deny from 82.108.214.
deny from 82.127.76.
deny from 82.133.55.
deny from 82.135.201.
deny from 82.141.201.
deny from 82.154.249.
deny from 82.189.120.
deny from 82.201.185.
deny from 82.207.223.
deny from 82.208.174.
deny from 82.209.241.
deny from 82.225.195.
deny from 82.227.130.
deny from 82.231.200.
deny from 82.37.120.
deny from 82.43.155.
deny from 82.76.208.
deny from 82.76.77.
deny from 82.77.200.
deny from 82.80.133.
deny from 82.99.204.
deny from 83.137.59.
deny from 83.146.17.
deny from 83.146.56.
deny from 83.16.145.
deny from 83.217.224.
deny from 83.227.191.
deny from 83.235.54.
deny from 83.65.7.
deny from 84.109.140.
deny from 84.137.235.
deny from 84.189.197.
deny from 84.189.201.
deny from 84.189.209.
deny from 84.189.217.
deny from 84.189.223.
deny from 84.189.224.
deny from 84.189.227.
deny from 84.189.230.
deny from 84.189.232.
deny from 84.189.247.
deny from 84.189.251.
deny from 85.140.21.
deny from 85.154.198.
deny from 85.64.9.
deny from 85.65.149.
deny from 85.65.176.
deny from 12.42.48.
deny from 129.22.182.
deny from 12.96.164.
deny from 136.142.110.
deny from 148.223.103.
deny from 151.164.228.
deny from 159.134.203.
deny from 168.160.229.
deny from 168.243.227.
deny from 193.194.70.
deny from 193.225.206.
deny from 194.210.9.
deny from 195.110.154.
deny from 195.116.244.
deny from 195.135.155.
deny from 195.182.116.
deny from 195.205.195.
deny from 195.206.3.
deny from 195.228.75.
deny from 195.3.97.
deny from 196.36.80.
deny from 198.109.197.
deny from 198.172.147.
deny from 200.13.218.
deny from 200.149.132.
deny from 200.150.135.
deny from 200.153.120.
deny from 200.171.124.
deny from 200.179.220.
deny from 200.181.52.
deny from 200.181.57.
deny from 200.207.80.
deny from 200.251.128.
deny from 200.27.57.
deny from 200.39.103.
deny from 200.42.211.
deny from 200.55.209.
deny from 200.75.13.
deny from 200.95.128.
deny from 201.135.118.
deny from 202.143.156.
deny from 202.162.212.
deny from 202.164.38.
deny from 202.224.222.
deny from 202.56.236.
deny from 202.69.100.
deny from 202.69.168.
deny from 202.7.166.
deny from 202.96.1.
deny from 203.113.132.
deny from 203.125.141.
deny from 203.172.133.
deny from 203.200.218.
deny from 203.215.70.
deny from 203.82.38.
deny from 204.202.252.
deny from 207.175.180.
deny from 208.34.72.
deny from 209.163.221.
deny from 209.242.139.
deny from 209.248.224.
deny from 210.0.199.
deny from 210.118.120.
deny from 210.170.20.
deny from 210.187.65.
deny from 210.212.2.
deny from 210.236.66.
deny from 211.162.17.
deny from 211.250.181.
deny from 211.253.127.
deny from 211.77.44.
deny from 211.94.75.
deny from 212.0.141.
deny from 212.122.76.
deny from 212.138.64.
deny from 213.11.28.
deny from 213.150.173.
deny from 213.25.156.
deny from 216.141.113.
deny from 216.142.47.
deny from 216.142.90.
deny from 216.72.177.
deny from 217.194.137.
deny from 217.91.108.
deny from 218.145.145.
deny from 218.155.4.
deny from 218.248.1.
deny from 218.44.152.
deny from 218.55.115.
deny from 218.62.72.
deny from 219.101.21.
deny from 219.137.154.
deny from 219.142.111.
deny from 219.149.217.
deny from 219.163.101.
deny from 219.37.108.
deny from 219.43.116.
deny from 219.43.204.
deny from 220.135.57.
deny from 220.245.178.
deny from 221.195.72.
deny from 222.163.27.
deny from 222.240.128.
deny from 222.45.58.
deny from 222.53.125.
deny from 24.118.185.
deny from 24.130.45.
deny from 24.163.137.
deny from 24.185.71.
deny from 24.199.143.
deny from 24.20.9.
deny from 60.248.35.
deny from 61.100.187.
deny from 61.14.18.
deny from 61.187.56.
deny from 61.194.17.
deny from 61.208.100.
deny from 61.222.168.
deny from 61.74.253.
deny from 61.80.75.
deny from 62.153.135.
deny from 62.173.235.
deny from 62.212.122.
deny from 62.244.112.
deny from 62.75.220.
deny from 62.93.34.
deny from 63.100.195.
deny from 63.130.248.
deny from 63.144.59.
deny from 63.79.142.
deny from 64.0.224.
deny from 64.175.80.
deny from 64.42.246.
deny from 64.66.0.
deny from 65.113.234.
deny from 65.16.102.
deny from 65.28.213.
deny from 65.78.105.
deny from 65.89.138.
deny from 65.89.174.
deny from 66.134.121.
deny from 66.159.211.
deny from 66.187.104.
deny from 66.190.160.
deny from 66.88.133.
deny from 67.173.67.
deny from 67.175.116.
deny from 67.52.64.
deny from 67.96.201.
deny from 67.96.236.
deny from 67.98.188.
deny from 67.99.34.
deny from 68.106.215.
deny from 68.120.235.
deny from 68.51.74.
deny from 68.78.30.
deny from 69.119.253.
deny from 69.15.27.
deny from 69.167.10.
deny from 69.37.82.
deny from 69.86.23.
deny from 70.185.235.
deny from 71.11.154.
deny from 80.124.153.
deny from 80.229.63.
deny from 80.247.147.
deny from 80.55.114.
deny from 80.58.37.
deny from 80.58.43.
deny from 80.58.8.
deny from 80.98.164.
deny from 81.192.48.
deny from 81.193.115.
deny from 81.199.24.
deny from 81.56.240.
deny from 82.141.232.
deny from 82.225.61.
deny from 82.237.216.
deny from 82.70.4.
deny from 83.145.68.
deny from 84.119.253.
deny from 84.154.21.
deny from 84.189.239.
deny from 85.18.29.
deny from 85.218.20.
deny from 85.44.189.
deny from 18.60.3.
deny from 195.205.195.
deny from 195.206.3.
deny from 200.167.160.
deny from 200.30.173.
deny from 202.108.248.
deny from 202.175.181.
deny from 202.84.38.
deny from 203.101.254.
deny from 203.151.63.
deny from 203.162.92.
deny from 213.56.31.
deny from 60.248.79.
deny from 66.159.224.
deny from 68.20.47.
deny from 69.243.93.
deny from 80.53.57.
deny from 85.218.20.

Dec 10, 2005 07:05

Hi there,

Sorry in advance if this is a stupid question...

If the htsrv folder has some name and another web site uses a (legitimate) trackback pointing to me, then if I rename htsrv to avoid spam comments will it mean that that trackback will no longer work and some people trying to get to my site won't be able to?

Thanks much for any thoughts on this....

Ross
http://blog.rossputin.com

Dec 10, 2005 18:51

rossputin, once a trackback has been done, the location of the htsrv folder is irrelevant. Just for making the trackback the correct/new address has to be used.

Dec 12, 2005 11:52

Apache has to query .htaccess with each and every page it loads on a site, so large .htaccess files can not only slow down page loading, but can also significantly increase server loads.

Managing a large .htaccess with loads of different IP's can also be a real nuisance. However, there are ways of keeping the file as small as possible.

Firstly, check who owns the IP you want to ban. Since you are checking on this, you might as well use the abuse@ contact and let them know that someone from that IP is spamming you. You never know, they might stop the offender.

Secondly, if you see a number of spammers are coming from the same provider, you might like to ban the entire IP range. If, for example, you are seeing spammers coming in from, say the 84.110.10.59 & 84.110.163.68 ranges you may be tempted to ban these ranges by putting 84.110.10. & 84.110.163. in your .htaccess.
However, in the example I have used (for a real spammer) those IP's are coming from the same source - Bezeq International. You could be forever adding IP's from this source at the moment. Instead of adding IP's like that, you can deny the entire netblock.

An example from my .htaccess to block all traffic from Bezeq International until they take some action against the spammers they host, is:

#Israeli spammers
deny from 84.110.80.0/20

This blocks everything in the netblock assigned to them: 84.110.0.0 - 84.110.255.255.

So, when you see multiple IP's that may be coming from the same source, do a whois on them and see if they are part of one netblock - if so, ban that netblock from your site. It's cleaner and makes it easier for you to read and modify your .htaccess file.

Dec 14, 2005 22:17

yes, absolutely, elpie is correct. that .htaccess wil slow down your page load times noticably; you might even run the risk of causing a few timeouts on the actual lookups.

I currently block 40 or so of the worst domains (using regexs and whatnot), while also having added a few notorious tlds to take care of the rest. I also block 3 specific ips (right now). As far as the ips go, I find I can remove them after a few weeks as whoever is behind them gets the message, and eventually just goes away.

Jan 06, 2006 17:27

business.dynamics wrote:

what am I doing wrong please?

What is wrong please?

Jan 06, 2006 17:29

At least from

Code

RewriteCond %{HTTP_REFERER} ^(.*)  hotelgaydays.com  (.*)$ [NC,OR]
downwards you have a TAB where it should not be.

Jan 07, 2006 04:36

blueyed wrote:

At least from

Code

RewriteCond %{HTTP_REFERER} ^(.*)  hotelgaydays.com  (.*)$ [NC,OR]
downwards you have a TAB where it should not be.

damn. you mean I have to remove the tab?

Jan 09, 2006 01:00

blueyed wrote:

At least from

Code

RewriteCond %{HTTP_REFERER} ^(.*)  hotelgaydays.com  (.*)$ [NC,OR]
downwards you have a TAB where it should not be.

FANTASTIC! Worked a treat once I removed those TABs. Many thanks! :)

Jan 20, 2006 01:42

It appears there are a bunch of us having big problems with this comments spam. I have done most of the stuff that has been suggested and shortly thereafter it is back. I am not a programer but it seems like it is probably time for an upgrade that incorporates some feature that prevents 100s of spam comments. Even the ones that have link are a pain to have to constantly clean up. The ones without a link have to be manually removed. I have finally temporarily taken down my blog so I can get a break. H E L P !!!! :(

Jan 20, 2006 02:33

Currently DNS blocklists seem to be a good blocker against it.
There are hacks in the forum and Phoenix-beta will have a plugin for it.

Feb 08, 2006 05:09

Okay, I tried to find this specifically, but it's rather hard to search it here..

Can anyone tell me the difference between www.mywebsite/news, and www.mywebsite/news/index.php ?

Background and clarification in brief:

We use B2Evo for my sites news page. We do not need or use any of the classic blog features (I guess you'd call them that). It is just a really handy and friendly program for my non web savvy news writers to use to post articles. That's what we use it for, and it works great.

We do not need any of the comments stuff, refferal stuff, trackback stuff... etc. We just want a program that allows access to specific users so that they may write and publish articles for our membership to read. Simple.

When we first started getting smacked with referal spam, it all came to /news and it appeared in the stats on the blog. I dropped the stats off the front page skin, but they still hammered away at us and showed up in the stats inside the admin section. I battled it via the blockers and such religiously, but it barely subsided.

I found a way to get rid of most of it via an Htaccess script, and for awhile it slowed.

But, shortly thereafter it starting coming to /news/index.php instead. And it is just a tidal wave of hits. Also, now it rarely shows up in my admin stats inside B2Evo. I know it is coming in because it appears all over my main logs for the whole site. All hits are to news/index.php and there are tons and tons of them. It has crashed a server.

Now I am learning all of this as I go, and it is a slow process indeed. But I cannot figure out what the difference is here that has caused this, how to stop it (it is using up all my bandwidth.. the host threatened to drop our site), and how to keep using B2Evo (which frankly I love).

I have followed as many of the suggestions here as I am able to figure out. It isn't working (likely because I lack the skills to implement or understand the more complicated processes).

So.. can anyone tell me what the deal is with the hits to news/index.php, why it changed from /news, and also how I may eliminate the spam problem in my case where I only need the publishing tools? Can I remove files entirely that relate to this problem and still preserve the uses that we need?

Please help.

Thank you,

wmw

Feb 08, 2006 05:28

for all intents and purposes there is no difference between www.mywebsite/news, and www.mywebsite/news/index.php

For example, go to www.yourwebsite/news/ and you will see the hit in your logs either at /news/index.php or /news (depending on what you are using to look at your logs, or if you are viewing your raw logs)

the browser doesnt care.

Apache is typically set up to have default pages so that hits to a directory, in your example, news/ actually takes the person doing the browsing "someplace" other than just a list of files inside the directory. Those placeholders, if you like, are typically index.htm, index.html, or index.php

You cannot really remove index.php without specifying something else to fill its place, though in an extreme case that could certainly be done. It would take a little bit of editing though.

Drop me an email if you like, use the form on my contact page, or simply email me using the link here on the forum, and give me an idea of the domains that are hitting you, any ips, whatnot, and I will try to hook you up with some simple .htaccess stuff that will probably help.

Referer spam is nearly impossible to defeat though.

Feb 08, 2006 05:45

Thanks. I will contact you.

If it is impossible to beat, can I not remove the (for lack of a better way to put it) "refferal parts" of the B2Evo? Can I excise the pieces the spam bots are attracted to and thus exploiting?

I mean, the only hits to our site that are not from direct members are to news/index.php, so they are attracted to something specific in its files. If I could remove those bits... but still maintain the usage as a publishing tool. (?)

Truthfully my most direct option would be to stop using B2Evo for the news page. But damnit, I don't want to drop it over this. I like the program.

Ideas?

wmw

Feb 08, 2006 06:03

one thing you could do is move it completely to another location. Assuming your audience can be contacted to let them know the new url, why not move it to yourdomain/something-else-here

spam bots hit /news .. theres nothing there. they get a 404. simple enough.

I can tell you though that blogs are not discovered by spam bots out of the blue. Just like an email adress, once the link (in this case) is out, the spam will eventually come

You can certainly remove the referal stuff, stats and whatnot, from b2evo, but that wont make them go away. Reme, its really just a script. They dont know the difference. They work "quantity NOT quality", so the more sites they hit, statistically, the more chance that one of the hits achieves their goal; stopping to see if it actually is working is something not usually done.

Ideally, to save your bw, you need to send them a 404 (access denied) or a 301 (please go away now). Once theyve hit a "real" page on your site, theyve usurped bandwidth. Even 404s and 301s wont keep them out of your Raw Apache logs though, but it will minimize bw theft.

---

Again though, removing your /news/index.php is NOT an option. Your b2evo will "break" if you do so without making other adjustments.

send me off as much info as you can... web sites, etc..worst offenders. Ill definitely take a look. Im off to sleep shortly though and have a semi-busy day tommorow but will get back to as soon as Ive had a chance to look at whatever you send.

dont dispair.. though it cannot be completely eliminated, it can be "controlled".

I should add also that spam doesnt care what app youre using. You could delete b2evo, install wordpress, use the same set up basically, and you would still see the spam. Especially when you are talking about referer spam, its very indiscriminate.

Feb 08, 2006 18:16

Re: Moving the B2Evo

That sounds like an excellent option to me, and I would like to try it. In fact, I did try it and had a little issue that I'm sure would be easy to resolve if I better understood what I was doing. :-/

I changed the folder name for the B2Evo install from /news to /whatever, and then of course just adjusted the blog link on my portal to reflect the change, and voila!

But... when the B2Evo is refreshed, the skin dissappears. Permanently. Everything is fine in every other functional respect, but the page has a plain white background suddenly and a serious lack of attractive.

Oh, and I cannot log in to admin. I get an error page.

What am I missing here? I am sure there is a simple series of steps one can (and must) use to change the url for B2Evo, but my method is obviously flawed.

Suggestions? Course of action?

Thanks!

wmw

Feb 09, 2006 06:32

OK!

I did recieve your email, and took a look at what you sent me ...I would have replied privately but this info is good for anyone that might wonder what theyre seeing in their logs.

For starters, you said in your email that you do not see these hits in your b2evo stats but in your server logs..

thats because....(quick paste of one of your hits)

Host: 218.21.93.97

/news/index.php
Http Code: 403 Date: Feb 07 22:57:49 Http Version: HTTP/1.1 Size in Bytes: 3069
Referer: http://removed-by-whoo.net
Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.0.2914)

See the Http Code: 403 ??

That means that the browser was sent an "access Forbidden" message. In other words, they were turned away at the front door. They never actually got to the requested page.

In fact, all of the hits you sent me got 403. That tells me that youve read this thread and done some work on your .htaccess, or youve done some reading elsewhere, OR your site was completely unaccessable.

Strictly speaking on bandwidth, you really only need to worry if you see those sorts of hits and they are getting Http Code: 200

200 means they got in the door

Additionally, in the quote above you'll notice the number 3069. That the amount of bandwidth they sucked off you, 3K, approximately. Not too much really in the grand scheme of things, unless you were hit 1000 times a day by them.

---------

As to your question above, you may have physically moved b2evo and all the files to another subdirectory, but unless you make the necessary changes to your conf/_config.php file to show the new base url

hope that helps!

Feb 10, 2006 16:51

whoo wrote:

See the Http Code: 403 ??

That means that the browser was sent an "access Forbidden" message. In other words, they were turned away at the front door. They never actually got to the requested page.

Yes, I noticed that they are getting turned back now (after a recent adjustment or three), but they are still clogging my stats like crazy. I am guessing from your previous post on this that if I continue to turn them away that they will eventually at least partly give up?

In fact, all of the hits you sent me got 403. That tells me that youve read this thread and done some work on your .htaccess, or youve done some reading elsewhere, OR your site was completely unaccessable

.

Oh, I have certainly read this thread. No doubt about it. This has been my number one resource in the fight. I just wasn't sure (until now) if I was doing everything correctly. Could it be said that I can tell my host that the problem has been resolved as much as it can be? I'd like to give them some positive reports for a change. :)

Strictly speaking on bandwidth, you really only need to worry if you see those sorts of hits and they are getting Http Code: 200

Got it. Will watch for this intently.

Additionally, in the quote above you'll notice the number 3069. That the amount of bandwidth they sucked off you, 3K, approximately. Not too much really in the grand scheme of things, unless you were hit 1000 times a day by them.

Oh, in some cases they have hit me to the tune of hundreds from a hundred different URLs, but if they are being turned back, then I am happy.

As to your question above, you may have physically moved b2evo and all the files to another subdirectory, but unless you make the necessary changes to your conf/_config.php file to show the new base url

Ah, that would explain it. Yes, I can see where that would be my oversight.

hope that helps!

Oh, it most certainly does. You have been an enormous help here, and I thank you for your time. I can say with certainty that you have been the most helpful and thorough admin of any support forum I have visited. I leave impressed.

Thanks again,

wmw

Feb 10, 2006 18:27

hahaha well dont leave!!!

I would explain to your host that you have little control over referer spam (they SHOULD already know this) and that EVERY site gets it (they should already know that) and that yes, theyre clogging your raw Apache logs but that the bandwidth IS being minimized (the 404s) (if they looked at your logs, they should know that also)

Assuming you dont exceed your current bandwidth allocation, and you can stomach seeing the hits when you look in your log (that takes practice), no harm, no foul.

I should tell you though, that no, they wont go away. Like I said, its a matter of quantity not quality. Unfortunately, the dont know theyre getting 404s or 301s.

Moving your install will help immensely, but will only work until the url is "public knowledge again); I do believe personally, that blogs that are "hidden" in directories tend to fare better than blogs at the root level. No guesswork involved, they can just hammer away at the domain.

Feb 10, 2006 22:01

I have a question regarding item 3 in the very first post: "Using an .htaccess, fix it so your comments can ONLY be called locally".

I have 3 installations running at one host location. One in the root, one running in a folder as a folder, and one running in a folder as a different domain name. How would one craft the .htaccess to allow comments from each of these three flavors?

For example pretend the installations are domain.com and domain.com/folder and other-domain.com. I'm guessing it'd be something like this:

Code

RewriteCond %{HTTP_REFERER} "!^http://www.domain.com/.*$" [NC]
RewriteCond %{HTTP_REFERER} "!^http://www.domain.com/folder/.*$" [NC]
RewriteCond %{HTTP_REFERER} "!^http://www.other-domain.com/.*$" [NC]
RewriteCond %{REQUEST_URI} ".*comment_post.php$"
RewriteRule .* - [F]

Also what about that www thing? I don't really need it there do I? I mean since my baseurl doesn't have it and I don't bother with it wouldn't it be kinda silly to throw a few into the .htaccess file?

Feb 10, 2006 22:44

you have a seperate .htaccess in each blog root directory? or just one in your www_root?

Feb 10, 2006 22:52

As things stand now just one. AFAIK I can do one in each folder, but wouldn't the root one rule over the foldered ones? Or does it happen that if a link points to a folder (either url'd as a folder or as an add-on domain) then a foldered .htaccess will be king of the hill for a few milliseconds?

Scuse me for not having a clue but I basically never learned anything about .htaccess stuff. I'm running CVS versions now and would rather not have to keep track of a bunch of hacks, so the simple rename tricks are sort of off-limits to me for a while. Therefore I am getting bunches of comment spams again, and IMHO they are the worst to deal with because I have to click several different times to make them go byebye. I'm lazy is the thing.

Slightly related: I once had some bookmarks to groovy explanatory pages about .htaccess but lost them with the death of my old PC. Anyone out there got their favorite how-to .htaccess links handy?

Feb 11, 2006 05:44

RewriteCond %{HTTP_REFERER} "!^http://www.domain.com/.*$" [NC]
RewriteCond %{HTTP_REFERER} "!^http://www.domain.com/folder/.*$" [NC]
RewriteCond %{HTTP_REFERER} "!^http://www.other-domain.com/.*$" [NC]
RewriteCond %{REQUEST_URI} ".*comment_post.php$"
RewriteRule .* - [F]

ok, so the 2 blogs that are on the same domain -- since you really just want to make sure that referring page is own your domain (somewhere), you shouldnt have to worry about that second line above. does that make sense?

you could even do it similar to a hotlinking situation:

Code

RewriteCond %{REQUEST_URI} ".*comment_post.php$"
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !domain1\.org [NC]
RewriteCond %{HTTP_REFERER} !domain2\. [NC]
RewriteCond %{HTTP_REFERER} !domain3\. [NC]
RewriteCond %{HTTP_REFERER} !domain4\. [NC]
RewriteRule (.*) http://www.send-them-somewhere.com

Feb 15, 2006 14:47

whoo wrote:

hahaha well dont leave!!!

Oh, I'll be reading for sure. You can count on that. I have a lot to learn.

I would explain to your host that you have little control over referer spam (they SHOULD already know this) and that EVERY site gets it (they should already know that) and that yes, theyre clogging your raw Apache logs but that the bandwidth IS being minimized (the 404s) (if they looked at your logs, they should know that also)

I agree, but "should know" and "do know"... well, you get the idea. Some of the help folks there are knowledgeable, and others are... not so helpful. I often get conflicting info dependent upon who answers my queries.

Out of the blue one guy sez "We are taking you offline! You are making the server crash! You are a bad client! Jerk!"

And then another guy sez, "Uhmm.. sorry about that guy. We had a meeting and decided you are fine and we were wrong and he didn't know what he was talking about. Sincerest apologies! Can we buy you lunch or something? Perhaps a backrub?"

So it is a mess. I like the host a lot save for when there are issues like this.

Assuming you dont exceed your current bandwidth allocation, and you can stomach seeing the hits when you look in your log (that takes practice), no harm, no foul.

It's not easy, but I'm learning. The main gripe I have is that it is hard to tell whether the hits we get one month are coming from a promotion we have going on, or an italian porno spammer.

Moving your install will help immensely, but will only work until the url is "public knowledge again); I do believe personally, that blogs that are "hidden" in directories tend to fare better than blogs at the root level. No guesswork involved, they can just hammer away at the domain.

Yes, I am going to do this. And soon. It is not really a problem for us to move it often. I could do it every six months. Only our core users read the newsblog, and they will link to it off the portal. So as long as everything is set on my end..

It does make it difficult for those that bookmark every site they read, but.. those are the breaks.

Thanks again.

wmw

Feb 20, 2006 00:37

whoo wrote:

...

ok, so the 2 blogs that are on the same domain -- since you really just want to make sure that referring page is own your domain (somewhere), you shouldnt have to worry about that second line above. does that make sense?

you could even do it similar to a hotlinking situation:

...

Yeah that made sense, so the only issue was allowing commenting on the second domain name. So does doing it like my .htaccess currently allows image linking on a handful of domains, so I just now implemented it. At the simplest level I verified I could comment on both blogs via the human method: clicking the permalink and typing text and clicking submit. In a day or so I'll know if I've shut out the evil doers who punch in comments directly by either getting none or getting some.

Feb 20, 2006 00:59

Just an update on the original post..

I was initially sending back blocked ips and referers to their originating IP, like so:

Code

RewriteRule ^(.*) http://%{REMOTE_ADDR}/ [R=301,L]

You may need to read the first few posts for context on that rule.

After some thinking I decided I didnt like that idea since 99% of the hits I wanted to block were coming from proxy ips. Punishing the proxies seemed like an ass-backwards way of doing things, wouldnt I rather punish the site?

As a result of that thinking, Im now sending them back to the refering domain.

Code

RewriteRule ^(.*) %{HTTP_REFERER} [R=301,L]

this is much more fun, since the entire chunk of code was intended to screw with referer spam anyway. Now they too can see their hits.

--

Ive also added a few more tlds to the blocked list:

Code

RewriteCond %{HTTP_REFERER} \.by [NC,OR]
RewriteCond %{HTTP_REFERER} \.su [NC,OR]
RewriteCond %{HTTP_REFERER} \.to [NC,OR]
RewriteCond %{HTTP_REFERER} \.ru [NC,OR]
RewriteCond %{HTTP_REFERER} \.us [NC,OR]
RewriteCond %{HTTP_REFERER} \.tf [NC,OR]
RewriteCond %{HTTP_REFERER} \.info [NC,OR]

.to is full of pharmacy spam -- its worth every penny to block it.

Feb 20, 2006 15:27

regarding the last bit - blocking specific tlds. Will these also block subdomains of domains that start with the 2 letters? For example won't "RewriteCond %{HTTP_REFERER} \.to [NC,OR]" also nail something like "billybob.totally_normal_site.com"?

The reason I ask is more than just technical questioning. Inside the b2evolution keyword list we see that "weblog.ru" is banned, but we get reports from a user who happens to have be something like "weblog.rufus.com" (though it's not rufus - I just don't have it in front of me and don't feel like looking).

Feb 26, 2006 22:53

Ive noticed that the attempts at referer spam are about the only thing Im seeing these days.

I went through about 3 days of pill spam, followed by nearly 3 days of casino spam, and now its insurance spam.

Fortunately for me, Im blocking A LOT of ips in my .htaccess and 99.999% of the spammers are getting 403s

additions follow:

Code

deny from 65.68.2.194
deny from 218.19.56.143
deny from 63.86.149.132
deny from env=keep_out
deny from 194.44.33.132
deny from 72.232.43.178
deny from 85.255.113.154
deny from 24.160.0.0/13
deny from 24.168.0.0/15
deny from 24.170.0.0/17
deny from 61.224.0.0/16
deny from 62.103.0.0/16
deny from 62.193.231.0/24
deny from 63.230.254.0/23
deny from 64.147.9.0/24
deny from 64.160.0.0/12
deny from 65.75.146.0/24
deny from 65.110.59.64/28
deny from 66.35.192.0/18
deny from 66.135.32.0/20
deny from 67.43.0.0/20
deny from 71.99.230.0/24
deny from 80.58.0.0/16
deny from 80.86.96.0/20
deny from 80.96.32.0/19
deny from 80.237.128.0/17
deny from 80.245.160.0/20
deny from 81.8.0.0/17
deny from 82.208.174.0/24
deny from 83.217.224.0/21
deny from 84.240.0.0/18
deny from 85.255.
deny from 84.252.128.0/18
deny from 85.64.0.0/15
deny from 129.250.0.0/16
deny from 146.82.0.0/16
deny from 148.201.0.0/16
deny from 148.202.0.0/15
deny from 148.204.0.0/14
deny from 148.208.0.0/12
deny from 148.224.0.0/12
deny from 148.240.0.0/13
deny from 148.244.0.0/16
deny from 148.248.0.0/15
deny from 148.250.0.0/16
deny from 153.1.62.0/24
deny from 192.204.0.0/16
deny from 194.242.104.0/23
deny from 195.95.218.0/23
deny from 195.175.0.0/17
deny from 195.215.8.0/24
deny from 195.229.240.0/22
deny from 195.245.160.0/19
deny from 196.40.0.0/18
deny from 196.200.0.0/13
deny from 200.12.224.0/20
deny from 200.30.64.0/20
deny from 200.35.81.0/24
deny from 200.35.88.128/29
deny from 200.77.144.0/24
deny from 200.81.94.0/23
deny from 200.114.224.0/19
deny from 203.92.53.0/24
deny from 203.125.88.0/24
deny from 203.190.0.0/16
deny from 203.199.0.0/16
deny from 204.186.238.0/24
deny from 205.177.0.0/16
deny from 205.236.116.0/24
deny from 66.179.81.100
deny from 207.71.248.0/24
deny from 207.248.128.0/28
deny from 207.248.224.0/19
deny from 210.196.191.0/24
deny from 210.212.0.0/16
deny from 211.37.0.0/16
deny from 211.38.0.0/16
deny from 211.39.0.0/16
deny from 211.232.201.0/24
deny from 212.0.136.0/22
deny from 212.138.47.0/24
deny from 212.175.0.0/17
deny from 212.191.0.0/17
deny from 213.30.43.0/24
deny from 213.130.96.0/19
deny from 213.139.192.0/20
deny from 213.179.224.0/19
deny from 216.7.169.0/24
deny from 216.58.128.0/19
deny from 216.58.160.0/20
deny from 216.136.2.0/24
deny from 217.67.16.0/20
deny from 217.77.196.0/24
deny from 218.36.0.0/14
deny from 218.232.0.0/15
deny from 219.93.174.0/23
deny from 219.93.192.0/18
deny from 219.238.0.0/16
deny from 219.239.0.0/16
deny from 220.99.102.0/24
deny from 220.110.186.0/24
deny from 220.135.0.0/16
deny from 222.96.0.0/12
deny from 222.112.0.0/13
deny from anonymizer.com
deny from tm.net.my
deny from 12.175.0.44
deny from 17.112.171.61
deny from 24.30.85.166
deny from 24.58.150.3
deny from 24.63.109.156
deny from 24.98.211.42
deny from 38.118.3.16
deny from 61.150.115.245
deny from 61.221.30.167
deny from 62.24.96.134
deny from 62.78.78.1
deny from 62.97.72.76
deny from 62.119.28.160
deny from 63.207.250.71
deny from 63.247.74.90
deny from 64.5.245.10
deny from 65.19.150.243
deny from 65.43.175.132
deny from 65.61.84.183
deny from 65.73.182.217
deny from 65.75.166.200
deny from 65.75.166.201
deny from 65.110.59.79
deny from 66.17.15.154
deny from 66.30.83.215
deny from 66.36.230.58
deny from 66.61.4.194
deny from 66.169.7.138
deny from 66.202.75.19
deny from 66.246.252.86
deny from 66.246.252.87
deny from 67.10.30.59
deny from 67.98.188.106
deny from 67.166.118.146
deny from 68.40.231.7
deny from 68.70.59.226
deny from 68.121.75.73
deny from 68.207.135.232
deny from 68.226.87.244
deny from 68.227.128.65
deny from 68.251.55.184
deny from 69.50.180.186
deny from 69.175.40.86
deny from 70.178.75.148
deny from 70.181.224.201
deny from 70.240.240.60
deny from 81.169.165.214
deny from 81.178.138.120
deny from 81.224.189.250
deny from 82.117.194.66
deny from 82.152.182.79
deny from 82.182.141.111
deny from 82.225.195.182
deny from 84.148.57.201
deny from 84.148.83.166
deny from 84.148.114.177
deny from 84.233.148.23
deny from 87.202.28.13
deny from 140.96.178.113
deny from 193.136.157.2
deny from 195.24.194.5
deny from 195.182.116.135
deny from 196.36.80.164
deny from 199.4.160.10
deny from 202.95.176.242
deny from 202.111.183.140
deny from 202.139.41.202
deny from 203.167.253.98
deny from 203.172.200.210
deny from 207.160.224.236
deny from 209.221.39.143
deny from 210.17.210.134
deny from 210.82.214.236
deny from 213.81.187.192
deny from 213.113.41.173
deny from 213.139.192.139
deny from 216.118.117.66
deny from 216.130.129.33
deny from 216.239.175.244
deny from 217.73.97.100
deny from 217.107.222.75
deny from 218.39.166.52
deny from 219.116.96.132
deny from 219.149.233.179
deny from 219.240.1.24
deny from 219.251.131.219
deny from 222.45.33.43

Most of the ip ranges were gleamed off another site, and I have not checked for duplication. Ive also not verified that some of the netmasking doesnt block legitimate visitors.

However, I can attest to the fact that the spammers are not getting thorugh, which is a fair tradeoff for me.

Mar 02, 2006 15:23

is is possible for me to test whether or not my htaccess has effectively blocked a comment post that doesn't have a referrer of my domain? I've installed it without error, but I'm not seeing a drop in spam...

Mar 03, 2006 00:55

thanks whoo

Also, would it be effective to place the .htaccess file that filters IP addresses within the htserv folder to minimize the load on the server while using the remaining methods on the blog root?

Mar 03, 2006 02:14

you could do that BUT, if you watch your logs you will notice direct hits to your archives, which takes up bandwidth, especially if you get enough spam attempts.

Personally speaking, I prefer to not even let them get that far.

Mar 24, 2006 03:14

So anyone experienced this lately?
I was hit by the spam bots via trackbacks yesterday (my time). I blocked them out from the comments now they're spamming me via my trackbacks.

:/

Mar 24, 2006 09:17

spam bots are attacking my trackback... argh...

anyone experiencing this?
solutions?

:/

it's the third time in 24 hours.

Mar 24, 2006 10:25

It's nothing new. In fact it's almost as old as trackbacks :( Either turn off trackbacks or ban/delete/report them through the antispam utility.

Mar 24, 2006 17:32

I'm also being flooded with more trackback spam than normal over last few days. How does one turn off trackbacks completely? I've already changed the htserv folder name (numerous times) and these new spammers find the right directory anyway. People have been saying this since a post I read in 2004, but there needs to be a single button that turns on/off comments and trackbacks for ALL posts. Doing it individually for hundreds of posts is insane.

Mar 24, 2006 20:01

Ive seen an uptick in trackback spam too the last couple days ..

there are a couple quick things you can do to help that have been covered here and elsewhere but ...

a real nifty fix would be for me to get to work on the unique trackback url for b2evo thing I have working on my wp blog. Two days ago, I think every post I have got hit, and none stuck, because they didnt send the trackback correctly (no unique url). Similar thing happened yesterday with about 20 posts.

Ive mentioned this before but heres how it works:

1. Javascript is needed to generate a unique, randomly generated trackback url.

2. Trackbacks that are sent using the "old" but still available trackback url without the randomly generated query string go to /dev/null automatically. The only thing I see is the emails to a gmail account. The purpose of the email is so I can snatch ips easily for other things. Mass deleting emails from gmail is a 2 click operation.

3. Properly done trackbacks go through.

Its a marvelous solution, and something I had wanted to work on a few weeks back and didnt get to. Even though my mom is in hospital, this weekend is looking better, and I have a copy of 1.6 installed to give it a go with. I will start this evening after visiting hours are over.

------------------------

The ip that hit every post 2 days ago came back for more:

Code

Host: 195.225.176.160
    
/archives/2006/02/19/audioscrobbler/spongebob/
  Http Code: 403   Date: Mar 24 12:05:55   Http Version: HTTP/1.1   Size in Bytes: 1037
  Referer: -
  Agent: WordPress/2.0.1
.... and so on and so on ...

The email paid off, i added it to my .htaccess

Notice also, no randomized tb url either :P

Mar 24, 2006 23:30

I'm pretty sure there has always been an option on your blogs--select blog--advanced tab to turn off trackbacks and pingbacks for the entire blog. It seems that global comment control is coming, but if you're using a .9.* version there was a hack to automagically close comments after a certain age that you get to pick.

Mar 25, 2006 11:31

hmm, this is sad though, I do not want to turn-off my trackbacks since it's useful for both parties (me and readers).

Looks like I have to resort to banning IP Addresses via .htaccess, problem is, what if the IP Address was from an existing reader, or server, or whoever. :/

I wish it isn't against the law to wipe out these people doing spams. :((

Mar 25, 2006 11:35

Cool. And I pray for your mom.

That will be a cool improvement for trackbacks. Maybe it'll be what captcha is to comments nowadays, who knows? ^_^

---
Yah, from same IP: 195.225.176.160

I have to resort in banning the IP via .htaccess as well for now, hopefully it isn't someone else's IP these spammers are hiding behind to cover themselves.

:/

THanks again, I hope I can help in the dev of your new anti-trackback-spam tech.

Mar 25, 2006 13:10

There's a whoo-hack to rename your htsrv folder. You do an edit to one file in the conf folder (either _admin or _advanced) to tell a variable that /htsrv/ is now something new, then you change the folder name to match the new variable. It'll give you short term relief, which is better than nothing.

I'm sure you're keeping your antispam stuff up to date, so I won't waste anyone's time by prompting that again ;)

Oh and I'm sure you're hip to banning .badsite.tld instead of each and every subdomain badsite might choose to hit you with so I won't bother reviewing that either :roll:

Somewhere on my http://wonderwinds.com/hackblog.php I've got my "antispam rechecker for dawn". It won't stop any spammers, but once you get an update it'll allow you to very easily purge your hitlog and comments (and trackbacks I think) of any matching referers. This is rather important lately since it seems there are a handful of new domains (with dating in the name mostly) that are simply smothering the world with HUNDREDS of subdomains, and I think they're especially focused on trackbacks.

Hundreds. In fact I think I'm up to a thousand different reports that are all covered by SIX keywords. The trick is to get the keywords then get the crap out of your database.

Mar 25, 2006 16:06

Some pornographer has been attacking my Trackbacks for the past few days. I've blacklisted them, but it seems as if I'm getting two new posts for every one I delete.

The IP address is all the same: 195.225.176.160.

Is there a way to nuke the IP rather than deal with the infinate combinations of subdomains this idiot's robot keeps issuing?

Much obliged.

Mar 25, 2006 17:00

You can block an IP using .htaccess, and some hosts offer an IP blocking feature. Mine offers it as a utility through cpanel. It writes the .htaccess that blocks IPs.

As to subdomains: don't block each subdomain - instead nail the domain itself. In other words hornymom.pornsite.info and nakedteen.pornsite.info will both be blocked by either pornsite.info or .pornsite.info. I'm partial to the second version, and that'd be the version that I would turn into a keyword, but both are equally valid. In fact you can simply ban pornsite if you wanted.

Well over a thousand reported spammers that are now blocked with SIX keywords, so update your antispam table until you only get one response that is "not needed - already handled". It won't clean up the junk that's assaulted your blog, but it will (er... might) stop the assault.

Mar 25, 2006 17:16

EdB wrote:

You can block an IP using .htaccess, and some hosts offer an IP blocking feature. Mine offers it as a utility through cpanel. It writes the .htaccess that blocks IPs.

What does your .htaccess file look like? I am no programmer, but can create such a file.

Mar 25, 2006 17:33

Let's hope someone else comes along and shows the IP blocking bit because I don't use that feature. To my way of thinking it is too generic, meaning too likely to also block a non-spammer.

Hopefully someone will show the code! It's not complicated or anything - it's just that since I don't have any blocked IPs I can't say "this is it" for ya.

Mar 25, 2006 19:33

blocking 195.225.176.160 wont mess with anyone "real". Dont worry. :)

Im presently grabbing the cvs version to work on this with, since there is already a few hooks added that I need. Since I have those to work with and the captcha plugin to compare to, this prolly wont be too hard, even for someone as simple-minded as myself :P

Mar 26, 2006 19:22

This has been the exact thing that has happened to me over the last few days, with the exact same IP address too. My problem is that I am rather rubbish at programing and stuff - and whilst I can see that you've given great help Ed, I don't even know where t start! Plus, when it comes to getting rid of the hundreds oftrakbacks and comments which have come to this IP address I don't know how to get rid of them other than deleting them individualy, which is madness as at the last count I think there were about 2000 over 3 days :(

Mar 26, 2006 19:25

Ooooh, have just managed to block the IP address from my Cpanel - fingers crossed it doesn't block my viewers also. Now, how do I get rid of the comments? Hmmmmm?

Mar 26, 2006 20:45

Through phpmyadmin you can axe all those comments at once. :D

Mar 26, 2006 21:10

I'll be they're all sites like "whatever.somesortofdating.info" - right? I've seen literally THOUSANDS of different subdomains (the "whatever" portion) over the past few days. All of them come from maybe 15 domains, so don't waste your time with banning the subdomains individually.

Just ban the domain name part as in "somesortofdating.info" via your antispam tab. You could also ban "somesortofdating" to catch the ones that are doing a com and a net and an org.

Of course nuking everything via phpmyadmin will also work.

Mar 26, 2006 23:42

I thought he was a referring to already posted comments. A couple hundred of those can take awhile to delete individually.

Mar 27, 2006 02:51

Here's an .htaccess file I'm using on one blog. Please note that it blocks al lof 202 and 203 tlds and most people won't want to throw out that much baby.

I use mod rewrite to prevent specific types of attaks. If anybody has any questions about this I'd be happy to go into more detail.

Code

[scherry@borg seat]$ cat .htaccess
AuthName "Seat of the Revolution"
AuthType Basic
 
RewriteEngine On
RewriteCond %{HTTP_REFERER} "!^http://seat.defcode.com/.*$" [NC]
RewriteCond %{QUERY_STRING} ".*disp=stats.*$"
RewriteCond %{REQUEST_URI} ".*comment_post\.php$"
RewriteRule .* - [F]
 
<Limit GET POST>
order Allow,Deny
allow from all
 
deny from 202.
deny from 203.
 
# lots of traffic / wget spider maybe
deny from 82.194.62.17
</Limit>

Mar 27, 2006 06:14

not sure why youre blocking 202/203.. that includes a lot of folks from australia, india, etc.. Im guessing its to keep someone from China out (that alone wont stop em btw) :P

I block all of Brazil, but I do it very specifically so that no other "good" countries are impacted. It was more work for me to do but its worth it.

as for the mod_rewrite rules, its already been touched on here. Youre doing exactly what Ive suggested doing for what feels like forever.

Mar 27, 2006 07:48

whoo wrote:

not sure why youre blocking 202/203.. that includes a lot of folks from australia, india, etc.. Im guessing its to keep someone from China out (that alone wont stop em btw) :P

It's really a reaction to the origin of the bulk of the spam this blog gets. Since there's no way to update my blacklist via cron with 1.6 I see this as a stopgap measuer. I'm trying captcha right now so I should probaby remove those and see what happens.

Mar 27, 2006 11:05

hnmmm yah, 203. and 204. belong to the Asia-Pacific region ^_^
That will be East Asia (including India) and the Orient (polynesia, melonesia, blah blah-nesia), Aus, New Guinea and NZ.

I think the range 202-205 is the Asia-Pacific region.

^^

Mar 27, 2006 11:18

... that or just be more narrowed on what you block.

Mar 27, 2006 16:25

mrdav wrote:

I thought he was a referring to already posted comments. A couple hundred of those can take awhile to delete individually.

Yes, which is how you know which domain to ban. ban/delete/report with the delete part being the bit that'd clear up the junk.

Apr 05, 2006 11:41

I have a nifty little script set up that will provide complete ip ranges of specific countrys. I prefer not to provide the url since I dont have it set up to do anything except write to the directory at this moment. Im going to switch that so that it will email or something else, but for now, if anyone is looking for a specific ip range, just drop me a pm and give me the country and I can get back to you with results.

It will not do ip-range to CIDR translations though (what you really to have for using in an .htaccess), so thats up to you. There are a cpl scripts that do that, and a windows application also though that I can point you to. That tends to be the tedious part of country specific banning.

There are some upsides though to doing this, as Ive stated before. Its just a fact that some countries have more open and abusive proxies than others, and consequently they are responsible for more spam. Malaysia is a great example, for instance. And god knows I dont see a single "regular" hit from anyone with a Malay ip.

Anyway, eventually, I'll have this set up so that it will output the text directly, but for now, drop me a pm if youre interested. Or even here, for that matter

PS: I mean no disrespect to anyone that happens to be from Malaysia or Brazil, btw -- it's nothing personal, its just that your ips tend to be largely, shall we say, "mismanaged".

Apr 11, 2006 00:03

whoo wrote:

I have a nifty little script set up that will provide complete ip ranges of specific countrys . . .

That's pretty cool. I'll take you up on that.

Apr 14, 2006 08:11

Code

RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)cialis(-|.).*$ [NC,OR]

I am trying out this type of blockage but failed miserably in my first effort. Second round is active now, so time will tell, but I'm curious about the syntax used. Some is obvious, some not.

Code

^http://(www\.)?

This means the referer must have http:// and might have www. - right?

Code

.*(-|.)cialis(-|.).*

The first and last dot are like seperators for different bits of the equation, the stars are wildcards meaning "anything or nothing", and the (-|.) bit means "must match this or that" - right? In other words this line won't block something like http://cialis-rocks.tld because there is no dash or dot preceding the bad word.

If all goes well, meaning if I stop seeing proof that I can't stick this in my .htaccess successfully, I'll use the same string to block roughly 50 keywords. It won't catch all the spammers, but it will allow me to cull the antispam keyword list without inadvertently blocking comments that contain these 'bad' words.

Apr 14, 2006 20:40

Here is your code:

Code

# Fix for comments
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://yourdomain.net/.*$ [NC]
RewriteCond %{REQUEST_URI} ^.*comment_post\.php$
RewriteRule .* - [F]

How can I modify this that it also allows: www.yourdomain.net and not only yourdomain.net. I checked it and it also blocks www. =/Any idea?

Apr 14, 2006 21:21

Code

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?.yourdomain.net/.*$ [NC]
RewriteCond %{REQUEST_URI} ^.*comment_post\.php$
RewriteRule .* - [F]

Might work. Else

Code

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://yourdomain.net/.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.net/.*$ [NC]
RewriteCond %{REQUEST_URI} ^.*comment_post\.php$
RewriteRule .* - [F]

Apr 07, 2007 00:53

Code

RewriteCond %{HTTP_REFERER} \.us [NC,OR]
RewriteRule ^(.*) http://%{REMOTE_ADDR}/ [R=301,L]

My site is .us - will this block people from my site from accessing my site?

Great thread ;)

Apr 07, 2007 01:16

yap. it wont block the first page view, but if they click another link it surely will :)

best for you to leave that line off :

RewriteCond %{HTTP_REFERER} \.us [NC,OR] <--

Sep 10, 2007 21:45

How can I blog special ip-adresses from accessing the comment-function?

Sep 10, 2007 22:59

dont, just block them outright.

if you dont want them to comment, why let them read?

Code

deny from 217.71.110.252
deny from keyweb.de

theres an example of a block using an ip, and for blocking a domain in your .htaccess

if you really must *toy* with ppl, you can do it:

Code

<Files "comment_post.php">
  Order Deny,Allow
  deny from 217.71.110.252
deny from keyweb.de
</Files>

Jul 31, 2008 15:46

My old .htaccess worked great prior to the upgrade. 301 from index.php to / and canonical URL so there were not duplicate pages which could make google not like me.

Since I upgraded b2evolution, the old .htaccess does not work. If I implement it, the "permalink" and link to categories do not work.

I would appreciate your help because google is reporting in webmaster tools that I have duplicate home pages - it sees both index.php and /

Here is my old .htaccess prior to upgrade:
----------------------------------------------------------
AcceptPathInfo On

Options +FollowSymlinks
RewriteEngine on
rewritecond %{http_host} ^healthsciencenews.com [nc]
rewriterule ^(.*)$ http://www.healthsciencenews.com/$1 [r=301,nc]

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php [NC]
RewriteRule ^(([^/]+/)*)index\.php$ http://www.healthsciencenews.com/$1 [R=301,L]

ErrorDocument 404 http://www.healthsciencenews.com/notfound.html

--------------------------------------------------------

Thank you for your help,
Stephanie
http://www.healthsciencenews.com

Aug 05, 2008 04:03

Ok - this was resolved. I wish I could say I fixed it, but I had to consult with a programmer that is smarter than I am. Anyway here is a copy of my .htaccess
----------------------------------------------

# Apache configuration for the blog folder
# Lines starting with # are considered as comments.

# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName healthsciencenews.com
AuthUserFile /home/health30/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/health30/public_html/_vti_pvt/service.grp

# DEFAULT DOCUMENT TO DISPLAY:
# this will select the default blog template to be displayed
# if the URL is just .../blogs/
<IfModule mod_dir.c>
DirectoryIndex index.php index.html
</IfModule>

ErrorDocument 404 http://www.healthsciencenews.com/notfound.php

# CATCH EVERYTHING INTO B2EVO:
# The following will allow you to have URL right off the site root,
# using index.php as a stub but not showing it.
# This will add support for URLs like: http://example.com/2006/08/29/post-title
# Redirect anything that's not an existing directory or file to index.php
RewriteEngine On
Options +FollowSymlinks

# Redirect all non-www links
Rewritecond %{http_host} ^healthsciencenews.com [NC]
Rewriterule ^(.*)$ http://www.healthsciencenews.com/$1 [R=301,NC,L]

# If the subject/extrapath does not match an existing file, call b2evo!
# Add new blogs here

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php
----------------------------------------------

Then, he also had to edit the index.php file so that would 301 redirect too. This is the code that he entered so that index.php 301 redirects to my www:

* First thing: Do the minimal initializations required for b2evo:
*/
require_once dirname(__FILE__).'/conf/_config.php';

require_once $inc_path.'_main.inc.php';

switch( $ReqPath )
{
case '/index.php':
case '/index.php/':
header_redirect( $ReqHost, 301 );
break;
}

-----------------------------------

That's it! The URLs are all clean now.

aaaahhhhh

-Stephanie

http://www.easydietcenter.com

Aug 17, 2009 16:13

3. Using an .htaccess, fix it so your comments can ONLY be called locally. In other words, you are blocking them from being accessed remotely using a script on another server.
Details below:

here is captsolo's way (pasted from below) (verified to work):

Code

# Fix for comments
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://yourdomain.net/.*$ [NC]
RewriteCond %{REQUEST_URI} ^.*comment_post\.php$
RewriteRule .* - [F]

...and mine.. works for me, may not for you..

Code

RewriteCond %{HTTP_REFERER} "!^http://www.domain.org/.*$" [NC]
RewriteCond %{REQUEST_URI} ".*comment_post.php$"
RewriteRule .* - [F]

[/quote]

I'm trying to do this in my .htaccess file. The only difference is, the site can be access by multiple domains and block those without referer. I have no problem leaving comments, my friend reported that they were directed to 404 page.

This is what it looks like

Code

# comments referer
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mydomain.org/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mydomain.com/.*$ [NC]
RewriteCond %{REQUEST_URI} ^.*comment_post\.php$
RewriteRule .* - [F]

Can you see what's wrong here?

Aug 28, 2009 11:26

*Spam Link Removed
Sorry mate, you have to do better than cut n paste and put a spammy link at the bottom

Oct 28, 2009 11:29

Hey All.
This is Jenny, I am a Engineering student and website developer. I would like to share some spam stoping simple technique. If any website is having log-in page and if we provide user with user id and password. than sign-up page must contain compulsory mobile number box that needs to be verified and can not be added to another account. In this modern world everyone have mobile phone. So a person can make only a single ID. That is the simple solution.

Mar 23, 2010 01:02

Is this information still accurate:

Change the directory/folder name for your trackback and comments

Change it from htsrv to any other valid directory/folder name. Then edit conf/_advanced.php to reflect the change. Change the following line of code: $htsrv_subdir = 'htsrv'; This prevents bots that automatically attempt to submit comments and trackbacks using b2evolution's default htsrv installation.

Is there anywhere else I have to update the new directory name before I attempt this?

Found at http://manual.b2evolution.net/Antispam_tab

Apr 09, 2010 00:33

jenny wrote:

Hey All.
This is Jenny, I am a Engineering student and website developer. I would like to share some spam stoping simple technique. If any website is having log-in page and if we provide user with user id and password. than sign-up page must contain compulsory mobile number box that needs to be verified and can not be added to another account. In this modern world everyone have mobile phone. So a person can make only a single ID. That is the simple solution.

Hi Jenny, I severely doubt that the user would continue with submitting their comment if they were asked for their mobile number. I know I sure as hell wouldn't provide it - what do they need my number for? do I trust them with my number? will they spam it? and hey I sign up for everything! There are plenty of studies that even requiring things like gender prevent form completions.

And what would stop the bot from just sending a random value for that field - which they usually do for unknown fields? Bots are pretty intelligent...

Apr 09, 2010 00:46

I second Balupton. Bad enough I hate having to give my last name or mailing address; but a phone number? That would be one less comment for me.

Jul 03, 2010 19:20

Thread locked because it's attracting more dicks than a viagra advert :|

¥


Form is loading...

blog engine – This forum is powered by b2evolution CMS, a complete engine for your website.