Whoo's anti-spam techniques in one simple thread

[jamigre]

I've been trying to get my .htaccess file to work, but for some reason my cgi script isn't working and I'm getting a 500 error, could someone please either post their .htaccess file or e-mail me their file at eljacek@yahoo (nospam) .com

sorry for being a pain, but i've been having one hell of a time. thanks.

[Dan]

Whoo and Graham, among others, have loudly touted the effectiveness of renaming the htsrv directory as a component of your anti-spam arsenal. Until recently, I had relied exclusively on some blocks in .htaccess (discussed previously in this thread) to stop spam, but this week I started getting a ton of trackback spam.

I wrote a simple perl script, hidehtsrv.pl, to automate (1) renaming the htsrv directory and (2) updating the _advanced.php configuration file with the change. I set up a cron job to run this script periodically, and so far so good.

Here's a link to the script and to my blog post.

Note that I use another of my perl scripts to generate a pseudo-random string that is used by hidehtsrv.pl to generate a new name for the htsrv directory. If you like that method, feel free to grab randpass.pl, too. Otherwise, you'll need to come up with an alternative.

[whoo]

that is wonderful Dan, awesome!!

[Dan]

[jibberjab]

[whoo]

[EdB]

I got to the bottom, but I scroll fast

You might as well block .to if you're into wiping out entire TLDs. They are all over the antispam system now. Literally hundreds of variants of a large assortment of domain names. I think we've added almost 10 domains of the .to flavor in the past week, and I've deprecated hundreds of the variant versions.

[re4med]

Can someone knowledgeable comment on my .htaccess file and let me know what they think. Thanks

[rossputin]

Hi there,

Sorry in advance if this is a stupid question...

If the htsrv folder has some name and another web site uses a (legitimate) trackback pointing to me, then if I rename htsrv to avoid spam comments will it mean that that trackback will no longer work and some people trying to get to my site won't be able to?

Thanks much for any thoughts on this....

Ross
http://blog.rossputin.com

[blueyed]

rossputin, once a trackback has been done, the location of the htsrv folder is irrelevant. Just for making the trackback the correct/new address has to be used.

[Elpie]

Apache has to query .htaccess with each and every page it loads on a site, so large .htaccess files can not only slow down page loading, but can also significantly increase server loads.

Managing a large .htaccess with loads of different IP's can also be a real nuisance. However, there are ways of keeping the file as small as possible.

Firstly, check who owns the IP you want to ban. Since you are checking on this, you might as well use the abuse@ contact and let them know that someone from that IP is spamming you. You never know, they might stop the offender.

Secondly, if you see a number of spammers are coming from the same provider, you might like to ban the entire IP range. If, for example, you are seeing spammers coming in from, say the 84.110.10.59 & 84.110.163.68 ranges you may be tempted to ban these ranges by putting 84.110.10. & 84.110.163. in your .htaccess.
However, in the example I have used (for a real spammer) those IP's are coming from the same source - Bezeq International. You could be forever adding IP's from this source at the moment. Instead of adding IP's like that, you can deny the entire netblock.

An example from my .htaccess to block all traffic from Bezeq International until they take some action against the spammers they host, is:

#Israeli spammers
deny from 84.110.80.0/20

This blocks everything in the netblock assigned to them: 84.110.0.0 - 84.110.255.255.

So, when you see multiple IP's that may be coming from the same source, do a whois on them and see if they are part of one netblock - if so, ban that netblock from your site. It's cleaner and makes it easier for you to read and modify your .htaccess file.

[whoo]

yes, absolutely, elpie is correct. that .htaccess wil slow down your page load times noticably; you might even run the risk of causing a few timeouts on the actual lookups.

I currently block 40 or so of the worst domains (using regexs and whatnot), while also having added a few notorious tlds to take care of the rest. I also block 3 specific ips (right now). As far as the ips go, I find I can remove them after a few weeks as whoever is behind them gets the message, and eventually just goes away.

[business.dynamics]

I've attempted to follow your instructions as best as I could ... I've adjusted the existing .htaccess file ... if you goto http://www.artmarket.co.nz/sample/htaccess.txt you'll see the one I've been working on ... what am I doing wrong please?

[blueyed]

[blueyed]

At least from