Hi there,
My little blog used to burn something around 2 or 3 Gb of bandwidth month, but the spammers made use 35Gb last month (and I was keeping anti-spam up to date).
Well, I decided that the best way was to block them from accessing my server through .htaccess and mod_rewrite.
I wrote a little script that captures the anti-spam list from B2 itself, that's what I've done.
That's actually pretty simple, and can be used with the Antispam Update Through Cron ( http://isaacschlueter.com/2005/04/automatic_antispam_update_cron/ )
First you do need to create a .htaccess file (edited)
Than create a php file with any name you want to (lets call this htaccess_generator.php), with this inside:
<?
$dbhost = "localhost"; //your DB host, usually localhost
$dbuser = "db_username"; //Your DB username instead of "db_username"
$dbpasswd = "db_pass"; //Your DB password instead of "db_pass"
$db=mysql_connect("$dbhost","$dbuser","$dbpasswd");
mysql_select_db("db_name",$db); //Your DB name instead of "db_name"
$page = "
#If you do have some custom HTACCESS, you can add it bellow this line
<IfModule mod_rewrite.c>
RewriteEngine On
";
$result = mysql_query("SELECT aspm_string FROM evo_antispam");
while(list($keyword) = mysql_fetch_row($result)){
if ( eregi("\.",$keyword) ) { $keyword = eregi_replace("\.","\\.",$keyword); }
if ( eregi("\?",$keyword) ) { $keyword = eregi_replace("\?","\\?",$keyword); }
if ( eregi("\.",$keyword) ) { //Filtering what does not seems to be domain name...
$page .= "RewriteCond %{HTTP_REFERER} (.*)$keyword(.*)$ [NC,OR]\n";
}
}
$page .= "RewriteCond %{HTTP_REFERER} (.*\.zone-h\.org.*) [NC]
RewriteRule .* http://%{REMOTE_ADDR}/ [R=301,L]
</IfModule>
";
exec("chmod 777 .htaccess");
$thelist = ".htaccess";
if (is_writable($thelist)) {
if (!$handle = fopen($thelist, 'w')) {
echo "Sorry, could no open ($thelist)";
exit;
}
// Write $page to our opened file.
if (fwrite($handle, $page) === FALSE) {
echo "Sorry could not write on ($thelist)";
exit;
}
echo "Success, the file was writen ($thelist)";
fclose($handle);
} else {
echo "The file could not be writen";
}
exec("chmod 644 .htaccess");
?>
If you are not using the automatic spam update, you just need to run the script after update your anti-spam. If you are using, just add to the end of the cron line:
Make this
0 */6 * * * /usr/local/bin/php /home/my_username/public_html/admin/b2antispam_poll.php
Look like this
0 */6 * * * /usr/local/bin/php /home/my_username/public_html/admin/b2antispam_poll.php ; wget -q -O /dev/null http://yoursite.com/htaccess_generator.php
Well those are my two cents, hope it can be usefull for someone ;)
Cheers
Gilberto
General Support
b2evolution CMS Support Forums
ok, well with all respect, I missed the part where you you changed the perms on that .htaccess back to something thats not WORLD-WRITABLE. Oh wait, you dont
I dont reccomend that ANYONE use a script that requires a chmod 777 .htaccess. 8|