Deny Access to No Referrer Requests

When your readers comment, the wp-comments-post.php file is accessed, does its thing, and creates the post. The user’s browser will send a “referral” line about this.

When a spam-bot comes in, it hits the file directly and usually does not leave a referrer. This allows for some nifty detection and action direct from the server. If you are not familiar with Apache directives, then write the following in your root directory .htaccess file::

This will:

1. Detect when a POST is being made
2. Check to see if the post is on wp-comments-post.php
3. Check if the referrer is in your domain or if no referrer
4. Send the spam-bot BACK to its originating server’s IP address.

NOTE 1: In the 4th line, change yourdomain.com to your domain.xxx without the www or any prefix for that matter.

NOTE 2: There is a slim chance that someone’s browser will not send the referral, but this is extremely rare.

This essentially deflects the spam-bot back on itself.

SetEnvIfNoCase Via evil-spam-proxy spammer=yes

SetEnvIfNoCase Referer evil-spam-domain.com spammer=yes

SetEnvIfNoCase Referer evil-spam-keyword spammer=yes

SetEnvIfNoCase Via pinappleproxy spammer=yes

SetEnvIfNoCase Referer doobu.com spammer=yes

SetEnvIfNoCase Referer poker spammer=yesOrder allow,deny

allow from all

deny from env=spammer

# Tom Raftery's .htaccess file - use with caution - for more info on writing .htaccess files

# see http://www.tomrafteryit.net/category/htaccess/

# Last updated 4th Oct 05Options +FollowSymlinks

RewriteEngine On

php_flag register_globals off

# There was a lot of comment spam with the User Agents Crazy Browser 1.x.x and Mozilla/3.0 (compatible; Indy Library)

# so I am using the following code to block it. Note that I removed the starting "^", so that it will ban

# any user-agent with "Indy Library" or "TrackBack" anywhere in its user-agent string, and that it will

# accept any character - including a space - after "Indy" or TrackBack.

RewriteCond %{HTTP_USER_AGENT} Indy.Library [NC,OR]

RewriteCond %{HTTP_USER_AGENT} TrackBack [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^Crazy\ Browser [NC]

RewriteRule .* - [F]

# There was a lot of referrer spam coming from 12.163.72.13 (no uri)

# so I decided to block it with the following code

RewriteCond %{REMOTE_ADDR} ^12\.163\.72\.13$

RewriteRule .* - [F,L]

# A new tactic - using SetEnvIfNoCase instead of RewriteCond - seems to be quite effective (esp for referrers).

# Original version found at http://blog.koehntopp.de/archives/671-Mehr-ueber-den-Trackback-Spammer.html

# Many spams and trackbacks come from User Agent Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)

# I added a line (SetEnvIfNoCase User-Agent 9x 4.90 spammer=yes) to deny this User Agent - be aware that if you

# include this line you risk banning some genuine browsers, although I could find no genuine browsers using that UA in my logs

SetEnvIfNoCase X-AAAAAAAAAAAA 1 spammer=yes

SetEnvIfNoCase Via pinappleproxy spammer=yes

SetEnvIfNoCase Referer yelucie.com spammer=yes

SetEnvIfNoCase Referer crescentarian.net spammer=yes

SetEnvIfNoCase Referer andrewsaluk.com spammer=yes

SetEnvIfNoCase Referer tigerspice spammer=yes

SetEnvIfNoCase Referer doobu.com spammer=yes

SetEnvIfNoCase Referer camfun24 spammer=yes

SetEnvIfNoCase Referer latinonakedgirl spammer=yes

SetEnvIfNoCase Referer ronnieazza.com spammer=yes

SetEnvIfNoCase Referer highprofitclub spammer=yes

SetEnvIfNoCase Referer dvdsqueeze.com spammer=yes

SetEnvIfNoCase Referer sexsearchcom.com spammer=yes

SetEnvIfNoCase Referer 6q.org spammer=yes

SetEnvIfNoCase Referer d4f.de spammer=yes

SetEnvIfNoCase Referer adultactioncam spammer=yes

SetEnvIfNoCase Referer seventwentyfour.com spammer=yes

SetEnvIfNoCase Referer genaholincorporated.com spammer=yes

SetEnvIfNoCase Referer firsthorizonmtg.com spammer=yes

SetEnvIfNoCase Referer personalsites.info spammer=yes

SetEnvIfNoCase Referer bukakke-bukake-bukkake-bukkakke.com spammer=yes

SetEnvIfNoCase Referer camgirlslive.com spammer=yes

SetEnvIfNoCase Referer dvd-copy.com spammer=yes

SetEnvIfNoCase Referer shaffelrecords.com spammer=yes

SetEnvIfNoCase Referer mcr8.com spammer=yes

SetEnvIfNoCase Referer dating.blogs.com spammer=yes

SetEnvIfNoCase Referer online-casino-pops spammer=yes

SetEnvIfNoCase Referer 8thstreetlatinas spammer=yes

SetEnvIfNoCase Referer boysfirsttime.com spammer=yes

SetEnvIfNoCase Referer gofordgo.com spammer=yes

SetEnvIfNoCase Referer buy-hgh-human-growth-hormone.net spammer=yes

deny from env=spammer

deny from 66.28.54.254

deny from 12.163.72.13

deny from 71.57.133.162

deny from 84.92.124.116

deny from 196.7.0.160

deny from 210.43.0.225

deny from 219.93.174.107

deny from 205.134.241.50

# From Spamhuntress - code to deny the below user agents POST access to trackback

<Files trackback>

<limit POST>

SetEnvIf User-Agent “Mozilla” trackers

SetEnvIf User-Agent “Opera” trackers

SetEnvIf User-Agent ^$ trackers

Order Allow,Deny

Allow from all

Deny from env=trackers

</limit>

</Files>

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

Wenn Ihr Kommentar Leser, die wp-comments-post.php Datei zugegriffen
wird, macht seine Sache, und schafft die Post. Browser des Nutzers
sendet eine “Empfehlung”-Zeile dazu.

Wenn ein Spam-bot an,
sie trifft die Datei direkt und in der Regel nicht verlassen, ein
Verweis. Dies ermöglicht die Erkennung und einige nette Aktion direkt
auf dem Server. Wenn Sie nicht vertraut sind mit Apache-Direktiven,
dann schreiben Sie das Folgende in Ihr Root-Verzeichnis.
Htaccess-Datei:

Dies wird:

1. Zu erkennen, wenn eine POST gemacht wird
2. Prüfen Sie, ob die Post ist auf wp-comments-post.php
3. Überprüfen Sie, ob der Verweis ist in Ihrer Domäne oder, wenn kein referrer
4. Schicken Sie die Spam-Bots zu seinen Ursprung BACK-Server die IP-Adresse.

Anmerkung 1: In der 4. Zeile, ändern Sie yourdomain.com zu Ihrem
domain.xxx ohne “www” oder ein Präfix für diese Angelegenheit.

Hinweis 2: Es ist ein schlankes Chance, dass jemand den Browser nicht senden Sie die Empfehlung, aber das ist sehr selten.

Diese im Wesentlichen ablenkt die Spam-Bot auf sich selbst zurück.

If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Powered by WP | WP Remix Copyright 2007. Baldwinit.com Website Design. All rights reserved

• Home
• About
• Archives
• Tags