Results 1 to 8 of 8
  1. #1
    Join Date
    Dec 2003
    Posts
    228

    Arrow Referring Spam. What do you do?

    Hello,

    I've been looking at my apache logs and I noticed A LOT of referrers from urls like the following (just to name a couple):
    -> cialis . deltawebs . net
    -> buyphentermine1 . blog . hr

    In an attempt to put a stop to them, I've written a script that runs through my apache logs and executes "apf -d xxx.xxx.xxx.xxx [url]" (xxx.xxx.xxx.xxx being the incoming ip). This seems to work well because the frequency of bad referring urls seems to be decreasing and it is a server-wide solution.

    I'm just wondering if there is a more efficient way of treating these bad referrers? I'm looking for a server-wide solution maybe based in httpd.conf - I don't like the idea of using .htaccess files because I am looking for a server-wide solution.

    What do you think of the APF solution to this problem?

    Thanks for your input!

    Lamp

  2. #2
    Join Date
    Feb 2003
    Posts
    543
    Hi Lamp,

    Your way is a pretty good way of doing it.

    I do however believe that the referer spammers have some kind of trigger. For example they may detect a /stats or /webalizer folder on your domain. Maybe finding that trigger and removing it could stop them from bothering.
    Off Topic Web Forum - A forum for talking about anything!!
    N.Z. Webmaster Community - Are you from New Zealand? Well signup to our forum!!!!

  3. #3
    Join Date
    Sep 2002
    Location
    Canada
    Posts
    452
    Try using mod_sec and GotRoot rules (from experience, activating all the rules will add a slight overhead on the server usage):

    http://www.gotroot.com/tiki-index.ph...security+rules
    Reliability Performance Integrity

  4. #4
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    One thing you could try doing is setting up some global Mod_Rewrite rules that trace all incoming Apache connections and data, and then act accordingly if they meet your rules.
    Jakiao

  5. #5
    Quote Originally Posted by PhilG
    Hi Lamp,

    Your way is a pretty good way of doing it.

    I do however believe that the referer spammers have some kind of trigger. For example they may detect a /stats or /webalizer folder on your domain. Maybe finding that trigger and removing it could stop them from bothering.
    I agree here that you shouldn't have public webalizer or other common stats programs being indexed by Google...that's the number one way they find you.
    http://www.spiderninja.com/ for Search Engine marketing

  6. #6
    Join Date
    Dec 2003
    Posts
    228
    Quote Originally Posted by PhilG
    Your way is a pretty good way of doing it.
    The only problem that I see with my way is that the apf deny_hosts.rules file can grow to an enormous amount!

    Since the ips listed in that file are loaded in memory, I'm sure there is eventually going to be a perfomance impact.

    Hence, this is why I'm looking for an efficient httpd.conf solution. I guess I could use mod_rewrite rules, but I wanted to know how everyone else was managing refering spam.

    Thanks!
    Lamp

  7. #7
    Join Date
    May 2004
    Location
    San Diego, CA USA
    Posts
    55
    I wrote a page on this last year. I haven't really looked at it since. I don't have a probloem with it anymore. I followed my own advice on the page below, and I don't see it anymore.

    Hope you are successful at stopping your problem. Good luck.

    My page on referrer spam:
    http://www.m5computersecurity.com/referrerspam/

  8. #8
    Join Date
    Jan 2002
    Location
    Ohio
    Posts
    3,139
    All of my statistics data is behind a custom admin login as well as my site control panel and I'm still getting slammed by this crap. But as regular spam is just as unavoidable I just deal with it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •