Way to block "referal spam"?

Hi,

I’m getting absolutely fed up with spamming sites giving me “referal spam”. I have a new site, which I literally just put live the other day - and its already got it coming through! I found some code online to “block” these at source, but it doesn’t seem to work

The code is (obviously updated to react to those who are spamming me :))

RewriteEngine On

RewriteCond %{HTTP_REFERER} (free\-share\-buttons|buttons\-for\-your\-website|best\-seo\-offer|social\-buttons|buttons\-for\-website|best\-seo\-solution|Get\-Free\-Traffic\-Now|webmaster\-traffic|event\-tracking|4labweb|free\-social\-buttons)\.com [NC]
RewriteRule .* - [F]

However, I still see stuff like this in google analytics:

What am I doing wrong? As far as I can tell it SHOULD be working… but just doesn’t seem to be I have other sites with the same issue (all the above in my rewrite rule keep spamming me)

TIA

Andy

Hi,

Ok, for anyone interested - I took a different approach. I used the following instead:

RewriteEngine On

RewriteCond %{HTTP_REFERER} ^([^.]+.)*?kambasoft.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?savetubevideo.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?semalt.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?embedle.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?extener.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?fbfreegifts.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?feedouble.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?musicprojectfoundation.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?myprintscreen.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?openfrost.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?openmediasoft.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?softomix.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?srecorder.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?videofrost.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?joinandplay.me [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?backgroundpictures.net [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?feedouble.net [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?softomix.net [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?videofrost.net [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?joingames.org [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?soundfrost.org [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?vapmedia.org [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?youtubedownload.org [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?zazagames.org [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?softomix.ru [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?free-share-buttons.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?buttons-for-your-website.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?best-seo-offer.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?social-buttons.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?buttons-for-website.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?best-seo-solution.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?Get-Free-Traffic-Now.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?webmaster-traffic.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?event-tracking.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?4labweb.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?free-social-buttons.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^([^.]+.)*?srecorder.com [NC]
RewriteRule .* - [F]

That seems to work:)

Cheers

Andy

I’ve found that 90%+ of referrer spam has an IE6 User agent, I block all IE6 requests outright. A slightly less despotic approach would be to force IE6 users to complete a captcha. I’m guessing it’s not worth the effort though.

haha thats one way of doing it =)

For me, its a new site - so its REALLY easy to spot the baddies. I’m hoping I will be able to spot them in the future, and just ban them as they happen (getting annoyed with loads of “hits”, but most of them are spam!)

Cheers

Andy

Andy,

From your first post, the backslashes are not needed and make the reading of the regex far more difficult. You have the right idea (looking for key words) but make the options in your list more generic (it’ll match more variations) and it should work perfectly.

From your second post, WHY are you using the start anchor and collecting garbage before you get to the referral website domains? Lose that extraneous garbage and your website will run much faster.

Otherwise, a good effort!

Regards,

DK

Thanks for the reply. I think the - I just put in there, to try and figure out why it wasn’t working =)

From your second post, WHY are you using the start anchor and collecting garbage before you get to the referral website domains? Lose that extraneous garbage and your website will run much faster.

No idea I just copied that query from someones site (about blocking referral spam). I’ll get it cleaned up, if its not needed.

Thanks!

Andy

Aw, Andy,

You should know better than to use code when you don’t know what it’s doing. Okay, that’s a pet peeve of mine, too, as well as the inappropriate use of (.*) and a few other bits.

Thanks for taking my earlier post as intended (helpful) as I do tend to get pedantic (to help the OP as well as anyone else reading the OP’s thread).

Regards,

DK

Mmm - so just checked todays stats, and they are still getting through

The rewrite is:

RewriteCond %{HTTP_REFERER} kambasoft.com [NC,OR]
RewriteCond %{HTTP_REFERER} savetubevideo.com [NC,OR]
RewriteCond %{HTTP_REFERER} privatelee.com [NC,OR]
RewriteCond %{HTTP_REFERER} semalt.com [NC,OR]
RewriteCond %{HTTP_REFERER} embedle.com [NC,OR]
RewriteCond %{HTTP_REFERER} extener.com [NC,OR]
RewriteCond %{HTTP_REFERER} fbfreegifts.com [NC,OR]
RewriteCond %{HTTP_REFERER} feedouble.com [NC,OR]
RewriteCond %{HTTP_REFERER} musicprojectfoundation.com [NC,OR]
RewriteCond %{HTTP_REFERER} myprintscreen.com [NC,OR]
RewriteCond %{HTTP_REFERER} openfrost.com [NC,OR]
RewriteCond %{HTTP_REFERER} openmediasoft.com [NC,OR]
RewriteCond %{HTTP_REFERER} softomix.com [NC,OR]
RewriteCond %{HTTP_REFERER} srecorder.com [NC,OR]
RewriteCond %{HTTP_REFERER} videofrost.com [NC,OR]
RewriteCond %{HTTP_REFERER} joinandplay.me [NC,OR]
RewriteCond %{HTTP_REFERER} backgroundpictures.net [NC,OR]
RewriteCond %{HTTP_REFERER} feedouble.net [NC,OR]
RewriteCond %{HTTP_REFERER} softomix.net [NC,OR]
RewriteCond %{HTTP_REFERER} videofrost.net [NC,OR]
RewriteCond %{HTTP_REFERER} joingames.org [NC,OR]
RewriteCond %{HTTP_REFERER} soundfrost.org [NC,OR]
RewriteCond %{HTTP_REFERER} vapmedia.org [NC,OR]
RewriteCond %{HTTP_REFERER} youtubedownload.org [NC,OR]
RewriteCond %{HTTP_REFERER} zazagames.org [NC,OR]
RewriteCond %{HTTP_REFERER} softomix.ru [NC,OR]
RewriteCond %{HTTP_REFERER} free-share-buttons.com [NC,OR]
RewriteCond %{HTTP_REFERER} buttons-for-your-website.com [NC,OR]
RewriteCond %{HTTP_REFERER} best-seo-offer.com [NC,OR]
RewriteCond %{HTTP_REFERER} social-buttons.com [NC,OR]
RewriteCond %{HTTP_REFERER} buttons-for-website.com [NC,OR]
RewriteCond %{HTTP_REFERER} best-seo-solution.com [NC,OR]
RewriteCond %{HTTP_REFERER} Get-Free-Traffic-Now.com [NC,OR]
RewriteCond %{HTTP_REFERER} webmaster-traffic.com [NC,OR]
RewriteCond %{HTTP_REFERER} event-tracking.com [NC,OR]
RewriteCond %{HTTP_REFERER} 4labweb.com [NC,OR]
RewriteCond %{HTTP_REFERER} free-social-buttons.com [NC,OR]
RewriteCond %{HTTP_REFERER} srecorder.com [NC]
RewriteRule .* - [F]

I’m not sure what else to try the following line should be stopping it, no?

RewriteCond %{HTTP_REFERER} event-tracking.com [NC,OR]

TIA

Andy

Andy,

Event-Tracking.com should have been blocked but the others are not in your list (you might want to alphabetize the list for easier management).

Go ahead and add more RewriteCond statements but be sure they are listed BEFORE the last one in the list (the one with just the [NC] flag).

Comment: If you want the dots to be dots, they need to be escaped in regex expressions. IMHO, little matter as you have properly listed the bots so this is definitely a pedantic comment.

Regards,

DK

Hi,

event-tracking was the only one I wanted to block out of that list (the rest were fine, and good traffic).

I’ve gone and used this code now in my main .conf file for the domain, as this seems much quicker (the last code KILLED one of my sites loading times for some reason)

RewriteCond %{HTTP_REFERER} (kambasoft.com|savetubevideo.com|privatelee.com|semalt.com|embedle.com|extener.com|fbfreegifts.com|feedouble.com|musicprojectfoundation.com|myprintscreen.com|openfrost.com|openmediasoft.com|softomix.com|srecorder.com|videofrost.com|joinandplay.me|backgroundpictures.net|feedouble.net|softomix.net|videofrost.net|joingames.org|soundfrost.org|vapmedia.org|youtubedownload.org|zazagames.org|softomix.ru|free-share-buttons.com|buttons-for-your-website.com|best-seo-offer.com|social-buttons.com|buttons-for-website.com|best-seo-solution.com|Get-Free-Traffic-Now.com|webmaster-traffic.com|event-tracking.com|4labweb.com|free-social-buttons.com|srecorder.com) [NC]
RewriteRule .* - [F]

Comment: If you want the dots to be dots, they need to be escaped in regex expressions. IMHO, little matter as you have properly listed the bots so this is definitely a pedantic comment.

Yeah - if the domain matches (even with . as a character), it should be fine to block (as no one would be sending valid traffic from any of those :))

Cheers

Andy

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.