Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff
Author Message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Thu Oct 13, 2005 5:41 am Reply with quote

Ok sometimes i run into some nice information that is so well written that it has to be posted.
Simply because its easy to understand.
And and if you realy hate those people behind the spam referers tricks then this will show you how to ban them completely using your server.
I recommend to read this all carefully.


If you own a web site or a blog, you no doubt know all about the term "referer spam".
When you click a hyperlink on one web site, your browser passes to the next site the address of the page where you clicked the link.
This is logged by the server hosting the next web site.
The referer information can be faked very easily.
Some unscrupulous web site owners will arrange to have several computers access a particular web site with a referer that lists their own web site address.
There are a number of ways to accomplish this (see below), but the result is that the web server logs of the targeted site will contain hundreds or possibly thousands of entries with the fake referer information.
This is known as "referer spamming".

What's the point?

Why go to the effort of leaving a web site address in someone else's log files?
Most web servers have the ability to log an extensive amount of information about web sites visitors.
Many webmasters and bloggers use web-based software to parse those log files automatically.
The result is one or more pages breaking the information down into very detailed statistics.
These statistics include the referer information and often those referers are displayed as hyperlinks.
Bloggers quite often will display a link to the most frequent or most recent web site found in their referer logs using scripts.
Some will even put those links right on the front page of their site in a sidebar area.
Unscrupulous web site owners are spamming the log files in order to have their web sites listed on those referer links.
This creates an artificial boost in that site's popularity among those search engines that measure the number of links to a site.
It also generates traffic when curious visitors of a victim site clicks the links displayed in the referer listing.
Simply put, these people are running advertisements on your web site and using it to boost their search engine rankings.
They do this without your knowledge, without your permission, and without compensating you in any way for the use of your network.


How is it done?

Spammers decide which sites to spam by checking sites automatically such as blo.gs, weblogs.com, and popdex.com for blogs that have updated recently.
They also may do a simple Google search for the phrase "recent referers".
Once the spammer has chosen which sites to spam, there are several ways to go about it.
At one point, there was even a company that offered to spam the logs of over 55,000 sites for a fee.
One clever method used by porn sites is to include an image tag in their page's HTML that calls your web site's home page.
No image is loaded, but visitors to the porn site generate a hit on your site that is logged by the server.
Another is to use a desktop application similar to a spambot email harvester.
Instead of scooping up email addresses, the purpose of this sort of application is to load all of the pages on your site while leaving a custom referer in your logs.
One blogger wrote such a program, but never released it fearing abuse (and the wrath of his fellow bloggers no doubt).
Another method that people speculate about is browser hijacking. Internet Explorer can be hijacked to change the start page, search settings, DNS error handling, search hooks, and to have BHOs and strange toolbars installed.


How to stop this?

You have this happening on your own web site.
The spammers are all over your log files.
How do you stop it?
God bless the people at Apache for creating such a simple and powerful web server.
If you have a web site, chances are it is hosted on Apache.
Apache makes it very simple to block anyone from your site you wish to block, based on just about any parameter you choose.


Log into your site's FTP server.
Make sure it is set to display hidden files on the server.
Check your FTP client's documentation for help with that. If there is a file named .htaccess, download it and open it in a text editor.
If there isn't one, create one on your hard drive and upload it when you are finished.

Put this in the .htaccess file, changing "spammersite" to the name of sites found spamming your logs.
The first site listed should not have "NC", and the last one should not have "OR".

If your site starts generating errors after you upload this file, remove the # from the first line. If you use Microsoft Frontpage on your site, do not do this. Changing the .htaccess file could interfere with Frontpage.

# Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammersite1.com.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammersite2.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammersite3.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammersite4.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammersite5.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammersite6.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammersite7.com.*$ [NC]
RewriteRule \.*$ Only registered users can see links on this board! Get registered or login! [R,L]

This will redirect any request with a spammer site in the refer to any other site you wish.
If you prefer, you can rewrite that last line as "RewriteRule .* - [F,L]" to give them a "Forbidden" error.
Either way, it keeps them out of your referer logs and there is no way to defeat it.


If you prefer, you can also use wild cards to filter out domain names that are likely to belong to porn sites.
That should catch most of these spammers, as porn sites seem to be the biggest offenders.
The below should work perfectly for this.


RewriteEngine On #only include this line once to enable the rewriting engine

deny from 84.174.72.102
deny from 217.185.183.70
deny from 205.234.145.222

RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?adult(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?anal(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?blow.?job(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?gay(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?cum+shot(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?casino(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?incest(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?mature(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?nude(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?piss(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?porn(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?pus*y(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?sex(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?teen(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?tits(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?titten(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?wichsab(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?wichslos(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*accepted.cc$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*episodesusdbz/.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?advancedmoneyloans.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?affiliplanet.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?apart-?design.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?auktion.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?autogewinne24.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?autospiele24.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?babay.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?euromillionen.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?eurowins.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?geldspiele24.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?goovle.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?gsm-support.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?gzltax.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?heil-fasten.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?immobiliengewinne24.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?internetsupervision.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?keywordmaster.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?nackt-stars-nackt.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?one2onemag.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?qw8.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?referrer-script.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?ranking-hits.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?reisegewinne24.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?rootfood.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?shemale.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?single66.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?slamhost.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spielepsychatrie.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?superface.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?texasholdem.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?topgewinn24.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?topspiele24.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?transexual.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?usa-wins.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?vendini.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?webmasterplan.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?wichsfick.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?wseeker.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?yachtdurak.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?xmaster.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://www14\.blogspot.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?yahh+oo.*$
RewriteRule .* - [F,L]


The end / Fin / ende / eind Smile
 
View user's profile Send private message
djmaze
Subject Matter Expert


Joined: May 15, 2004
Posts: 719
Location: http://tinyurl.com/5z8dmv

PostPosted: Thu Oct 13, 2005 7:40 am Reply with quote

Here are some more

RewriteCond %{HTTP_REFERER} bobbemer.com [NC,OR]
RewriteCond %{HTTP_REFERER} cm3.com [NC,OR]
RewriteCond %{HTTP_REFERER} 95mb.com [NC,OR]
RewriteCond %{HTTP_REFERER} splinder.com [NC,OR]
RewriteCond %{HTTP_REFERER} blackfilmmakermag.com [NC,OR]
RewriteCond %{HTTP_REFERER} bac8.com [NC,OR]
RewriteCond %{HTTP_REFERER} pok2.com [NC,OR]

NOTE: the rules are simplified vs the ones hitwalker mentioned because something like ^http://(www\.)?bobbemer.*$ will fail to ban them.
Why ? well these domains use something like: on-line-casino.bobbemer.com
 
View user's profile Send private message Visit poster's website
hitwalker
PostPosted: Thu Oct 13, 2005 9:16 am Reply with quote

well nice ,but as long they create completely different domains and subs they will probably get by but its a good start..
Its just a tutorial,not the solution... Smile
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©