Issue status update for http://drupal.org/node/27787 Post a follow up: http://drupal.org/project/comments/add/27787 Project: Drupal Version: cvs Component: base system Category: feature requests Priority: normal Assigned to: Robin Monks Reported by: Robin Monks Updated by: Uwe Hermann Status: patch (code needs review) Attachment: http://drupal.org/files/issues/referring_banning_with_stat_fix_1.patch (7.83 KB) Patch didn't apply anymore (tried to re-add '?>'). Here's an updated patch. From a quick glance the code looks good, but I didn't test thoroughly. +1 for the feature, though. Uwe Hermann Previous comments: ------------------------------------------------------------------------ Fri, 29 Jul 2005 17:02:30 +0000 : Robin Monks Attachment: http://drupal.org/files/issues/referring_banning_with_stat_fix.patch (7.9 KB) The attached patch adds the following features to Drupal HEAD: - Setting Access Permissions by referrer. The attached patch fixes the following bugs: - Port numbers on same domain cause Drupal to mark an external referrer This patch changes the following modules, by function: - user.module -- user_admin_access_check Now allows checking based on referrer. -- _user_admin_access_form Now has options for banning based on referrer. -- user_admin_access Now lists referrer bans. -- user_help Show referrer banning in documentation. - bootstrap.inc -- _drupal_bootstrap Checks to ensure user is not banned by referrer. - statistics.module -- statistics_top_referrers Has "quick-links" for banning referring domain. Fixes port issue. I have tested this module and it works correctly on Drupal HEAD. Robin ------------------------------------------------------------------------ Sat, 30 Jul 2005 13:59:09 +0000 : Dries What is the point of referrer banning? To stop people from linking your site? I'd think this is only useful for 0.001% of all Drupal sites. ------------------------------------------------------------------------ Sat, 30 Jul 2005 14:05:51 +0000 : killes@www.drop.org I've asked Robin to implement this because a referrer spammer was spamming drupal.org with porn referrers. This was annoying because it made the "top referrers" page basically useless. I only got rid of the spammer because Kjartan grepped the apache logs for me and told me the IP. ------------------------------------------------------------------------ Sat, 30 Jul 2005 14:32:08 +0000 : bertboerland@www.drop.org dries, take a look at http://drupal.org/admin/logs/referrers [1]. mine is even worse, nearly 15% of all referrers are pr0n sites. so i do think it is usefull to ban based on referrer, not to prohibits linkers but referrer spammers [1] http://drupal.org/admin/logs/referrers ------------------------------------------------------------------------ Sat, 30 Jul 2005 18:41:33 +0000 : Robin Monks This is also useful for sites that try to pop other sites into IFrames (sometime invisable). This code does need review. I want to make sure that this will work on all server/OS/php types. Robin ------------------------------------------------------------------------ Sun, 31 Jul 2005 10:32:37 +0000 : Dries I'm still not convinced this feature is needed. I'm tempted to say "won't fix" but I'll let this patch float in the review queue until enough people showed interest in it. ------------------------------------------------------------------------ Sun, 31 Jul 2005 15:13:41 +0000 : eldarin A useful feature for sites plagued by the spammers on the net - another sad example is http://www.xmlrpc.com/stats/referers . ------------------------------------------------------------------------ Sun, 31 Jul 2005 15:58:45 +0000 : deekayen I'd like to see this feature, but I would make a change to the patch. In statistics.module, + array('data' => t('Ban domain')) isn't exactly clear. We know what it does in the context of this issue, but I can see some of my users thinking that it will do a DNS lookup and ban any users trying to visit from another ISP. If it were my patch, I'd make it 'Ban visitors clicking from this webpage', but that might be wordy for some of you. ------------------------------------------------------------------------ Sun, 31 Jul 2005 23:56:00 +0000 : Robin Monks If it were my patch, I'd make it 'Ban visitors clicking from this webpage', but that might be wordy for some of you. Don't forget, this is going in a table header. Something like that on my display would take the table halfway to greenland. "Ban Referring Domain" or "Ban Referrer" may be better choices, but I can't understand how someone could think a domain was an ISP??? I mean, a domain is a domain. Even non-tech-types know a domain is a .com. I'd like others opinions on this. I feel the common concensus thus far is that this patch would be a good addition to Drupals banning system. However, the code still needs to have some more testers. This is also a good time to mention any changes you'd like to see. Robin ------------------------------------------------------------------------ Tue, 09 Aug 2005 14:18:56 +0000 : Robin Monks Attachment: http://drupal.org/files/issues/referring_banning_with_stat_fix_0.patch (7.97 KB) New patch against HEAD, changes the title to "Ban referrer" Robin ------------------------------------------------------------------------ Wed, 31 Aug 2005 13:02:21 +0000 : minimism As a sufferer of referrer spam (my logs+cache+sessions tables added over 20MB to my database, causing me to go over-quota with my hosting service == cost; as well as the increased traffic making my site go 25% over bandwidth allowance == more cost) would the referrer block generate any output (i.e a 404 message) or would Drupal output a null page (such as cron.php)? My 'over-bandwidth' problem is not going to be helped if each request gets a 404 message! ------------------------------------------------------------------------ Thu, 01 Sep 2005 09:02:30 +0000 : Hosting Geek I know lighttpd [2] has this feature... maybe you would want to use it instead of apache it seems to have a lot fo features apache is missing plus it uses less load and memory... maybe drupal.org should of swaped to it when it was having load problems... to late to sudgest it now... but if drupal.org ever start getting load problems again it might be the first thing you would want to do. [2] http://lighttpd.net ------------------------------------------------------------------------ Thu, 15 Sep 2005 18:19:29 +0000 : Robin Monks The module stops the request before it hits the DB or graphics and just ouputs (in plain text). The referrer ___ has been banned. Or similar. No "building" take place, the request is effictively killed. Robin