We are talking about *trackback* spam, where one of the goals of spammers is to poison your page with links based on the referer value. Gabor On Mon, 18 Sep 2006, Johan Forngren wrote:
Do spammers really leave referrers?
2006/9/18, Gabor Hojtsy <gabor@hojtsy.hu>:
We have some .htaccess directives at weblabor.hu to cut down on pointless CPU usage. One is denying requests based on referers (which is trackback related too).
SetEnvIfNoCase Referer ".*(casino).*" BadReferrer SetEnvIfNoCase Referer ".*(pharmacy).*" BadReferrer SetEnvIfNoCase Referer ".*(gambling).*" BadReferrer SetEnvIfNoCase Referer ".*(poker).*" BadReferrer SetEnvIfNoCase Referer ".*(pills).*" BadReferrer deny from env=BadReferrer
Also if you would like to send a proper(!) "Gone" HTTP code to user agents who try to request your previously available trackback URLs, you can do:
RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^trackback - [G]
This sends a "Gone" HTTP status to the requester. This is better then an "Access denied" status, since you explictly state that the resource does not exist anymore, and any reference to it should be removed. The actual difference in meaning is only relevant for well-behaving bots, not the spammers, but it is nice to accurately inform well-behaving bots about the situation.