[development] My site is under attack (trackbacks, spam and cpu
usage).
Gabor Hojtsy
gabor at hojtsy.hu
Mon Sep 18 14:36:59 UTC 2006
We are talking about *trackback* spam, where one of the goals of spammers
is to poison your page with links based on the referer value.
Gabor
On Mon, 18 Sep 2006, Johan Forngren wrote:
> Do spammers really leave referrers?
>
> 2006/9/18, Gabor Hojtsy <gabor at hojtsy.hu>:
>>
>> We have some .htaccess directives at weblabor.hu to cut down on pointless
>> CPU usage. One is denying requests based on referers (which is trackback
>> related too).
>>
>> SetEnvIfNoCase Referer ".*(casino).*" BadReferrer
>> SetEnvIfNoCase Referer ".*(pharmacy).*" BadReferrer
>> SetEnvIfNoCase Referer ".*(gambling).*" BadReferrer
>> SetEnvIfNoCase Referer ".*(poker).*" BadReferrer
>> SetEnvIfNoCase Referer ".*(pills).*" BadReferrer
>> deny from env=BadReferrer
>>
>> Also if you would like to send a proper(!) "Gone" HTTP code to user
>> agents
>> who try to request your previously available trackback URLs, you can do:
>>
>> RewriteCond %{REQUEST_FILENAME} !-f
>> RewriteRule ^trackback - [G]
>>
>> This sends a "Gone" HTTP status to the requester. This is better then an
>> "Access denied" status, since you explictly state that the resource does
>> not exist anymore, and any reference to it should be removed. The actual
>> difference in meaning is only relevant for well-behaving bots, not the
>> spammers, but it is nice to accurately inform well-behaving bots about
>> the
>> situation.
>>
>>
>
More information about the development
mailing list