[development] My site is under attack (trackbacks, spam and cpu usage).

Gabor Hojtsy gabor at hojtsy.hu
Mon Sep 18 14:41:32 UTC 2006


Erm, excuse me, I mixed the issue with referer spam :) Too many issues to 
care about at the same time.

Gabor

On Mon, 18 Sep 2006, Gabor Hojtsy wrote:

> We are talking about *trackback* spam, where one of the goals of spammers is 
> to poison your page with links based on the referer value.
>
> Gabor
>
> On Mon, 18 Sep 2006, Johan Forngren wrote:
>
>> Do spammers really leave referrers?
>> 
>> 2006/9/18, Gabor Hojtsy <gabor at hojtsy.hu>:
>>> 
>>> We have some .htaccess directives at weblabor.hu to cut down on 
>>> pointless
>>> CPU usage. One is denying requests based on referers (which is 
>>> trackback
>>> related too).
>>> 
>>> SetEnvIfNoCase Referer ".*(casino).*" BadReferrer
>>> SetEnvIfNoCase Referer ".*(pharmacy).*" BadReferrer
>>> SetEnvIfNoCase Referer ".*(gambling).*" BadReferrer
>>> SetEnvIfNoCase Referer ".*(poker).*" BadReferrer
>>> SetEnvIfNoCase Referer ".*(pills).*" BadReferrer
>>> deny from env=BadReferrer
>>> 
>>> Also if you would like to send a proper(!) "Gone" HTTP code to user 
>>> agents
>>> who try to request your previously available trackback URLs, you can 
>>> do:
>>> 
>>> RewriteCond %{REQUEST_FILENAME} !-f
>>> RewriteRule ^trackback - [G]
>>> 
>>> This sends a "Gone" HTTP status to the requester. This is better then 
>>> an
>>> "Access denied" status, since you explictly state that the resource 
>>> does
>>> not exist anymore, and any reference to it should be removed. The 
>>> actual
>>> difference in meaning is only relevant for well-behaving bots, not the
>>> spammers, but it is nice to accurately inform well-behaving bots about 
>>> the
>>> situation.
>>> 
>>> 
>> 
>


More information about the development mailing list