Blocking access to a website from known spamming sites

Status
Not open for further replies.
#1
Blocking access to a website from known spamming sites

This was originally psoted by Jonra in another thread. I thought it is very useful in all circumstances.

Just note that this does not apply to Windows servers.


jonra01 said:
If you can use a .htaccess file then you can block most spammers from ever getting to the guestbook. I just did this on my blog because my stats page was getting hit every 6 seconds from some #$%#$%%$ using subdomains on jixx.de

You will need to copy and paste the code below into your .htaccess file and then upload it to your server.

First login with your ftp client to see if there is already an .htaccess file in the public_html folder. If there is download this to your computer to work on. Then save a copy as .htaccess.bak so you have a good copy in case you do something wrong. Now modify the .htaccess file with the code below. Make sure there are no stray end of line characters after the end of the code. Once it is modified save it and upload it to the server. Put it in the public_html folder.

This should stop 99% of the spammers.

Code:
RewriteEngine on

# Block Referrer Spam

# Drugs / Herbal

  RewriteCond %{HTTP_REFERER} (sleep-?deprivation) [NC,OR]
  RewriteCond %{HTTP_REFERER} (sleep-?disorders) [NC,OR]
  RewriteCond %{HTTP_REFERER} (insomnia) [NC,OR]
  RewriteCond %{HTTP_REFERER} (phentermine) [NC,OR]
  RewriteCond %{HTTP_REFERER} (phentemine) [NC,OR]
  RewriteCond %{HTTP_REFERER} (vicodin) [NC,OR]
  RewriteCond %{HTTP_REFERER} (hydrocodone) [NC,OR]
  RewriteCond %{HTTP_REFERER} (levitra) [NC,OR]
  RewriteCond %{HTTP_REFERER} (hgh-) [NC,OR]
  RewriteCond %{HTTP_REFERER} (-hgh) [NC,OR]
  RewriteCond %{HTTP_REFERER} (ultram-) [NC,OR]
  RewriteCond %{HTTP_REFERER} (-ultram) [NC,OR]
  RewriteCond %{HTTP_REFERER} (cialis) [NC,OR]
  RewriteCond %{HTTP_REFERER} (soma-) [NC,OR]
  RewriteCond %{HTTP_REFERER} (-soma) [NC,OR]
  RewriteCond %{HTTP_REFERER} (diazepam) [NC,OR]
  RewriteCond %{HTTP_REFERER} (gabapentin) [NC,OR]
  RewriteCond %{HTTP_REFERER} (celebrex) [NC,OR]
  RewriteCond %{HTTP_REFERER} (viagra) [NC,OR]
  RewriteCond %{HTTP_REFERER} (fioricet) [NC,OR]
  RewriteCond %{HTTP_REFERER} (ambien) [NC,OR]
  RewriteCond %{HTTP_REFERER} (valium) [NC,OR]
  RewriteCond %{HTTP_REFERER} (zoloft) [NC,OR]
  RewriteCond %{HTTP_REFERER} (finasteride) [NC,OR]
  RewriteCond %{HTTP_REFERER} (lamisil) [NC,OR]
  RewriteCond %{HTTP_REFERER} (meridia) [NC,OR]
  RewriteCond %{HTTP_REFERER} (allegra) [NC,OR]
  RewriteCond %{HTTP_REFERER} (diflucan) [NC,OR]
  RewriteCond %{HTTP_REFERER} (zovirax) [NC,OR]
  RewriteCond %{HTTP_REFERER} (valtrex) [NC,OR]
  RewriteCond %{HTTP_REFERER} (lipitor) [NC,OR]
  RewriteCond %{HTTP_REFERER} (proscar) [NC,OR]
  RewriteCond %{HTTP_REFERER} (acyclovir) [NC,OR]
  RewriteCond %{HTTP_REFERER} (sildenafil) [NC,OR]
  RewriteCond %{HTTP_REFERER} (tadalafil) [NC,OR]
  RewriteCond %{HTTP_REFERER} (xenical) [NC,OR]
  RewriteCond %{HTTP_REFERER} (melatonin) [NC,OR]
  RewriteCond %{HTTP_REFERER} (xanax) [NC,OR]
  RewriteCond %{HTTP_REFERER} (herbal) [NC,OR]
  RewriteCond %{HTTP_REFERER} (drugs) [NC,OR]
  RewriteCond %{HTTP_REFERER} (lortab) [NC,OR]
  RewriteCond %{HTTP_REFERER} (adipex) [NC,OR]
  RewriteCond %{HTTP_REFERER} (propecia) [NC,OR]
  RewriteCond %{HTTP_REFERER} (carisoprodol) [NC,OR]
  RewriteCond %{HTTP_REFERER} (tramadol) [NC]
    RewriteRule .* - [F]

# Porn

  RewriteCond %{HTTP_REFERER} (porno) [NC,OR]
  RewriteCond %{HTTP_REFERER} (shemale) [NC,OR]
  RewriteCond %{HTTP_REFERER} (gangbang) [NC,OR]
  RewriteCond %{HTTP_REFERER} (-cock) [NC,OR]
  RewriteCond %{HTTP_REFERER} (-anal) [NC,OR]
  RewriteCond %{HTTP_REFERER} (-orgy) [NC,OR]
  RewriteCond %{HTTP_REFERER} (cock-) [NC,OR]
  RewriteCond %{HTTP_REFERER} (anal-) [NC,OR]
  RewriteCond %{HTTP_REFERER} (orgy-) [NC,OR]
  RewriteCond %{HTTP_REFERER} (singles-?christian) [NC,OR]
  RewriteCond %{HTTP_REFERER} (dating-?christian) [NC,OR]
  RewriteCond %{HTTP_REFERER} (cumeating) [NC,OR]
  RewriteCond %{HTTP_REFERER} (cream-?pies) [NC,OR]
  RewriteCond %{HTTP_REFERER} (cumsucking) [NC,OR]
  RewriteCond %{HTTP_REFERER} (cumswapping) [NC,OR]
  RewriteCond %{HTTP_REFERER} (cumfilled) [NC,OR]
  RewriteCond %{HTTP_REFERER} (cumdripping) [NC,OR]
  RewriteCond %{HTTP_REFERER} (krankenversicherung) [NC,OR]
  RewriteCond %{HTTP_REFERER} (cumpussy) [NC,OR]
  RewriteCond %{HTTP_REFERER} (suckingcum) [NC,OR]
  RewriteCond %{HTTP_REFERER} (drippingcum) [NC,OR]
  RewriteCond %{HTTP_REFERER} (pussycum) [NC,OR]
  RewriteCond %{HTTP_REFERER} (swappingcum) [NC,OR]
  RewriteCond %{HTTP_REFERER} (eatingcum) [NC,OR]
  RewriteCond %{HTTP_REFERER} (cum-) [NC,OR]
  RewriteCond %{HTTP_REFERER} (-cum) [NC,OR]
  RewriteCond %{HTTP_REFERER} (sperm) [NC,OR]
  RewriteCond %{HTTP_REFERER} (christian-?dating) [NC,OR]
  RewriteCond %{HTTP_REFERER} (jewish-?singles) [NC,OR]
  RewriteCond %{HTTP_REFERER} (sex-?meetings) [NC,OR]
  RewriteCond %{HTTP_REFERER} (swinging) [NC,OR]
  RewriteCond %{HTTP_REFERER} (swingers) [NC,OR]
  RewriteCond %{HTTP_REFERER} (personals) [NC,OR]
  RewriteCond %{HTTP_REFERER} (sleeping) [NC,OR]
  RewriteCond %{HTTP_REFERER} (libido) [NC,OR]
  RewriteCond %{HTTP_REFERER} (grannies) [NC,OR]
  RewriteCond %{HTTP_REFERER} (mature) [NC,OR]
  RewriteCond %{HTTP_REFERER} (enhancement) [NC,OR]
  RewriteCond %{HTTP_REFERER} (sexual) [NC,OR]
  RewriteCond %{HTTP_REFERER} (gay-?teen) [NC,OR]
  RewriteCond %{HTTP_REFERER} (teen-?chat) [NC,OR]
  RewriteCond %{HTTP_REFERER} (gay-?chat) [NC,OR]
  RewriteCond %{HTTP_REFERER} (adult-?finder) [NC,OR]
  RewriteCond %{HTTP_REFERER} (adult-?friend) [NC,OR]
  RewriteCond %{HTTP_REFERER} (friend-?finder) [NC,OR]
  RewriteCond %{HTTP_REFERER} (friend-?adult) [NC,OR]
  RewriteCond %{HTTP_REFERER} (finder-?adult) [NC,OR]
  RewriteCond %{HTTP_REFERER} (finder-?friend) [NC,OR]
  RewriteCond %{HTTP_REFERER} (discrete-?encounters) [NC,OR]
  RewriteCond %{HTTP_REFERER} (cheating-?wives) [NC,OR]
  RewriteCond %{HTTP_REFERER} (housewives) [NC,OR]
  RewriteCond %{HTTP_REFERER} (\-sex\.) [NC,OR]
  RewriteCond %{HTTP_REFERER} (xxx) [NC,OR]
  RewriteCond %{HTTP_REFERER} (snowballing) [NC]
    RewriteRule .* - [F]

# Weight

  RewriteCond %{HTTP_REFERER} (fat-) [NC,OR]
  RewriteCond %{HTTP_REFERER} (-fat) [NC,OR]
  RewriteCond %{HTTP_REFERER} (diet) [NC,OR]
  RewriteCond %{HTTP_REFERER} (pills) [NC,OR]
  RewriteCond %{HTTP_REFERER} (weight) [NC,OR]
  RewriteCond %{HTTP_REFERER} (supplement) [NC]
    RewriteRule .* - [F]

# Gambling

  RewriteCond %{HTTP_REFERER} (texas-?hold-?em) [NC,OR]
  RewriteCond %{HTTP_REFERER} (poker) [NC,OR]
  RewriteCond %{HTTP_REFERER} (casino) [NC,OR]
  RewriteCond %{HTTP_REFERER} (blackjack) [NC]
    RewriteRule .* - [F]

# Loans / Finance

  RewriteCond %{HTTP_REFERER} (mortgage) [NC,OR]
  RewriteCond %{HTTP_REFERER} (refinancing) [NC,OR]
  RewriteCond %{HTTP_REFERER} (cash-?advance) [NC,OR]
  RewriteCond %{HTTP_REFERER} (cash-?money) [NC,OR]
  RewriteCond %{HTTP_REFERER} (pay-?day) [NC]
    RewriteRule .* - [F]

# User Agents

  RewriteCond %{HTTP_USER_AGENT} (Program\ Shareware|Fetch\ API\ Request) [NC,OR]
  RewriteCond %{HTTP_USER_AGENT} (Microsoft\ URL\ Control) [NC]
    RewriteRule .* - [F]

# Misc / Specific Sites

  RewriteCond %{HTTP_REFERER} (netwasgroup\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (nic4u\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (wear4u\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (foxmediasolutions\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (liveplanets\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (aeterna-tech\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (continentaltirebowl\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (chemsymphony\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (infolibria\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (globaleducationeurope\.net) [NC,OR]
  RewriteCond %{HTTP_REFERER} (soma\.125mb\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (mitglied\.lycos\.de) [NC,OR]
  RewriteCond %{HTTP_REFERER} (foxmediasolutions\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (jroundup\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (feathersandfurvanlines\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (conecrusher\.org) [NC,OR]
  RewriteCond %{HTTP_REFERER} (sbj-broadcasting\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (edthompson\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (codychesnutt\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (artsmallforsenate\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (axionfootwear\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (protzonbeer\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (candiria\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (bigsitecity\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (coresat\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (istarthere\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (amateurvoetbal\.net) [NC,OR]
  RewriteCond %{HTTP_REFERER} (alleghanyeda\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (xadulthosting\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (datashaping\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (zick\.biz) [NC,OR]
  RewriteCond %{HTTP_REFERER} (newprinceton\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (dvdsqueeze\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (xopy\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (webdevboard\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (devaddict\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (eaton-inc\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (whiteguysgroup\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (guestbookz\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (webdevsquare\.com) [NC,OR]
  RewriteCond %{HTTP_REFERER} (indfx\.net) [NC,OR]
  RewriteCond %{HTTP_REFERER} (snap\.to) [NC,OR]
  RewriteCond %{HTTP_REFERER} (2y\.net) [NC,OR]
  RewriteCond %{HTTP_REFERER} (astromagia\.info) [NC,OR]
  RewriteCond %{HTTP_REFERER} (jixx\.de) [NC,OR]
  RewriteCond %{HTTP_REFERER} (free-?sms) [NC]
    RewriteRule .* - [F]
 
#3
John,

From your blog, it is different from your post here.

How come you added this at the top:

<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 216.74.242.174
deny from 213.126.93.195

and to the bottom, added the ,L :

RewriteRule .* - [F,L]

?

Howard
 
#4
The bit at the top about the 403 was part of my original .htaccess file. The portion I posted here was only the portion about using the rewrite engine - mod_rewrites

The L was missing from my original post. It will work without it, but should be there, so I added it when I noticed it missing.

Everyone should realize that the solutions I offered here are not foolproof. Nor are they permanent. This is an ongoing battle with no end in sight.

The first thing I happened to do after posting the solution on my web site was to open my mail program. Staring me in the face were 50 emails notifying me of new trackbacks on a number of my posts. It was apparently posted by visitors (probably bots) that hit my site over the course of a few minutes. All of them were from 4 different ip address.

These could have been done manually by a group of kids spread around the globe. It might be a club. It was more likely done by a bot.

My blog software only recorded one for each post from the same ip so I ended up with 10 of them altogether. I deleted those manually and added the ip addresses to the .htaccess file.

One interesting thing I noted was that the url for these posts was truncated to http:// I don't know why this happened. It might have been an anti-spam filter in the blog software or an error in the bot. Whatever the reason, it defeated the most likely purpose of the spam, which is to place their url on my site.

Like I said, this is an ongoing battle. All you can do is to try to stay ahead of them where possible and to clean up after them if they get through.
 
Last edited:
#5
IP Blaster or something similar -

In a different thread we discussed someone scanning sites from China. I don't know if these come from these sites, but may just be someone using an IP Blaster paid to spam business sites and home users.

I recall saying my sales contact form kept getting intruded upon from these demonic spammers but now at least I've located two of the sites they spam about.

1. hk.365365.com
This is some type of web start portal page.

2. zjheny.com
This one is a Chinese site doing some type of cooking utensil business. Their english on the site is obviously in need.
 
#6
Won't Go There

This time I won't follow the links to see where the perpetrators are coming from. I do want to thank our C-Corp technician because he made my sales contact form to now allow me to hover over the chinese characters and translate them to english characters.

I hope it's ok to post the findings here. I can prove all of this post because I have the sales inquiry forms saved in a file.

Here's some places these links lead back to just from this last most recent spam to my sales inquiry form:
1. mog@bbc.com
2.blog.com.cn/user2/9882/archives/2005/148625.shtml
3.blog.com.cn/user2/9882/index.shtml
4.blog.com.cn/user54/conf/index.html
5.blog.com.cn/user54/conf/blog/26598151.html
6.spaces.msn.com/members/seegle26
7.spaces.msn.com/members/seegle26/PersonalSpace.aspx?_blogpart=blogmgmt&_c=blogpart
8.spaces.msn.com/members/today-video-conferencing/

I wish I could translate what is really going on here. I am on some kind of spam this IP list or something. I don't want to follow all these links without somehow masking my system and network details. But if someone here that is a knowledgeable enough to figure what is up with this junk and these demonic spammers, I would sincerely appreciate more info to uncover their activity.
 
#7
Are you connected to all the blogs out there with Next blog link and such? Then this is why you'll get hits from all and sundry.

This is one of the disadvantages of being in a blog circuit. You get much more exposure whcih may be good, but you also end up being linked to all blogs potentially. In your case at least it seems to be you are connected to blogs dealing with similar issues as yours - at least superficially.
 
#8
No such connection

I am not linked up to blog.com in any way. I do have an account at G's Blogger.com and 3 at M's spaces. These spams are not going to any forms at a blog. They go into sales contact forms to 2 of my dotcom domains.

Also, I am not reporting from hit stats. these are from mail sent through a contact form from either of the dotcoms I mentioned.

I do know they are coming through a chinese based IP address or block of IP addresses.
 
Last edited:
#10
Question about post #2 in thread

What is a duplicate content penalty? In the obvious sense I can imagine what it is, but specifically how is it judged and what is the consequence?
 
#11
Duplicate content is when there are two copies of the same page. Either on the same site or on different sites. Google will see these and, at best, only list one of them in their index. At worst, they will only list one and add a penalty to the other one.

I had an experience with this just recently. A client was complaining that his site wasn't showing up in the search engines and he asked me why. I gave the usual, "it takes months, etc..." and ran a search while I was there. I found his site, but it was on my development server. I had forgotten to delete the dev files. Since my site has a decent PR and is fairly popular google only listed the pages on my server. Needless to say, I was very embarassed. This won't be happening again.
 
#12
hosting issues, maybe...

Hi, Jonra01,

I'm placing web-based fractals presentations on my site, but it is a small site, and we have also placed them on the huge website of a friend, not only for the increased visibility but he gets a totally different crowd, a very high-end tech crowd. How will I find out if I am being penalized for this? From what I have seen, it doesn't appear to be so. Even if penalized for it, I would keep it/them on his site as well because that is where it has the best chance of being seen and making a difference. What I could do, though, is make the versions different in subtle ways.

Changing the subject, having read in this thread about bot hits due to being part of blogs, I've only posted to two blogs, and had to sign up somehow, made one post on each of them. Is there a way to get my name completely disassociated with blog databases, to sign myself out, so to speak?

Yours truly,

sierpinski
 
#13
The duplicate content penalty only comes into play if you have two identical, or nearly identical, pages. This would be text and and images with image names. The bot can't see the images, only the filenames, titles, and alt tags. If your friend is simply taking your page and displaying it on his/her site then you might be penalized. Otherwise, I wouldn't worry about it.

The comments in this thread about blogs and bots is about referer and comment spam posted to a blog by a bot. Having a post on a blog is no different than having a post on this forum. The only way I know to get off a blog is to request that the blog owner delete your membership and all comments you may have posted.
 
Status
Not open for further replies.
Top