Comments on: Blocking trackback spam using .htaccess

By: John

John — Sat, 08 Sep 2007 06:49:03 +0000

Robin, htaccess will not enable you to block other sites from being indexed in the search engines. That’s not what htaccess is used for or capable of.

By: Smells Phishy « A Daily Rant

Smells Phishy « A Daily Rant — Sun, 27 Aug 2006 17:09:50 +0000

[...] Here are a couple articles to see about this: http://www.tomrafteryit.net/trackback-spam-explained/ And http://www.tomrafteryit.net/blocking-trackback-spam-using-htaccess/ [...]

By: A Daily Rant » Something Smells Phishy

A Daily Rant » Something Smells Phishy — Sun, 09 Jul 2006 13:01:36 +0000

[...] Here are a couple articles to see about this: http://www.tomrafteryit.net/trackback-spam-explained/ And http://www.tomrafteryit.net/blocking-trackback-spam-using-htaccess/ [...]

By: Robin Arora

Robin Arora — Thu, 27 Apr 2006 07:20:31 +0000

I have found that my website is on several message boards.

A few of them are csscreator.com, webdeveloper.com, htmlhelpcentral.com, and pmachine.com.

How can I use htaccess to block these four sites from being indexed through google, msn, yahoo, altavista, excite, msn, and other search engines?

By: I Made Yanuarta DPY » Blog Archive » Belajar .htaccess

I Made Yanuarta DPY » Blog Archive » Belajar .htaccess — Mon, 16 Jan 2006 08:56:26 +0000

[...] Tom Rafteryâ€™s I.T. Views: .htaccess Category Tomâ€™s site is also quite helpful with strategies, tips, and links to combat spammers and bat bots. [...]

By: Koshkitko

Koshkitko — Thu, 29 Dec 2005 02:14:23 +0000

Very good site! I like it! Thanks!

By: Sergej Brin

Sergej Brin — Sun, 18 Dec 2005 14:15:48 +0000

Very good site! I like it! I just wanted to pass on a note to let you know what a great job you have done with this site..Thanks!

By: CottonIJoe

CottonIJoe — Thu, 08 Dec 2005 18:24:50 +0000

Thanks for this article! There is another (related) way of blocking Referrers containing single words which are "Bad":

SetEnvIfNoCase Referer ".*(this|is|where|all|the|dirrty|words|go).*" BadReferrer

Deny from BadReferrer

I found this in the htaccess file of WikkaWiki...

By: Tom Raftery

Tom Raftery — Thu, 09 Jun 2005 13:52:25 +0000

To be honest Lucia, without seeing the .htaccess file it is impossible to say.

If you want to try emailing me a copy of it I can take a look and see if I can see anything…

By: lucia

lucia — Thu, 09 Jun 2005 12:53:52 +0000

I placed the code suggested by Spamhuntress in my .htaccess file in my top level directory, trackback spam gets through. I placed it in my /blog/ directory, it gets through.
Elsehere, I read a suggestion that I put a star here:, I tried that. It gets through!

I looked at my raw logs, and they spammer are posting, and they the log does included “mozilla” in the user agent.

What am I doing wrong? (I noticed spamhuntress mentions “crustfree URLs”. What’s a “crust free URL”? And could it be my URLS have crusts and so I need to do something different?

By: Spamhuntress

Spamhuntress — Sun, 10 Apr 2005 10:43:30 +0000

Try this one:
http://spamhuntress.com/2005/04/08/wp-trackback-block/

By: Tom

Tom — Fri, 08 Apr 2005 00:05:53 +0000

Ann, I’m not sure that script will work in WordPress 1.5. I have just gone through my raw log files in detail and any posts to the xmlrpc.php file are from “The Incutio XML-RPC PHP Library — WordPress/1.5″

Tom

By: Diane Vigil

Diane Vigil — Thu, 07 Apr 2005 21:42:22 +0000

Ah, the Spamhuntress herself. Thanks for the link.

What I want is probably tricky: to let through legitimate trackbacks, but not the others. I’m probably dreaming.

By: Spamhuntress

Spamhuntress — Thu, 07 Apr 2005 21:36:54 +0000

You’ll find a block here:
http://spamhuntress.com/2005/04/07/limiting-access-to-single-files/

By: Diane Vigil

Diane Vigil — Thu, 07 Apr 2005 17:46:37 +0000

Tom, how would one use it on the trackback script only? (And yes, I’m pretty sure he meant httpd.conf.)

By: Spamhuntress

Spamhuntress — Thu, 07 Apr 2005 17:31:24 +0000

I would suggest using this only on POST requests, because there ARE quite a few people with this configuration. Another possibility is to only protect one file: the trackback script. That’s possible if you use it in .htaccess. Not sure if that would work in http.conf.

But generally, what works in .htaccess can be used in http.conf. Or is it httpd.conf?

By: skippy

skippy — Thu, 07 Apr 2005 17:01:37 +0000

Can these rules be applied in a server’s http.conf to protect all blogs on all virtual hosts?