ok. I have everyday spamming:
- ip is different everytime
- text the SAME, but antispam-bad-words-list doesn’t filter it.
things like: -0-XXX-0, -0 XXX 0 -, etc.

I can’t even imagine how to prevent spam, besides send *** kind words to spammers

I suppose to use referrer check for spam-machine - if it isn’t yoursite.com that is badguy-goodbye.com

The first big problem is with referrer checking in general. The problem is that many of today’s browsers and firewalls now strip the referrer information. It’s a privacy thing.

Therefore if you implement that check, you will block a lot of legitmate traffic that comes to you with a blank referrer. Likewise, if you allow blanks, you will let in all of the spam bots that don’t send a referrer.

Additionally, if you did something like:

<
order deny,allow
deny from all
allow from yoursite.com
</Limit>

How would the people get to your site initially? If they browsed straight to it, they would get permission denied error.

This might work in some limited office environment on a subdirectory that should only be accessed from the site and using the company approved browser. Then you could consider all traffic without a reffer ilegitimate. Basically, if you have control over some of the variables in the situation, YMMV.

Thanks for the heads up Brian - hope that hasn’t been missing too long.

I put it back in now (and I’m hardly a master - I just read up on that stuff when I was having spam problems - I’ve forgotten a lot of it now ),

Cheers,

Tom.

RewriteEngine On

line from your .htaccess file.

As I understand it, that line is somewhat important for the rest of the file to work right on most apache servers…

http://www.apacheref.com/ref/mod_rewrite/RewriteEngine.html
“By default, rewrite configurations are not inherited. Thus you need a RewriteEngine directive to switch this configuration on for each virtual host in which you wish to use it. ”

But then again most all I know about .htaccess files, I learned from you so why should the student question the master!

I have not switched to Akismet, have not bothered to get the needed API. Inspired by you, I got the key (and a wordpress.com blog that will be unused, waste of space) and activated Akismet. It might not have much work to do either.

By the way, I have started using Akismet recently and I find it is the best anti-spam tool i have come across yet!

I also write about having considered to exchange your list of known spammers for the compact optimized regex version of ReferrerCops blacklist. It might give Apache and the server a harder time, with all those regular expressions, but there should be few spammers passing by that test.

I also mention Chongqed’s blacklist, no regex, quite long.

You are quite right in your comment on my site, I am positive.

Regards,
Johan Adler
Sweden

But to partially answer your questions - the limit POST section ensures that only POST access is denied so GET can’t be affected.

Also, isn’t there harm in blocking all mozilla and opera browsers from posting track backs?

(Hopefully this next bit will look right in the comment… sorry if it doesn’t )

Here’s the section I am talking about:
# From Spamhuntress - code to deny the below user agents POST access to trackback

# From Spamhuntress - code to deny the below user agents POST access to trackback
<Files trackback>
<limit POST>  

SetEnvIf User-Agent ”Mozilla” trackers
SetEnvIf User-Agent ”Opera” trackers
SetEnvIf User-Agent ^$ trackers

Order Allow,Deny
Allow from all
Deny from env=trackers

</limit>

Great, let me know how you get on.

Cheers,

Tom