Comments on: Using .htaccess to minimise comment and referrer spam

By: Kim Steinhaug

Kim Steinhaug — Tue, 07 Apr 2009 12:39:45 +0000

Might be the thread from the grave, however a great thread and interesting use of .htaccess. I did some google and this is what i got, a great article. I especially liked the SetEnvIfNoCase method which seems very clean endeed!

By: Brian Layman

Brian Layman — Mon, 23 Mar 2009 13:29:23 +0000

wow… the thread from beyond the grave! 4 years later and I’m still getting comment notifications We’ll I’m just stopping by because this thread seems like an old friend. Cheers all!

By: Json

Json — Sun, 15 Mar 2009 06:22:23 +0000

I am new to .htaccess and have to ask…
Q1: Can I use this for any page that is posting data?
Q2: If Q1 is YES, my page is one folder deep, ie:comments/page.php
Do I do this:
RewriteCond %{REQUEST_URI} .comments/page.php\.php*
Or this:
RewriteCond %{REQUEST_URI} .comments\page.php\.php*
Or this:
RewriteCond %{REQUEST_URI} .http://www/example.com/comments/page.php\.php*
Or this:
RewriteCond %{REQUEST_URI} ./var/htdocs/web/comments/page.php\.php*

Any help would be great.
Cheers

By: Json

Json — Sat, 14 Mar 2009 10:08:35 +0000

How does it work when “page.php” is in one, two, three level deep folder?
Is it like this:
RewriteCond %{REQUEST_URI} .folder1/folder2/folder3/page\.php*
RewriteCond %{REQUEST_URI} .folder1/folder2/page\.php*
RewriteCond %{REQUEST_URI} .folder1/page\.php*

OR just like this:
RewriteCond %{REQUEST_URI} .page\.php*

Cheers

By: greeningreen.com

greeningreen.com — Mon, 12 May 2008 16:49:43 +0000

Our referer info is almost always showing up stripped in the logs now… any ideas? Otherwise, very useful here.

By: nyfiken blog » arkiv » Blogg-spam, .htaccess igen

nyfiken blog » arkiv » Blogg-spam, .htaccess igen — Mon, 07 Jan 2008 22:18:20 +0000

[...] Tom Rafterys lÃ¶sning pÃ¥ problemet med bloggspam hade hjÃ¤lpt mig mycket. Nu har jag implementerat hans lÃ¶sning igen, och Ã¤ven om jag inte sÃ¤kert kan sÃ¤ga hur mycket kommentars-spam som har fÃ¶rsvunnit, sÃ¥ [...]

By: Fight Blog Spam with Apache

Fight Blog Spam with Apache — Mon, 13 Aug 2007 22:09:33 +0000

[...] http://www.garnetchaney.com/htaccess_tips_and_tricks.shtml http://www.tomrafteryit.net/htaccess.txt http://www.tomrafteryit.net/using-htaccess-to-minimise-comment-and-referrer-spam/ [...]

By: Ð‘ÐµÐ»Ð°Ñ Ð¦ÐµÑ€ÐºÐ¾Ð²ÑŒ

Ð‘ÐµÐ»Ð°Ñ Ð¦ÐµÑ€ÐºÐ¾Ð²ÑŒ — Mon, 26 Mar 2007 20:19:47 +0000

Alfenet, i saw some example for joomla .htaccess here - http://forum.joomla.org/. try use a search

By: Alfenet

Alfenet — Fri, 01 Sep 2006 14:45:25 +0000

How can I create a .htaccess file for joomla cms?

By: Gedanken am Balkon über den Balkon » Blog Archive » Kommentare von Maschinen

Mon, 17 Jul 2006 20:33:20 +0000

[...] Zusätzliche Links: http://www.tomrafteryit.net/using-htaccess-to-minimise-comment-and-referrer-spam/ bloggen, sideblog, spam, wordpress tricks [...]

By: tobto

tobto — Fri, 30 Jun 2006 14:59:33 +0000

thanks Brian for comment!

ok. I have everyday spamming:
- ip is different everytime
- text the SAME, but antispam-bad-words-list doesn’t filter it.
things like: -0-XXX-0, -0 XXX 0 -, etc.

I can’t even imagine how to prevent spam, besides send *** kind words to spammers

I suppose to use referrer check for spam-machine - if it isn’t yoursite.com that is badguy-goodbye.com

By: Brian Layman

Brian Layman — Fri, 30 Jun 2006 12:59:12 +0000

There are two BIG limitations of your method.

The first big problem is with referrer checking in general. The problem is that many of today’s browsers and firewalls now strip the referrer information. It’s a privacy thing.

Therefore if you implement that check, you will block a lot of legitmate traffic that comes to you with a blank referrer. Likewise, if you allow blanks, you will let in all of the spam bots that don’t send a referrer.

Additionally, if you did something like:

<
order deny,allow
deny from all
allow from yoursite.com

How would the people get to your site initially? If they browsed straight to it, they would get permission denied error.

This might work in some limited office environment on a subdirectory that should only be accessed from the site and using the company approved browser. Then you could consider all traffic without a reffer ilegitimate. Basically, if you have control over some of the variables in the situation, YMMV.

By: tobto

tobto — Thu, 29 Jun 2006 22:56:52 +0000

If I would use htaccess with this:
—–
Allow from yoursite.com
—–
Will it work as antispam / badreferer filter?

By: Gloria Weblog » Blog Archive »

Gloria Weblog » Blog Archive » — Sat, 15 Apr 2006 01:32:24 +0000

[...] Based on various highly technical posts I found on various sites, I came up with a number of different ways that it could be done. But try as I might with my limited technical skills, I couldn’t keep the “listenernetwork” hits away. And so I brooded for the better part of two days about how I could save my bandwidth and keep the visits from artificially inflating my hit count. [...]

By: Tom Raftery

Tom Raftery — Sat, 28 Jan 2006 12:47:51 +0000

D’Oh!

Thanks for the heads up Brian - hope that hasn’t been missing too long.

I put it back in now (and I’m hardly a master - I just read up on that stuff when I was having spam problems - I’ve forgotten a lot of it now ),

Cheers,

Tom.

By: Brian Layman

Brian Layman — Sat, 28 Jan 2006 01:34:44 +0000

Oh- I meant to tell you this a month ago but you dropped the

RewriteEngine On

line from your .htaccess file.

As I understand it, that line is somewhat important for the rest of the file to work right on most apache servers…

http://www.apacheref.com/ref/mod_rewrite/RewriteEngine.html
“By default, rewrite configurations are not inherited. Thus you need a RewriteEngine directive to switch this configuration on for each virtual host in which you wish to use it. ”

But then again most all I know about .htaccess files, I learned from you so why should the student question the master!

By: Johan Adler

Johan Adler — Fri, 27 Jan 2006 21:25:58 +0000

Sorry Tom, last comment was mine. I am a bit tired. Maybe you could put my name on it and delete this one?

By: Anonymous

Anonymous — Fri, 27 Jan 2006 21:23:07 +0000

Clarification: I have thought of using ReferrerCops regular expressions blacklist, but putting their regexes in your .htaccess.

I have not switched to Akismet, have not bothered to get the needed API. Inspired by you, I got the key (and a wordpress.com blog that will be unused, waste of space) and activated Akismet. It might not have much work to do either.

By: Tom Raftery

Tom Raftery — Thu, 26 Jan 2006 13:47:56 +0000

Great Johan - glad it was of some use to you (and apologies for my lack of Swedish!).

By the way, I have started using Akismet recently and I find it is the best anti-spam tool i have come across yet!

By: Johan Adler

Johan Adler — Thu, 26 Jan 2006 13:42:43 +0000

What my blog says in Swedish is that using your .htaccess leaves SpamKarma out of work. I have hardly had any spam (usually caught by SK) since I modified my .htaccess with your code.

I also write about having considered to exchange your list of known spammers for the compact optimized regex version of ReferrerCops blacklist. It might give Apache and the server a harder time, with all those regular expressions, but there should be few spammers passing by that test.

I also mention Chongqed’s blacklist, no regex, quite long.

You are quite right in your comment on my site, I am positive.

Regards,
Johan Adler
Sweden

Comments on: Using .htaccess to minimise comment and referrer spam

By: Kim Steinhaug

By: Brian Layman

By: Json

By: Json

By: greeningreen.com

By: nyfiken blog » arkiv » Blogg-spam, .htaccess igen

By: Fight Blog Spam with Apache

By: Ð‘ÐµÐ»Ð°Ñ Ð¦ÐµÑ€ÐºÐ¾Ð²ÑŒ

By: Alfenet

By: Gedanken am Balkon über den Balkon » Blog Archive » Kommentare von Maschinen

By: tobto

By: Brian Layman

By: tobto

By: Gloria Weblog » Blog Archive »

By: Tom Raftery

By: Brian Layman

By: Johan Adler

By: Anonymous

By: Tom Raftery

By: Johan Adler

By: Ð‘ÐµÐ»Ð°Ñ Ð¦ÐµÑ€ÐºÐ¾Ð²ÑŒ