DarkUFO
DarkUFO

Reputation: 692

Using .htaccess to block referrer spam

Our forum gets targeted a lot by automated bots that try to register automatically.

We can see an example here from the error log

[Sun Apr 03 14:04:46 2011] [error] [client 70.183.110.133] File does not exist: /home/spoilert/public_html/forum/++++++++++++++++++++++++++++++++++++Result:+captcha+decoded+(23+attempts);+registered+(registering+only+mode+is+ON);, referer: http://forum.spoilertv.co.uk/++++++++++++++++++++++++++++++++++++Result:+captcha+decoded+%2823+attempts%29;+registered+%28registering+only+mode+is+ON%29; [Sun Apr 03 13:45:54 2011] [error] [client 70.183.110.133] File does not exist: /home/spoilert/public_html/2008, referer:

I've updated my htaccess with this code

SetEnvIfNoCase Referer "^http://(W)decoded.*$" banned
Deny from env=banned

It "should" deny any referrer link with the word decoded in it but it seems that it's not working. I still seem to be getting a few of these robots getting through with the same URL so it seems that it's still happening.

Upvotes: 0

Views: 794

Answers (1)

BugFinder
BugFinder

Reputation: 17857

What happens if you change it to

SetEnvIfNoCase Referer ".*+decoded+.*" banned
Deny from env=banned

Upvotes: 1

Related Questions