HOW TO: Combat referer spam/block certain referers

Symptom: A client wishes to deny access to their site (or parts of it) when the traffic is inbound via a particular referer or referers.

Solution: Insert referer denial code in a .htaccess under the main public_html or under any directory where the referers are unwanted.

Discussion: The code.

setenvifnocase Referer "^" spam_ref=1
&ltFilesMatch "(.*)">
Order Allow,Deny
Allow from all
Deny from env=spam_ref

The explanation of the code, working line by line:

setenvifnocase Referer "^http://www.spammers-domain.tld" spam_ref=1

This is the format of the line used to tag those known spammers and their referering domains. The purpose of this line is to set a flag for any referer equal to "www.spammers-domain.tld" (and anything after that in the referer URL). Our flag, as with all things computer related, is in the format 1/0: 1 is on (or yes, or in this case, a match), 0 is off. In our case, we're using "spam_ref=1" as our flag, but it could be anything: "spambag=1" will work as well. Just remember to change the deny statement in the code to match whatever you choose as the wording for your flag.

&ltFilesMatch "(.*)">

Match all files under the site.

Order Allow,Deny Allow from all

By default, we want to allow everyone, except....

Deny from env=spam_ref

...those referers matching the flag we set earlier.


And of course, we want to close out our directive.

Using this format, it's simple to stack multiple spammers in the code.

setenvifnocase Referer "^http://www.spammers-domain.tld" spam_ref=1
setenvifnocase Referer "^http://www.some-other-spammer.tld" spam_ref=1
setenvifnocase Referer "^http://www.yet-another-spammer.tld" spam_ref=1
&ltFilesMatch "(.*)">
Order Allow,Deny Allow from all
Deny from env=spam_ref

This same code can also be used to tag those referers who are sending any type of traffic to your site that you do not want, or to combat hotlinking sites (if you'd prefer not to use the hotlink protection option in the control panel). The .htaccess containing the code should be placed directly into the public_html of your site. If you have an addon domain, you should place a .htaccess in the folder containing the addon domain if you wish to deny certain referers to that addon domain. Since addons are treated as separate sites, they must have a separate .htaccess as well.

Creating a .htaccess

Open your favorite text editor. For Windows users, notepad is the choice to make, as wordpad and other rich-text capable editors often insert unnecessary charcaters into files. Insert the code above into your file, adding whatever referer spammers you have noticed on separate line. Save the file as plain text only.

Important note: unless you have turned on hidden file viewing in your FTP client, you will find that the .htaccess file disappears from your FTP listing after you've uploaded it. This is perfectly normal, as files beginning with dots are hidden. To solve this, turn on hidden file viewing in your FTP client. Often, this will be on an advanced setting tab for your connection. If the FTP calls for a remote file mask, enter "-a" (no quotes) into the relevant field.

The .htaccess can be updated as often as required to combat any referer spammers (or any other undesirable) who invade your space.

  • 2 Benutzer fanden dies hilfreich
War diese Antwort hilfreich?

Verwandte Artikel

PHP script error: FATAL ERROR: register_globals is disabled in php.ini, please enable it!

<b>Symptom: </b>The following error appears on a site running a php-based...

Expression Engine installation generates "variable references" error

Symptom: Expression Engine installations older than version 1.3.1 generate an "Only variable...

My phpBB forum installation is not accessible

Symptom: Client cannot access phpBB forum installation. Permissions on the forum installation...

Enabling register_globals

Symptom: A client's script requires that register_globals be enabled.Resolution: Globals are not...

Using mod_rewrite and .htaccess

Symptom: Client would like to redirect their main site to a subdomain under it. Using the...