HOW TO: Combat referer spam/block certain referers

Symptom: A client wishes to deny access to their site (or parts of it) when the traffic is inbound via a particular referer or referers.

Solution: Insert referer denial code in a .htaccess under the main public_html or under any directory where the referers are unwanted.

Discussion: The code.

setenvifnocase Referer "^" spam_ref=1
&ltFilesMatch "(.*)">
Order Allow,Deny
Allow from all
Deny from env=spam_ref

The explanation of the code, working line by line:

setenvifnocase Referer "^http://www.spammers-domain.tld" spam_ref=1

This is the format of the line used to tag those known spammers and their referering domains. The purpose of this line is to set a flag for any referer equal to "www.spammers-domain.tld" (and anything after that in the referer URL). Our flag, as with all things computer related, is in the format 1/0: 1 is on (or yes, or in this case, a match), 0 is off. In our case, we're using "spam_ref=1" as our flag, but it could be anything: "spambag=1" will work as well. Just remember to change the deny statement in the code to match whatever you choose as the wording for your flag.

&ltFilesMatch "(.*)">

Match all files under the site.

Order Allow,Deny Allow from all

By default, we want to allow everyone, except....

Deny from env=spam_ref

...those referers matching the flag we set earlier.


And of course, we want to close out our directive.

Using this format, it's simple to stack multiple spammers in the code.

setenvifnocase Referer "^http://www.spammers-domain.tld" spam_ref=1
setenvifnocase Referer "^http://www.some-other-spammer.tld" spam_ref=1
setenvifnocase Referer "^http://www.yet-another-spammer.tld" spam_ref=1
&ltFilesMatch "(.*)">
Order Allow,Deny Allow from all
Deny from env=spam_ref

This same code can also be used to tag those referers who are sending any type of traffic to your site that you do not want, or to combat hotlinking sites (if you'd prefer not to use the hotlink protection option in the control panel). The .htaccess containing the code should be placed directly into the public_html of your site. If you have an addon domain, you should place a .htaccess in the folder containing the addon domain if you wish to deny certain referers to that addon domain. Since addons are treated as separate sites, they must have a separate .htaccess as well.

Creating a .htaccess

Open your favorite text editor. For Windows users, notepad is the choice to make, as wordpad and other rich-text capable editors often insert unnecessary charcaters into files. Insert the code above into your file, adding whatever referer spammers you have noticed on separate line. Save the file as plain text only.

Important note: unless you have turned on hidden file viewing in your FTP client, you will find that the .htaccess file disappears from your FTP listing after you've uploaded it. This is perfectly normal, as files beginning with dots are hidden. To solve this, turn on hidden file viewing in your FTP client. Often, this will be on an advanced setting tab for your connection. If the FTP calls for a remote file mask, enter "-a" (no quotes) into the relevant field.

The .htaccess can be updated as often as required to combat any referer spammers (or any other undesirable) who invade your space.

  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Can you map my domain/a subdomain to a typepad blog/photo album?

Domains or subdomains can be mapped to blogs or photo albums (or other materials) hosted at...

HOW TO: Block entire countries from your site

Symptom: A client wishes to block all visitors from a particular country to their site. Can this...

My phpBB forum installation is not accessible

Symptom: Client cannot access phpBB forum installation. Permissions on the forum installation...

Using mod_rewrite and .htaccess

Symptom: Client would like to redirect their main site to a subdomain under it. Using the...

What nameservers should be used for my account?

For servers in the Greek series, the following nameservers should be -...