Bye bye Referer Spammers!

Take a quick look at your logfiles any time and you’re likely to see referer spam in there somewhere. Not only do those requests pollute your log files and stats pages, but they also consume resources on your server when you serve them pages that aren’t even going to be viewed by anyone. Here’s one way of stopping the spammers eating into your server resources:

  • Look through your logfiles and examine the referers. Here’s a quick bit of code to do that. (Remove the backslashes (“\”) from before double quotes. WP is putting them in on me!) :
    awk '{print $11}' < /var/log/apache2/access_log| sort|uniq -c|sort -r|grep -v "mydomain.com"|less
  • Copy and paste any likely looking referer spam sites somewhere else for safe keeping. The ones that use most of your resources will be at the top of the list.
  • Add this code to some page that every page on your site loads, it should be included before main execution of the page occurs. Fill in the array of referer sites with the list your assembled from your log file. I’ve added a few from this morning’s log file.
    if( isset( $_SERVER["HTTP_REFERER"]  ) )
    {
        $referers_to_avoid = array(
                "ttp://texas-holdem.andrewsaluk.com",
                "ttp://www.highprofitclub.com/",
                "ttp://www.sex4singles.com/",
                "ttp://www.parishillton.com/",
                "ttp://www.moneylinebet.com/",
                "ttp://www.free-hentai-anime-sex.com",
                "ttp://www.bondage-bdsm.us",
                "ttp://www.handjob-movies.us",
                "ttp://www.zoothumbnails.com",
                "ttp://www.bestiality-animal-sex-stories.com",
                "ttp://www.gay-men-sex-movies.com",
                "ttp://russ-darrow-kia.gq.nu/",
                "ttp://nissan-xterra.sbn.bz/",
                "ttp://nissan-thermos.gq.nu/",
                "ttp://folding-chair.wol.bz/",
                "ttp://www.xcites-0-cost-interracial-cum-teen-sex-movie.com"
        );
        while( list( $key, $val ) = each( $referers_to_avoid ) )
        {
            if( strpos( $_SERVER["HTTP_REFERER"], $val ) )
            {
                die();
            }
    
        }
    }
  • Add an error_log() to the “if” condition to spot when a spammer visits.
  • Add this to index.php of a WordPress installation to protect your blog and make your legitimate requests go that much faster!

Comments

comments

14 Replies to “Bye bye Referer Spammers!”

  1. I have had similar code in my weblog for a while, with one exception. Just before the “die” I have this; header(“Location: ” . $HTTP_REFERER);

    This way, if I’m lucky, the machine used to referrer-spam you (usually a windows box with a virus) will attempt to fetch the page of the referrer, eating their resources instead of yours.

    since I’ve been using this, referrer spamming is way, way down on my weblog…

  2. To speed that up: Once they get past the filter, set a cookie. Then just check for the cookie on each page. Then you only hit the array once (it will get bigger over time). If the cookie was not set, then redirect to the cookie-setting page.

  3. I just tested that by redirecting to /xeer/go.php?url and by watching the access log I verified that the “location:” directive was followed! 🙂

  4. Pingback: thebeyond.net
  5. I saw one of my websites in a list of refer spams sites. I don’t even know what it is, much less how it is done. I read above that it most often comes from a Windows box with a virus… That sounds like my server. I did have some problems with viruses.

    But I also saw one of my websites that is on a paid hosting service as well. Can someone point me to a more detailed discussion on this subject?

    The reason I ask is that I saw one of the sites mentioned above listed in Google results for a keyword phrase that had ‘spammer” within it. Someone had sent Google a list of sites that they said were spammers and the list had been indexed by Google and there was my site.

    Is this reason for Google to drop my site or lower my rank? Any advice or feedback would be welcome. Send to “robert_mcc001 -=at=- hotmail . com”

    Thank you.

    Sincerely,

    Robert McCulloch

Leave a Reply