Introduction to the Problem and .htaccess Usage
Space.com - Levitra Without Prescrip's Page
I’ve had a few weird hits over time from “normal” websites containing “abnormal” content. Take today, for instance….
According to my Wassup log and the stats that appear on the main screen widget, I got reffered by:
http://www.space.com/common/community/profile.php?u=1078916
Click this if you will. It’s an ad for male erectile dysfunction enhancer pills – levitra.
What perked my interest was the space.com domain. It’s space and astronomy stuff.
What is happening is that users (the spammer) register with space.com, and the user profile produced is actually the selling area for the knob pills.
Of extra interest is the full Wassup record of the event:
94.102.49.66 2009-07-17 14:34:50
- 94.102.49.66 is in Amsterdam
- extremedhost.org is protected by “Protected Domain Services” of Colorado, USA.
Solution
wall of spam
Well I’m a bit fed up of these pains, so I thought .htaccess might be the way. I’ve blocked IP addresses individually before and used the file for a host (pun intended) of things. Now I’ve found a wildcard way of blocking such cracked profiles on public websites.
In a nutshell, I’ve blocked referrers coming from any web-page with ‘profile’ in it’s URL! This seems a reasonable thing to do and won’t block too many valid visits. This is the code:
# Spam Protection http://blog.taragana.com/index.php/archive/simple-htaccess-rules-to-block-spammers/
# and http://www.webmasterworld.com/apache/3048850.htm
#'profile' is because some sites are pinging from hacked profile accounts!!
SetEnvIfNoCase Referer profile spammer=yes
deny from env=spammer
# block all referrers that have spammer set:USE THIS IF ABOVE NOT WORK
#<FilesMatch "(.*)">
#Order Allow,Deny
#Allow from all
#Deny from env=spammer
#</FilesMatch>
The second remmed out (or commented) part (# is the line remark in .htaccess)is in case the first bit doesn’t ‘take’. From info on the web, some of this stuff doesn’t always work as intended and I assume the second bit is a belt-and-braces approach. Links to the sources I usually include in my .htaccess so that I know where I got it from! I’ve hyper-linked them here, but if you use it, ensure that the URL html tags don’t get copied into your .htaccess as well…
I could expand it to block sites with ‘viagra’ in their name, say, but this isn’t necessary – other things do that. To me, this seems a reasonable way to hook down onto a key method that this spammer is using. It just means that any system that uses a folder name of ‘profile’ won’t be able to click to me from that path.
Absolute Zoo
Hacked Account Zoo
To see the extent that space.com has been hacked into, just copy the spammer’s link and change the end of the query string to a different profile number…. Assuming profiles are added in numerical order (and why wouldn’t they be?), I had to go back to ~1076000 to find a “standard” user profile that wasn’t hacked for dodgy knob drugs!
That’s THOUSANDS!
- Spread Strange Perfection everywhere...:
- Share
Related posts:
- WordPress User Registration Spam I’ve had quite a few search enquiries and hits for...
- Combatting WordPress Trackback Comment Spam Two WordPress trackback spams lead our hero to investigate their...
- Pligg Comment Spam Introduction An unfortunate consequence of posting stuff online is that...
- Reply To Greetings and Intro Hi Constance. You are lucky to get through – you...
- Google Treasure Chest – it’s a scam and a half! Introduction While fishing around for some chords I came across...
Related posts brought to you by Yet Another Related Posts Plugin.
Class Action Lawsuits In The News
Proactive Refferal Spam Blocking
Introduction to the Problem and .htaccess Usage
Space.com - Levitra Without Prescrip's Page
I’ve had a few weird hits over time from “normal” websites containing “abnormal” content. Take today, for instance….
According to my Wassup log and the stats that appear on the main screen widget, I got reffered by:
What perked my interest was the space.com domain. It’s space and astronomy stuff.
Of extra interest is the full Wassup record of the event:
Solution
wall of spam
Well I’m a bit fed up of these pains, so I thought .htaccess might be the way. I’ve blocked IP addresses individually before and used the file for a host (pun intended) of things. Now I’ve found a wildcard way of blocking such cracked profiles on public websites.
In a nutshell, I’ve blocked referrers coming from any web-page with ‘profile’ in it’s URL! This seems a reasonable thing to do and won’t block too many valid visits. This is the code:
The second remmed out (or commented) part (# is the line remark in .htaccess)is in case the first bit doesn’t ‘take’. From info on the web, some of this stuff doesn’t always work as intended and I assume the second bit is a belt-and-braces approach. Links to the sources I usually include in my .htaccess so that I know where I got it from! I’ve hyper-linked them here, but if you use it, ensure that the URL html tags don’t get copied into your .htaccess as well…
I could expand it to block sites with ‘viagra’ in their name, say, but this isn’t necessary – other things do that. To me, this seems a reasonable way to hook down onto a key method that this spammer is using. It just means that any system that uses a folder name of ‘profile’ won’t be able to click to me from that path.
Absolute Zoo
Hacked Account Zoo
To see the extent that space.com has been hacked into, just copy the spammer’s link and change the end of the query string to a different profile number…. Assuming profiles are added in numerical order (and why wouldn’t they be?), I had to go back to ~1076000 to find a “standard” user profile that wasn’t hacked for dodgy knob drugs!
Related posts:
Related posts brought to you by Yet Another Related Posts Plugin.