Introduction to the Problem and .htaccess Usage
Space.com - Levitra Without Prescrip's Page
I’ve had a few weird hits over time from “normal” websites containing “abnormal” content. Take today, for instance….
According to my Wassup log and the stats that appear on the main screen widget, I got reffered by:
Click this if you will. It’s an ad for male erectile dysfunction enhancer pills – levitra.
What perked my interest was the space.com domain. It’s space and astronomy stuff.
What is happening is that users (the spammer) register with space.com, and the user profile produced is actually the selling area for the knob pills.
Of extra interest is the full Wassup record of the event:
94.102.49.66 2009-07-17 14:34:50
/127/wordpress-internal-post-to-page-links-dont-work-properly/
Referrer: http://www.space.com/common/community/profile.php?u=1078916
Hostname: serv1.extremedhost.org
- 94.102.49.66 is in Amsterdam
- extremedhost.org is protected by “Protected Domain Services” of Colorado, USA.
Solution
wall of spam
Well I’m a bit fed up of these pains, so I thought .htaccess might be the way. I’ve blocked IP addresses individually before and used the file for a host (pun intended) of things. Now I’ve found a wildcard way of blocking such cracked profiles on public websites.
In a nutshell, I’ve blocked referrers coming from any web-page with ‘profile’ in it’s URL! This seems a reasonable thing to do and won’t block too many valid visits. This is the code:
# Spam Protection http://blog.taragana.com/index.php/archive/simple-htaccess-rules-to-block-spammers/# and http://www.webmasterworld.com/apache/3048850.htm#'profile' is because some sites are pinging from hacked profile accounts!!SetEnvIfNoCase Referer profile spammer=yesdeny from env=spammer# block all referrers that have spammer set:USE THIS IF ABOVE NOT WORK#<FilesMatch "(.*)">#Order Allow,Deny#Allow from all#Deny from env=spammer#</FilesMatch>
The second remmed out (or commented) part (# is the line remark in .htaccess)is in case the first bit doesn’t ‘take’. From info on the web, some of this stuff doesn’t always work as intended and I assume the second bit is a belt-and-braces approach. Links to the sources I usually include in my .htaccess so that I know where I got it from! I’ve hyper-linked them here, but if you use it, ensure that the URL html tags don’t get copied into your .htaccess as well…
I could expand it to block sites with ‘viagra’ in their name, say, but this isn’t necessary – other things do that. To me, this seems a reasonable way to hook down onto a key method that this spammer is using. It just means that any system that uses a folder name of ‘profile’ won’t be able to click to me from that path.
Absolute Zoo
Hacked Account Zoo
To see the extent that space.com has been hacked into, just copy the spammer’s link and change the end of the query string to a different profile number…. Assuming profiles are added in numerical order (and why wouldn’t they be?), I had to go back to ~1076000 to find a “standard” user profile that wasn’t hacked for dodgy knob drugs!
That’s THOUSANDS!
Related posts:
- Pligg Comment Spam
- Introduction An unfortunate consequence of posting stuff online is that you enable your ‘work’, ‘your words of wisdom’, your ‘copyright’...
- How to Quickly Block an IP Address from your Website
- Use .htaccess!!! *Ebook Admin/Secure Apache I’ve mentioned it before – and the technique I used to use a lot with...
- Weird Email Address in WordPress Registration Spam
- My Crawling Chaos website refused access to a registration spammer recently. They had the email address of … auiq.a.j.i.a.p.y.c.e.2.0.3.6.6@gmail.com This...
- Akismet problem since WordPress 2.81 Upgrade
- Akismet Akismet is one key plugin that most people use to block spammers from a WordPress installation. However, it’s the...
- Spam Pings from American University
- It’s happened again! Actually, it’s happened several times but this is the first post on it… While looking at my...
