homepage Welcome to WebmasterWorld Guest from 54.234.128.25
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
creating htaccess for stopping adultsite attacks
dodoni




msg:1522154
 5:18 pm on Nov 13, 2005 (gmt 0)

Hello everyone, I ve read a lot of similar threads here in the forums, but since i m not familiar with all these things, I didnt undrstand much. Some days ago, I had no idea what htaccess is.

For the last weeks I had a huge traffic comming from a huge range of ips which are pornosites (i think).
I reached my bandwitch limit very fast, and all that my hosting provider said was that I have to upgrade to a dedicated server cause they couldnt do anything to stop these attacks. Since I m afraid that even if I upgrade, soon I ll face the same problem, I started searching internet about my site protection.

So, I found out some things and I finally uploaded an htaccess file, which fortunately reduced traffic to half, but unfortunatelly the problem is still there and probably I need more to do.

So I post here my htaccess file and I m asking you if you think that are mistakes there, things to change or add so as to make it more powerful. Also, except this file, is there anything, anything that I should do to solve the problem?

Please, answer in a way that a newbie and non english speaking person could undersntad.

Thank you in advance for any help... and here is my htaccess file:

edit: the forum system said that the post is too long so I ll post it in 2-3 posts.

 

dodoni




msg:1522155
 5:25 pm on Nov 13, 2005 (gmt 0)

RewriteEngine on #Only include this line once to enable the rewriting engine

#These lines block agents commonly used to harvest URLs and email addresses.
#One of the uses of such agents is to gather URLs for subseqent referral spamming
#by a large number of hosts. Thus, preventing their access may, by itself, decrease
#the amount of referral spam you receive.
RewriteCond %{HTTP_USER_AGENT} ^Microsoft\ URL\ Control.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/4\.0\ .*Win\ 9x\ 4\.90.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Indy\ Library.*$ [NC,OR]

#These lines block bots that use your bandwidth for their own commercial reasons.
RewriteCond %{HTTP_USER_AGENT} ^abot.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^aipbot.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Linkwalker$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*nameprotect.*$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*TurnitinBot.*$ [NC,OR]

#These rewrite conditions might be more conservative than some people want to be.
#They deny referrers with a domain name structure with hyphens, such as
#word-word-whatever.com or word-word.word.com. If you think you might get legitimate
#hits from domains with that name structure, just delete these conditions.
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?[a-z]+\-[a-z]+\-.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?[a-z]+\-[a-z]\.[a-z].*$ [NC,OR]

dodoni




msg:1522156
 5:26 pm on Nov 13, 2005 (gmt 0)

#These conditions are based on keywords and deny referrers containing the words
#anywhere in the URL.
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)2002sogwipo(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)3marketeer(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)4best(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)4free(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)4hs8(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)4u(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)6q(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)a2z(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)aa.com$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)ablejobs(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)accepted.cc$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)adipex(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)adspoll(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)adult(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)adwave(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)aeterna(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)affiliate_program(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)afterclub(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)agentpro(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)allkinds(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)alleghany(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)alprazolam(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)alumnicards(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)amateurvoetbal(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)ambien(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)anal(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)anti\-spyware(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)antiquejunkyard(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)aponte(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)applyonline(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)artisticlandscapes(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)asian\-flu(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)associates(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)atlanta(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)atlantis\-asia(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)atspace(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)autoclan(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)axion(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)azian(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)b51(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)baccarat(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)bank(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)betting(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)bigmouthful(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)bitlocker(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)biz(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)blackjack(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)black\-jack(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)bnetsol(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)brokers(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)buy\-(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)butalbital(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)c0ck(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)ca\-america(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)canadianlabels(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)candiria(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)carisoprodol(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)casino(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)cash(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)cheap(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)chile\-online(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)cigarettes(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)cialis(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)computerxchange(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)condo(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)conecrusher(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)conjuratia(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)consultanthub(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)cpa(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)craps(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)creampie(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)credit(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)crepesuzette(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)cumbunker(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)cumgirls(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)cumshot(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)cumswap(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)debt(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)devil(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)dianejones(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)diet(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)direcway(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)divorce\-lawyer(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)dongs(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)doobu(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)download\_mp3(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)drugs\-order(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)dvd(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)dyndns(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)e\-mp3(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)e\-pills(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)e\-site(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)easy(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)ebanon(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)edthompson(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)egghoo(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)ejaculation(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)emedia(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)enterprises(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)episodesusdbz(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)erocity(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)escort(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)everlastingproductions(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)evilplots(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)farm(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)fearcrow(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)feathersandfur(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)fidelity(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)financeit(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)findteam(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)fioricet(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)flu\-vaccine(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)formula42(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)foundation(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)mediasolutions(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)free\-download(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)free\-scan(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)freakycheats(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)freehost(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)friends4chat(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)#*$!fest(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)fusker(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)future\-2000(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)gambling(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)gb.com$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)generic\-online(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)globaleducation(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)greathosting(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)gvwebnet(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)hatena(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)hdic(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)herhymen(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)holdem(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)hold\-em(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)home(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)horny(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)hotchick(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)hotele(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)hotelse(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)house(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)hydrocodone(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)i\-web(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)id\=ballaire$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)incest(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)indexr(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)infolibria(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)ingyensms(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)insurance(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)isacommie(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)italiancharms(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)j\-broadcasting(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)jackpot(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)jerusalem(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)jobruler(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)jroundup(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)juris\-net(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)kasino(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)keno(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)koolpages(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)krantas(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)kranken(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)kredit(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)ladysroom(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)latinas(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)learnhowtoplay(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)learningphp(-¦.).*$ [NC,OR]

dodoni




msg:1522157
 5:27 pm on Nov 13, 2005 (gmt 0)

RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)lesbian(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)levitra(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)lewww(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)lighting(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)linx2go(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)lite(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)liveplanets(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)loan(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)locators(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)lowinterest(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)macromdeal(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)mall(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)mature(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)merchant(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)meridia(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)milf(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)mista(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)money(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)monstersofcock(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)mortgage(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)mp3\-downloads(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)multipointlocks(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)music\-downloads(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)musicbox(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)my\-health(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)mydivx(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)myhost(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)nasty(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)nemasoft(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)nude(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)onlineshops(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)online\-drug(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)online\-medication(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)online\-prescription(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)online\-slot(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)oraltv(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)oxycontin(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)pain\-killers(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)party\-poker(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)pawnauctions(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)petsellers(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)pharmacies(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)pharmacy(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)pharm\-on(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)phentermine(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)phuck(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)p0ker(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)poker(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)porn(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)prji(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)profit(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)progressive\-slot(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)propecia(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)protzonbeer(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)printmyip(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)private\-detectives(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)properties(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)prozac(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)ps2cool(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)psxtreme(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)pus*y(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)qpoi(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)quicktrivia(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)qvwebnet(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)rateandscore(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)realestate(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)realtor(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)realty(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)registrarprice(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)rhinosvideos(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)rifp(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)ro7kalbe(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)rohkalby(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)romanticmaui(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)ronnieazza(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)roulette(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)safeboys(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)salerampage(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)samiuls(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)schlampe(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)search\-god(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)searchsure(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)seducetips(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)seeya(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)sendit2u(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)seniordate(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)sesso(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)sex(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)shivapage(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)showcasegifts(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)sleaze(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)slots(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)slot\-machine(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)smogless(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)society\-health(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)soma(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)software.biz$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)spermswapping(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)spb.ru$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)streamway(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)svsting(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)swingers(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)tambernat(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)tax(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)taylorbow(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)tecrep(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)teen(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)terashells(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)texas(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)thai(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)theebest(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)threethreethree(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)ticketsbot(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)tirebowl(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)tits(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)tonercartridges(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)top\-wins(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)trackerom(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)tramadol(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)tranzestore(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)treocat(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)tugjobs(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)twink(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)ua\-princeton(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)ultram(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)underwearx(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)uninventory(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)upindex(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)usatransactions(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)useful\-pills(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)v1h(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vadoptions(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)valium(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vcats(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vcrap(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vegas\-hair(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)viagra(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vicodin(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vinhas(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)visor(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vmasterpiece(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vmillion(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vmouse(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vneighbor(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vpawn(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vplaymate(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vpshs(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vquality(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vrajitor(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vselling(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vsymphony(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vthought(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)vtoy(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)warez(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)watches(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)weight(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)weighweb(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)whackingpud(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)win\-2005(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)windowsoftware(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)womenoncam(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)wsop(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)ws\-op(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)#*$!(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)yacht(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)yelucie(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)yourmorningshot(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)yourpsychic(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)yunza(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)zakona(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)zebeneer(-¦.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)zoloft(-¦.).*$ [NC,OR]

dodoni




msg:1522158
 5:27 pm on Nov 13, 2005 (gmt 0)

#This series of conditions denies referrals from specific domain names.
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?300play.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?3333.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?42tower.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?4u.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?academyofmusic.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?accessthepeace.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?acrs.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?adminshop.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?advancedmoneyloans.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?affiliplanet.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?alphacarolinas.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?anightofcheese.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?apart\-?design.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?auktion.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?autogewinne24.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?autospiele24.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?babay.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?bigyonet.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?blondesoncams.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?blue.sexer.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?booksandpages.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?brandimensions.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?browserwindowcleaner.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?business2fun.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?chat\-nett.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?crescentarian.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?darkangelclan.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?deals.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?delorentos.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?digitaltwist.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*downloads.blogspot.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?euromillionen.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?eurotexans.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?eurowins.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?flowershopentertainment.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?freshness.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?fruitologist.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*gallery.blogspot.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?games.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?gargzdai.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?geldspiele24.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?gsm-support.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?gzltax.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?geldspiele24.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?goovle.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?handmade2000.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?happychappywacky.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?hawk.tcm-services.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?heil-fasten.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?healthstones.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?hermosa.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?immobiliengewinne24.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?investment4cashiers.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?jamesthesailorbasher.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?jmsimonr.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?jfcadvocacy.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?jennifer-hawkins-video-pics.blogspot.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?justanotherdomainname.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?kardtoons.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?keywordmaster.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?linkerdome.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?locators.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?longermalternatives.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?maloylawn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?masteroftheblasterhill.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?mature--young.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?metapannas.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?middlecay.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?midnightlaundries.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?mikeapartment.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?mouthfreshners.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?mondialcoral.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?mp-forum.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?music-art-friends.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?mykeyboardisbroken.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?naughtykittys.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?nehrucollege.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?newreleaseonline.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?nextfrontiersonline.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?nustramosse.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?oiline.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?old-young.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?one2onemag.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?ourownweddingsong.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?ourtownhelps.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?owned.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?paradiserecreations.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?parkviewsoccer.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?pay4link.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?persist-pharma.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?pharmacy-2003.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?popwow.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?psychexams.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?qw8.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?realestateonthehill.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?reisegewinne24.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?referrer-script.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?rimpim.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?rootfood.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?sedonaretreat.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?shemale.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?single66.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?slamhost.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?stmaryonline.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?sophiesplace.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?southernxstables.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?spielepsychatrie.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?sportsparent.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?superdolphins.*$ [NC,OR]

dodoni




msg:1522159
 5:27 pm on Nov 13, 2005 (gmt 0)

RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?superface.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?suttonjames.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?t35.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?targetindustries.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?thatwhichis.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?thorcarlson.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?topgewinn24.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?topspiele24.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?top-deals*.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?top-site.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?trafficmagnet.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?transexual.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?trueuninstall.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?uchase.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?uk\-contact.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?usa\-wins.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?valeofglamorganconservatives.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?vendini.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?vietnamdatingservices.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?vinegarlemonshots.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?wadoo.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?webmasterplan.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?whincer.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?whitpagestrippers.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?worldfilebooklets.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?wseeker.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?xmaster.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?xopy.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?#*$!.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?yahh+oo.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?yourdomain.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?zalaszentgrot.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?www14\.blogspot.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^(http://)?12\.163\.72\.13.*$
RewriteRule .* - [F,L]

dodoni




msg:1522160
 5:28 pm on Nov 13, 2005 (gmt 0)

#For serious offenders or spammers who send referral spam directed to several different
#domains, I block access by IP address. Listed here are the worst offenders. This method
#may be more conservative than some people want to be; if so, just leave this part out of
#your .htaccess file.
<Files 403.shtml>
order allow,deny
allow from all
</Files>
deny from 12.22.85.3
deny from 147.230.50.100
deny from 148.244.150.58
deny from 165.138.213.230
deny from 193.159.244.70
deny from 193.170.65.247
deny from 194.102.61.162
deny from 200.167.245.13
deny from 200.212.114.3
deny from 200.56.224.5
deny from 206.212.187.26
deny from 207.44.154.35
deny from 207.72.66.5
deny from 208.18.125.231
deny from 208.53.138.8
deny from 209.213.127.46
deny from 209.71.222.11
deny from 211.157.
deny from 212.179.154.242
deny from 212.199.163.143
deny from 212.199.169.153
deny from 212.235.18.85
deny from 212.235.66.240
deny from 212.91.171.252
deny from 213.130.118.121
deny from 213.56.68.29
deny from 213.56.73.3
deny from 213.91.217.116
deny from 216.128.69.140
deny from 216.139.176.60
deny from 216.204.237.10
deny from 217.120.32.183
deny from 217.121.100.124
deny from 217.132.202.119
deny from 218.20.116.80
deny from 218.5.27.115
deny from 218.85.82.95
deny from 218.85.83.168
deny from 220.160.2.167
deny from 220.160.4.75
deny from 220.181.26.108
deny from 24.69.156.45
deny from 61.144.185.75
deny from 61.172.65.176
deny from 61.30.47.21
deny from 61.30.47.22
deny from 62.168.39.178
deny from 62.193.231.242
deny from 62.194.10.194
deny from 62.219.59.122
deny from 63.145.202.2
deny from 63.148.99.234
deny from 63.252.226.68
deny from 64.141.68.16
deny from 65.75.139.90
deny from 65.75.146.170
deny from 65.75.166.110
deny from 65.75.175.30
deny from 65.77.131.66
deny from 65.94.44.50
deny from 66.135.34.87
deny from 66.150.40.221
deny from 66.199.247.74
deny from 66.246.252.87
deny from 66.246.252.88
deny from 66.254.99.174
deny from 66.33.197.209
deny from 66.93.178.158
deny from 66.98.152.93
deny from 67.15.130.23
deny from 68.208.4.19
deny from 69.0.197.227
deny from 69.156.204.43
deny from 69.163.158.82
deny from 69.50.170.122
deny from 69.50.170.162
deny from 72.36.199.154
deny from 80.132.64.103
deny from 80.58.11.107
deny from 80.58.22.107
deny from 80.58.4.107
deny from 80.95.
deny from 81.169.169.201
deny from 81.4.89.10
deny from 82.103.65.
deny from 82.81.204.164
deny from 82.81.228.82
deny from 84.189.
deny from 12.22.85.3
deny from 147.230.50.100
deny from 148.244.150.58
deny from 165.138.213.230
deny from 193.159.244.70
deny from 193.170.65.247
deny from 194.102.61.162
deny from 200.167.245.13
deny from 200.212.114.3
deny from 200.56.224.5
deny from 206.212.187.26
deny from 207.44.154.35
deny from 207.72.66.5
deny from 208.18.125.231
deny from 208.53.138.8
deny from 209.213.127.46
deny from 209.71.222.11
deny from 211.157.
deny from 212.179.154.242
deny from 212.199.163.143
deny from 212.199.169.153
deny from 212.235.18.85
deny from 212.235.66.240
deny from 212.91.171.252
deny from 213.130.118.121
deny from 213.56.68.29
deny from 213.56.73.3
deny from 213.91.217.116
deny from 216.128.69.140
deny from 216.139.176.60
deny from 216.204.237.10
deny from 217.120.32.183
deny from 217.121.100.124
deny from 217.132.202.119
deny from 218.20.116.80
deny from 218.5.27.115
deny from 218.85.82.95
deny from 218.85.83.168
deny from 220.160.2.167
deny from 220.160.4.75
deny from 220.181.26.108
deny from 24.69.156.45
deny from 61.144.185.75
deny from 61.172.65.176
deny from 61.30.47.21
deny from 61.30.47.22
deny from 62.168.39.178
deny from 62.193.231.242
deny from 62.194.10.194
deny from 62.219.59.122
deny from 63.145.202.2
deny from 63.148.99.234
deny from 63.252.226.68
deny from 64.141.68.16
deny from 65.75.139.90
deny from 65.75.146.170
deny from 65.75.166.110
deny from 65.75.175.30
deny from 65.77.131.66
deny from 65.94.44.50
deny from 66.135.34.87
deny from 66.150.40.221
deny from 66.199.247.74
deny from 66.246.252.87
deny from 66.246.252.88
deny from 66.254.99.174
deny from 66.33.197.209
deny from 66.93.178.158
deny from 66.98.152.93
deny from 67.15.130.23
deny from 68.208.4.19
deny from 69.0.197.227
deny from 69.156.204.43
deny from 69.163.158.82
deny from 69.50.170.122
deny from 69.50.170.162
deny from 72.36.199.154
deny from 80.132.64.103
deny from 80.58.11.107
deny from 80.58.22.107
deny from 80.58.4.107
deny from 80.95.
deny from 81.169.169.201
deny from 81.4.89.10
deny from 82.103.65.
deny from 82.81.204.164
deny from 82.81.228.82
deny from 84.189.

BlackRaven




msg:1522161
 5:29 pm on Nov 13, 2005 (gmt 0)

ummm..could you repost your .htaccess file? dont see it.

[edit]Nevermind just refeshed the page[/edit]

dodoni




msg:1522162
 9:55 pm on Nov 14, 2005 (gmt 0)

Sorry to bump it up, but could someone give some help?
Thank you.

jdMorgan




msg:1522163
 2:30 pm on Nov 15, 2005 (gmt 0)

dodoni,

Welcome to WebmasterWorld!

Few people here have the time to review large code dumps like this. If you would like to ask a few specific questions, then you'd be more likely to get an answer.

For now, all I can suggest is that the RewriteConds like

RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?.*(-¦.)texas(-¦.).*$ [NC,OR]

could be made more efficient by rewriting them as

RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*[-.]texas[-.] [NC,OR]

Jim

dodoni




msg:1522164
 12:20 pm on Nov 17, 2005 (gmt 0)

jdMorgan, thank you for the tip, I ll apply it as soon as possible.

Unfortunately, I have no spesific questions, cause i do not understand anything that is written in this file. I just found it on the net, saw that it contains words that have to do with the spesific attack I have in my site and apllied it immediately.

Oh, may be one question: what would be much effective to write in "Rewrite rule"?

jdMorgan




msg:1522165
 1:47 pm on Nov 17, 2005 (gmt 0)

I certainly can't recommend that you put this code on your server if you don't understand it. That is dangerous, since one little error might take your site down with a 500-Server Error, and then you might not even know where to start looking for the problem. This code is server configuration code, and your entire site depends on it being absolutely correct.

Perhaps some time spent studying the documents cited in our forum charter [webmasterworld.com] and the tutorials in the Apache forum section of the WebmasterWorld library [webmasterworld.com] would be helpful (and wise).

Jim

dodoni




msg:1522166
 2:46 pm on Nov 17, 2005 (gmt 0)

Jdmorgan, I had to find a fast solution cause I reached my bandwitch limit and till now, this .htaccess seems to help a little.

At the beginning, I faced some error but know it seems to work fine. Also, one reason that I asked for help in this forum, was that i m not familiar with all these things.

Thanks for your advice.

privacyman




msg:1522167
 2:17 am on Nov 22, 2005 (gmt 0)

Hi dodoni,

As Jim mentioned, that "is" quite a LONG list for the .htaccess file

For my own site (and a few other domains/sites/accounts that I manage for other people, I also use the .htaccess file to control bad bots. I use my own .htaccess file for each of the other accounts too, being that I also manage those accounts, including once or twice a month Visually Scanning the raw log files for bad stuff (unknown bots, possible harvesters, sites that I don't want linking to mine or the other sites) etc.

The .htaccess file that I currently use is about 900 lines and at about 45k size.

If you would like some help "cleaning up" your own htaccess file, I could possibly assist, in my spare time though in the next short while. One example that I did see was that a lot of the referrers were written in quite a lengthy form, one example of clean up (and less entries) might be instead of having a lines such as
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?transexual.*$ [NC,OR]
would be to have one alike
RewriteCond %{HTTP_REFERER} (sex¦drugs¦pills¦meds¦love) [NC,OR]
.... which, if finding any of those words within the referrer it would be a
match, thus sex or drugs or pills.... etc could be anywhere in the line
the vertical bar "¦" means or and the ^ means starting with and the $
is just a terminator for the end of a string.

If you would like some help in cleaning up your .htaccess file where I would
re-create one that would match most everything that you currently have in
yours but it would be more compact and possibly more efficient, then check your Sticky Mail (go to the top of this page, click upon Control Panel, then click upon Sticky Mail). I will send you my yahoo email address. You could then send me your .htaccess file renamed as htaccess.txt as an email attachment. I will trust that you do not sell email address or send spam to them (part of why I have a yahoo email account). Additionally I do not send spam, nor sell any email lists etc.

Where you do have use of your own .htaccess file, I presume that you do also have access to your own access log file. (Once or twice a month I check my own log file and that of two other accounts that I manage and have gotten to be pretty good at visually spotting "unusual" entries in the log files, just by using Wordpad, simple editor.)

Wish you luck, and check your Sticky Mail through the Control Panel of this forum if you'd like some more help and possibly what explanations that I might be able to give to you that might be helpful... I "try" to write explanations etc in "ordinary" words that most anyone might be able to understand.

Regards,
George

dodoni




msg:1522168
 10:16 pm on Nov 24, 2005 (gmt 0)

George, I really thank you a lot for all your advices and assistance.
I ve already sent you an e-mail with the htaccess file.

wsmeyer




msg:1522169
 9:58 pm on Nov 27, 2005 (gmt 0)

The solution will have a lot to do with what these "pornsites" are trying to do on your site - what do you mean by "traffic"?

Are they trying to spider your site?

Are they linking to your images?

Are they displaying your pages in frames on their site?

William.

Leosghost




msg:1522170
 10:24 pm on Nov 27, 2005 (gmt 0)

dodoni ..for the moment remove your site from the attackers ..

I mean wipe your public html folder of all but an index page with all links and nav dead ..

dont worry it's only temporary ..:)

( otherwise if I read you right your credit card is gonna die )

therefore other "rogue" requests will "404"

..but at least you can breath ..you could "zero" your robots text like Brett just did but it is not advised unless you have the kind of permanent incomings that this place does ..

then read what has been suggested above ..

and as it may be urgent ..
what is your first/ best language ..?

maybe some member can explain understand / advise /translate / better for you in whatever language that is..via sticky mail ..

if it is french ..sticky me
if other we can find someone who can interface ..( I hope ) with you to help you out ..

AlexK




msg:1522171
 8:39 am on Nov 29, 2005 (gmt 0)

Are you publishing your site stats on your website?

The reason that these people send such vast traffic to you is to get their website address published on your site. That then gets picked up by Google, etc and gives them Inbound-Links (IBLs), which improves their Google ratings. That can only happen if you have a page on your site which allows anyone to view your website stats.

If so, remove it. That will not be an overnight fix but, eventually, they will realise that hits on your site do them no good.

(Other areas are forum, blog and wiki spamming).

dodoni




msg:1522172
 9:48 pm on Nov 29, 2005 (gmt 0)

Thank you for your answers. Right now im in some process (and progress) thanks to privacyman.

Just to answer your questions:
wsmeyer, the attackers try to spider my site.

Leosghost, I m from Greece (and french language looks like... chinese to me)

AlexK, what you said is exactly what happened to my site. The problem is that I found out that, after the attackers "came". I ve disabled the spesific stats page, but they still come.

Leosghost




msg:1522173
 10:46 pm on Nov 29, 2005 (gmt 0)

There are some Greek members ..maybe sticky to thomas b would be usefull to identify them ( for the future ..altho privacy man appears to have you covered for now )..'cept I think he ( thomas ) may be travelling soon ( read another thread )..anyway your English is fine so I dont think that is a problem ..

Stat page spam will usually drop off ( they tend to come back frequently to see if the page is still accessable to others and to see if g is still indexing when the page is no longer available they give up and go elsewhere ..it's a sort of bootstrap spam hack for low performing sites to do this to you ..it cant last ..there are bots available who's mission is to do this search for stat pages to hit ..and tag team with another to see if the page is still up ..a bit like mass email spam ..can be bought by the million bot moves ) ..the bots in question tend to be set to cycle in periods of less than 7 days ..14 day no food cycle usually will make them go bother someone else ..your 404 pages will suffer for a while ..depends on the SE' ( not within your control that one ..bandwidth is minimal )..

Hoping you caught it fast enough to stay intact ..and BTW belatedly welcome to WebmasterWorld

topsites




msg:1522174
 8:34 am on Dec 4, 2005 (gmt 0)

I have a question, Jim ...

Does THIS:

RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*[-.]texas[-.] [NC,OR

Block ANY domain with 'texas' as part of the domain name, regardless of where 'texas' is located, so as:
[mynameis.texas.yes.com...]
[mynameis.com...]
[texas.com...]
http you get the idea...

ALL get blocked?
If so, then I just found the solution to my problem.

topsites




msg:1522175
 8:38 am on Dec 4, 2005 (gmt 0)

Nevermind, privacyman gave me the answer :)

RewriteCond %{HTTP_REFERER} (keyword1¦keyword2¦keyword3¦etcetc) [NC,OR]

YES!

topsites




msg:1522176
 9:11 am on Dec 4, 2005 (gmt 0)

Well I dunno, I tried that and it doesn't seem to be stopping them...
Thou I do admit it shortened the thing considerably.

###STOP URL SPAMMERS

# Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?frangipanicottage.com.*$ [OR]
RewriteCond %{HTTP_REFERER} (xcites-0-cost¦in-¦-pharmacy¦the-¦viagra) [NC,OR]
RewriteCond %{HTTP_REFERER} (phentermine¦hydrocodone¦vicodine¦zolev) [NC,OR]
RewriteCond %{HTTP_REFERER} (adipex¦consillieri¦credit¦tramadol) [NC,OR]
RewriteCond %{HTTP_REFERER} (lolita¦milf¦myspace¦money-plans) [NC,OR]
RewriteCond %{HTTP_REFERER} (propecia¦shemales¦pussy¦latinas) [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?donnasrentacar.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?ejproperties.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?easternvalleyfire.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?tranny-surprise.org.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?cdc-brewing.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?8th-street-latina.org.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?hq2o.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?impalalinear.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?mega-cock-cravers.ws.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?nanditaexports.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?live-together.ws.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spectralkyd.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?photoko.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?giantsquidcenter.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?gunkan.org.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?ari-panama.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?adult-web-hosting-x.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?akeforestfunds.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?artofarkansas.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?amateurs-index.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?allaviationgear.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?adultfotos.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?adultsexsurf.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?jaja-jak-globusy.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?onlineearningcenter.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?ahcigars.com.*$ [NC]
RewriteRule \.*$ [mydomain.com...] [R,L]

privacyman




msg:1522177
 12:14 pm on Dec 4, 2005 (gmt 0)

Hello members.....

This is George (privacyman). Just wanted to let you know that when I sent my original message to dodoni offering my help it was not to leave anyone out in the cold as for any cures of his problems that I recognized and thought that I knew how to solve. His problem(s) appeared to be caused by harvesters and by what I believe is called "log spamming" which I think has been discussed on this forum.

My immediate solutions for him was to add to his .htaccess file (with his approval) a list IP's to deny (small groups and some larger ones) that I suspected would have been a source of his problems from my own experience and from my own htaccess file.

Additionally I added my list of bad user agents, harvesters, snoops, etc.

Once he was able to send me a copy of his log file, near end of month was about 2 Meg GZ file and the actual log was 23 Meg, with my independent log analysis program I was able to confirm the bad sources. I had missed a few (from the originals that I added to his htaccess) so I then added the additional IP's in CIDR range spec.

Almost immediately he noticed a significant change.

Later in the middle of the new month when his log file should be much smaller, I will re-analyze is log, add any final IP's, UA's and referers. Then it should be a relatively easy task to keep on top of future month's work.

Considering that I felt that I had both some time and the knowledge to help, I also figured that I could give him some tips, a small amount of "training by email" and some links to additional "educational" info such as the apache.org site on "regex" and on modrewrite etc. And over the next while I can again give him some help from time to time if he needs until he learns all the ropes.

Again, hope that no one felt left out. Most of the help sources on issues like this are answered in various postings here at webmasterworld.com (I just didn't know which one to point him to, and it would have been many links probably too). I do have to say that this is a most wonderful and helpful forum, webmasterworld is where I gained most of my knowledge from about use of htaccess and how to control bad issues.

My apologies if anyone thought I was leaving others out by helping dodoni directly by email. That was not my intent. If my "two cents" can help the public then I post it for all to see.

Regards,
George

privacyman




msg:1522178
 12:41 pm on Dec 4, 2005 (gmt 0)

topsites---

Seeing your trouble too, mentioned just before my other post, where you seem to be hit by the log spammers (those referers may or may not be valid).

Your example of using (I won't put it all here)
(word1¦word2¦word3¦word4) as "anywhere in the referer line" you "do" also have to be careful of that structure that you don't include any that might inadvertently block any good/valid sites or visitors.

That example would match word1 OR word2 OR word3 OR word4 that would occur ANYWHERE in the referer, so "do" use that format with some care and discretion for the words you pick. You're probably already aware of that.

Might I suggest, if you have access to a "web stats" program (online) at your server for your site, or if you have a standalone log stats analysis program, you could look for the IP numbers that are hitting your site the hardest. If no log analysis program on or off line, the other recourse would be to download your log file from your server to your computer, Un-GZip it if necessary, then view the log file in a wordprocessor or search for some of the bad referers,
one might be (I'll make up here).... www.freefunandpills.biz then look for the next (probable) fake referer.

You should be able to match up bad IP's with fake referers.

Then use a search engine to find "whois cidr" and some similar words to find online utilities that can do an IP Whois and help give you CIDR ranges (whether the range is shown with the whois lookup or not. CIDR range spec can specify the "owned range" of individual IP numbers, and a CIDR tool can give you the "spec" for other ranges that include that IP, handy for when you want to block a company or provider's exact range for one IP, or to make the range larger or smaller.

Once you figure out which IP numbers that are giving you those fake referers or other problems, then try blocking by CIDR range. That would look like
deny from 123.4.56.0/20 or similar, alternatively you can block just by an
individual IP 111.22.33.444 or by a partial which might look like 111.22.33.

Whereas the fake referers are often non working sites, and the names seem to change to different variations, I have found it often to be more effective to block or deny with the IP range or CIDR spec'd IP.

Hope this if of help to you.

George

kpaul




msg:1522179
 1:00 pm on Dec 4, 2005 (gmt 0)

AlexK: that doesn't work for all of them. some of the buggers keep coming with referer spam anyway. i haven't had publicly accessible referer logs for a couple years now at least and i'm still inundated. (which is what i sorta posted on larryhatch's recent thread about rogue bots...)

kpaul




msg:1522180
 2:35 pm on Dec 4, 2005 (gmt 0)

privacyman - looking at some of the ones i'm getting, the most recent batch were from (mostly) university networks, which i don't wanna block. are college students banding together to run these things on college networks? also a lot of what i figure are zombie machines...

meh.

topsites




msg:1522181
 10:22 pm on Dec 4, 2005 (gmt 0)

privacyman:

Thank you for your assistance, I do have statistical logs which are easier to view than downloading server-gen logs, but I believe my problem has grown so far out of hand to where this type of solution will not work.

No offense to you, it is possible there exists an error in my .htaccess file but more and more they either slip through the cracks or otherwise gain access to the logs, every time I find myself downloading a month's worth of entries just to clean them out one by one, a mildly frustrating ordeal on a good day.

You are correct with key-word based denials one has to be careful about the legitimate referrers, I do have a few pharmaceutical sites (1 or 2) and also some adult sites who are not part of the problem and I do not want to deny them access for sure.

At this point I might mention the IP-based denial also needs to be done carefully due to the fluid nature of the Web, IP addresses and their owners do change over time so I have found it is a good idea to block/ban Ip's or their ranges for a period 6 months at a time or thereabouts, then unlocking the block for a short while to see if the problem has gone away: Sometimes it has, thou a ban lasting for a 1-year frame is not unusual or unheard of.

In the meantime, I find the least headache gained on my end is by disabling the 'referer' section of my public statistics and feel fortunate I can do so without further detriment to what I find interesting content.

Personally I wish spammers would realize what a waste of time this is (even from their end) and cease and desist in their actions, thou this is likely wishful thinking. :)

Peace out.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved