Amanda,

I'm sorry to say you can't really stop it - you could hide it from your stats by 1) telling your server to ignore certain types of request (how easy that might be depends upon your server - lots of people in this group have rather sophisticated re-write rules for Apache), or 2) you can configure yours stats program to discount those bogus requests (again, depends upon your stats program).

Neither of these methods will be able to 'stop' the spammers, your server is open to all browsers, most of which are desirable. Even if you were use the rewrite to not serve those requests to your server, the requests can still get logged and if your logs are public, the spammers will have succeeded. Not logging the spammers requires even more sophisticated server configuration 'tricks'.

Personally, I've selected the second option, mucking about with the server can be dangerous if you miss a character, while ignoring them after the fact is no big deal.

Good Luck,

Larry

Well I think I might have found a partial solution. I'm sure it won't block everything, but it's already doing a really good job. I did a google search and found a script that blocks a lot of the referring sites. I guess we'll see how it goes.

[edited by: Receptional at 9:19 am (utc) on Dec. 5, 2005]
[edit reason] Avoiding specifics [/edit]

No but the hydrocodone mules have been hammering mine as well, along with phentermine and viagra and a few others, I am sure it is all the same person with multiple domains. Oh GAWD how I hate this crap, some online-canadian-pharmacy is another real fave of mine and there's some porn dude with about 50 domains likes to do it to me as well.

Dumb thing is, it's all labeled NOINDEX / NOFOLLOW so no PR or anything else is gained. But these guys don't care, they even spam sites with NO statistics.

In my case it's so many of them (hundreds) I simply can't keep enlarging my .htaccess file, every time someone visits my site, the server HAS to access the .htaccess file and the larger this file becomes, the slower the server's response eventually gets. Not to be a retentive guy, but I like my .htaccess file to be under 10 kilobytes in size, that is really as big as I want it to get.

So, I disabled the Origin (referer) section of my public statistics thou I use Awstats, it is quite possible Webalizer has a similar config key?

For further information on this subject (it's called referrer spam), see this thread:
[webmasterworld.com...]
(which is under Apache Web Server:
[webmasterworld.com...] )

Last but not least, let it be known to these spammers that I DO enter their domains into worldwide blacklist databases so persisting in the spam department simply gets them banned.

Here is a little something to add to your .htaccess file, it can help alleviate things some:
(please note if you read through it there are some adult terms)

###STOP REF_SPAMMERS

# Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} (phentermine¦hydrocodone¦vicodin¦zolev) [NC,OR]
RewriteCond %{HTTP_REFERER} (adipex¦phentemine¦credit¦gangbang¦-soma) [NC,OR]
RewriteCond %{HTTP_REFERER} (lolita¦milf¦myspace¦money-plans¦soma-) [NC,OR]
RewriteCond %{HTTP_REFERER} (propecia¦shemales¦pussy¦latina¦cialis) [NC,OR]
RewriteCond %{HTTP_REFERER} (levitra¦hgh-¦xenical¦ultram-¦-ultram) [NC,OR]
RewriteCond %{HTTP_REFERER} (insomnia¦gabapent¦celebrex¦fioricet) [NC,OR]
RewriteCond %{HTTP_REFERER} (ambien¦valium¦zoloft¦finasteride¦lamisil) [NC,OR]
RewriteCond %{HTTP_REFERER} (meridia¦carisoprodol¦diflucan¦zovirax¦valtrex) [NC,OR]
RewriteCond %{HTTP_REFERER} (lipitor¦proscar¦acyclovir¦sildenafil¦-hgh) [NC,OR]
RewriteCond %{HTTP_REFERER} (tramadol¦allegra¦diflucan¦amateur¦singles-?christian) [NC,OR]
RewriteCond %{HTTP_REFERER} (dating-?christian¦cock-¦-cock¦viagra¦diazepam¦pharmac) [NC,OR]
RewriteCond %{HTTP_REFERER} (melatonin¦xanax¦lortab¦adipex¦propecia¦online) [NC,OR]
RewriteRule .* - [F]

There is also some thing you can do where a R:301 or similar command in the RewriteRule bounces the hit back to the spammers site which, IF enough webmasters implemented the tactic would likely shut down their sites as they self-DOS themselves... Ahhhh, a pipe dream.
There was another program called the Spam Hammer which is a perl loop that sends hit after hit to the site of your choice, upload THAT but you need your own server to put out the VOLUME needed still even that doesn't stop them... Fighting fire with fire just isn't as good as it sounds sometimes.

So it got to the point this frustrated me to such degree I had to leave it alone and ignore them was the best solution in the end...

a R:301 or similar command in the RewriteRule bounces the hit back to the spammers site which, IF enough webmasters implemented the tactic would likely shut down their sites as they self-DOS themselves... Ahhhh, a pipe dream.

Maybe, but the site is usually a geocities site, which probably just tries to run a malicious script.

Furthermore, the spamming script won't follow the redirect anyway. I even doubt that the script looks at the response at all. It's basically pinging thousands of websites with HTTP requests that have the referer header set to a certain URL.

mod_rewrite-based blocking is only a waste of time because it requires constant maintenance and never catches all cases.

The only reliable technique would be to spider every potential referer URL and check the page for a link to your own site. If there's no link, it can't be a legit referer.

You know a neat trick I've had success with. :)

I configured my security software on one site to detect the referal spam, grab the spam page using a friendly spider using the same refering url and user agent, and feed the spam page to the spam bot.

The referal spam stopped- stone cold.

[deleted]