Blocking referer by suffix

Forum Moderators: phranque

Message Too Old, No Replies

Blocking referer by suffix

Diaos

8:52 pm on Mar 25, 2012 (gmt 0)

I was wondering if there's code to block a referer by their suffix in .htaccess. I'm getting a lot of spam from .ru .su .ua .tv .eu .info

I've already blocked individual IP addresses as well as ranges from countries, bots, and addresses with spammy sounding addresses (i.e. vegas #*$!).

Since my website has seeming no reason to be linked to these overseas web suffixes I'd like to blanket-block these foreign suffixes

wilderness

9:10 pm on Mar 25, 2012 (gmt 0)

see this thread [webmasterworld.com]

Diaos

9:31 pm on Mar 25, 2012 (gmt 0)

Thanks.

I added:

RewriteCond %{HTTP_REFERER} ^http://.*\.[0-9a-z]{2}/

to my list to block all .** suffixes

lucy24

11:33 pm on Mar 25, 2012 (gmt 0)

You don't like people coming in from .co (British equivalent of .com) domains? Got something against furriners in general?

Someone else will have something to say about the http://.* element.

wilderness

12:23 am on Mar 26, 2012 (gmt 0)

Diaos,
You should NOT need the 0-9 as no numerals (only letters) are used for country suffixes.

Diaos

8:34 pm on Apr 1, 2012 (gmt 0)

Got it. Didn't mean to block the British. I'm sorry.

I'm using this instead:

RewriteCond %{HTTP_REFERER} ^http://.*\.[ru]/ [NC,OR]
RewriteRule .* - [F,L]

Diaos

9:30 pm on Apr 1, 2012 (gmt 0)

Nothing against furriners. Just seems anything less than ".com" is referral spam and malicious bots.

I set it up more specific. I'm guessing my blanket blocking is what cut my sales last month.

I blocked ".gov" too just for laughs.

dougwilson

5:10 pm on Apr 3, 2012 (gmt 0)

"...seems anything less than ".com" is referral spam and malicious bots"
There is no evidence for this belief that I'm aware of.

If you like this will work:

<files "*.*">
Deny from .mil
Deny from .gov
Deny from .pol
</files>

wilderness

5:32 pm on Apr 3, 2012 (gmt 0)

If you like this will work:

Except those methods are more server CPU intensive.

g1smd

5:36 pm on Apr 3, 2012 (gmt 0)

\.[ru]/

blocks any referrer with either an r or a u directly after the period, that single letter then immediately followed by a trailing slash.

The .* sub-pattern must never be used at the beginning or in the middle of a pattern. There's many previous threads here explaining why.

dougwilson

6:12 pm on Apr 3, 2012 (gmt 0)

Thanks - Then use "ru|ro" for multiple tld's?

g1smd

10:15 pm on Apr 3, 2012 (gmt 0)

Why search to find the "r" a second time, when you already found it once?

Try

\.r[ou]/