1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 9:26 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

quick banning and rewrite tutorial needed please

how to stop weblog spamming

         

mikeyr

8:15 am on Dec 4, 2004 (gmt 0)

10+ Year Member



I manage a small car club website and the site has been hosted at an ISP for the last 8 years and I didn't care or have access to the logs. A few weeks ago my boss suggested I bring in a PC to work and use my works web connection and save the car club money. 2 days ago, I got it working and started hosting the site on Fedora 2, it seems to be working great. I mention this just so you know how new I am at this.

As I read the web access logs, I found a lot and I mean a lot of hits from 3 porn sites that referred my site, I now know from reading a lot of posts here that is weblog spamming.

I spent several hours last night creating a .htaccess to deny the few IPs that are constantly hitting me and they are now getting 403s. It took me many hours of reading mostly on this website (THANK YOU) that I had to change httpd.conf to allow .htaccess and how to get that done.

All I have is a "deny from IP" but I am still getting hit from the porn sites and the 403 is not doing anything. I have been reading a lot about mod_rewrite and a lot of people have problems with it but it seems to be what I need to learn how to do to stop them. What is the advantage of mod_rewrite over just putting in a deny in .htaccess? I am assuming that a 403 is ok for the porn sites as that still gets me in their logs, does a rewrite not give them any connection, is that why its better?

Basically my question is why hassle with mod_rewrite if it still gets the connection in the spammers logs? or will it stop them? right now they are getting 403s. which is better or why is one better than the other? I guess I really dont know what rewrite does or what its used for and I will read more here.

for now, here is my .htaccess
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "why do you want to know this info"
AuthType Basic

<Limit GET>
order allow,deny
deny from 64.125.108.114
deny from 64.57.64.96
allow from all
</Limit>

jdMorgan

4:19 pm on Dec 4, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



mikeyr,

Welcome to WebmasterWorld!

As you have surmised, feeding a 403 to a log spammer is not very useful, since they have already connected to your server, made a request, and created an entry in your logs.

There are really only three things you can do:

  • Make sure your server's logs are not accessible to the web; Many are, and this is what makes log spamming worthwhile. They are trying to create links to their sites to be found by search engine spiders.
  • Install a hardware firewall between your server and the internet, and configure it to block connections from the log spammers and other problem connections. This is a must-do anyway, since otherwise, your server will be open to all the exploits of broadband, and several more as well.
  • Alternatively, install a software firewall and protection utilities such as "ipsec" on your machine. For "casual" troublemakers who do not target you specifically, this can be as effective as a hardware firewall. However, if someone is out to get you specifically, a hardware firewall offers better protection.

    -----

    The basic form of your access control code appears in examples all over the Web. It will work, but it has a flaw; It only blocks "GET" requests. It doesn't block PUT, DELETE, CONNECT, COPY, MOVE, etc. You should either list all access methods you want to deny in the <Limit> container, remove it completely, or replace it with a <LimitExcept>, <Files>, or <FilesMatch> container. 

     
    <Limit GET POST PUT DELETE CONNECT OPTIONS PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
    Order allow,deny
    Deny from 64.125.108.114
    Deny from 64.57.64.96
    Allow from all
    </Limit>
    #
    # Base access control on IP address only
    Order allow,deny
    Deny from 64.125.108.114
    Deny from 64.57.64.96
    Allow from all
    #
    # Limit access control except for TRACE
    <LimitExcept TRACE>
    Order allow,deny
    Deny from 64.125.108.114
    Deny from 64.57.64.96
    Allow from all
    </LimitExcept>
    #
    # Access control based on filename
    <FilesMatch ".*">
    Order allow,deny
    Allow from all
    Deny from 64.125.108.114
    Deny from 64.57.64.96
    </FilesMatch>
    <FilesMatch "\.htaccess$">
    Deny from all
    </FileMatch>
    <FilesMatch "\.htpasswd$">
    Deny from all
    </FilesMatch>
    #

    -----

    mod_rewrite is quite a bit more flexible and powerful than mod_access, the module that implements the Order, Allow, and Deny directives. However, mod_rewrite isn't "magic" and cannot prevent connections to your machine; By definition, nothing in Apache is activated until after a connection is made to your machine.

    Using mod_access and/or mod_rewrite are simply not very effective against log spammers for this reason. All it accomplishes is to to send them a signal that you are aware of their activities. The great majority don't care though, because they take advantage of the majority of servers that are unprotected. It's a numbers game.

    However, mod_access and mod_rewrite can be very effective in stopping image hotlinking, site scrapers (download with intent to duplicate), e-mail address and data harvesting, and quite a few more exploits.

    Jim

    • mikeyr

    6:53 am on Dec 5, 2004 (gmt 0)

    10+ Year Member



    Jim,

    Thanks for the information and the much more powerful .htaccess. I did setup iptables as my firewall and only allowed SSH and HTTP access, I had even removed HTTPS access, those 2 ports are the only open ones on this system. I don't know how to check if my logs are available but I doubt it. I do have a spare hardware router (linksys) that I could put on but with iptables I didnt think I needed to. But if it keeps them out of my logs, I may do it.

    I can see hosting my own website is going to be fun and work

    Mike

     

    Join The Conversation

    Moderators and Top Contributors

    Hot Threads This Week

    1. Home
    2. Forums Index
    3. Server Side / Apache Web Server 9:26 pm May 1, 2026