How do I block a referring site?

Forum Moderators: phranque

Message Too Old, No Replies

How do I block a referring site?

Need some help on this one...

yosmc

12:49 am on Feb 9, 2003 (gmt 0)

Here's my problem: I have a website on an account that lets me view only very basic stats. What I can see is that some other site shows up >2,000 times as a referrer in the last 6 days.

From what I know about the other site, I assume that they are linking to some image on my site and stealing my bandwidth. Unfortunately, my stats won't let me see what it is.

Now I thought I could simply disallow the other site to refer to my images via the .htaccess file.

<Limit GET>
order allow,deny
deny from evilsite.com
allow from all
</Limit>

Unfortunately, this doesn't work. Do I need to look up the other site and deny from the IP instead? Or is disallowing a referrer completely different from disallowing a user IP, so that I have to use a different approach?

Many thanks in advance! :)

kevinpate

1:15 am on Feb 9, 2003 (gmt 0)

instead of:
Deny from evilsite.com

Try:
Deny from 000.000.000.000
Replacing the series of 0's with the IP number of
evilsite.com (available via a whois search)

fathom

1:16 am on Feb 9, 2003 (gmt 0)

You shouldn't make assumptions here, you need specifics. If you have access to your logfiles this will tell the tale, by "get/" image files only with no "get/" html.

If you don't have access to logfiles and have an idea of the possible images... change the file name and all your html referrals to the new name.

If you still get 2,000 referals/week from a particlar linked site (and none result in 404 errors, your assumption are probably wrong.

If you start get 2,000 404 errors with the same site your assumptions are more reasonable.

Then you can take action to limit this.

yosmc

1:41 am on Feb 9, 2003 (gmt 0)

The problem is that this configuration of webalizer seems to filter 404 errors so only those errors show up where an html-page is missing. No data for missing images.

Actually I believe that the 2,000 referrals are already to a missing image and that I could probably ignore them, but I want to make sure. So that's why I want to go for the deny approach, it's simply the quickest.

Kevinpate, are you sure that using the IP instead will solve it (when using the domain name didn't work), or is it just maybe?

kevinpate

2:32 am on Feb 9, 2003 (gmt 0)

Using:

Deny from [IP #]

via .htaccess does work. I use it myself for certain IP's, primarily naughty bots.

I do both content and upkeep for a simple NFP site. We're the regional council for a USA national org. The site is not ecommerce. It's an info site that is 98%+ of benefit only to local council members.

Preserving existing bandwidth for local members is important. IP blocking is a well functioning part of this current preservation process.

Key_Master

2:55 am on Feb 9, 2003 (gmt 0)

Place this in your .htaccess file. It will prevent hot linking to gif, jpg, png, css, and js files.

SetEnvIf Referer ^$ local
SetEnvIfNoCase Referer ^(http://www\.�http://)yourdomain\.com local
<Files ~ "\.(gif�jpg�png�css�js)$">
order deny,allow
deny from all
allow from env=local
</Files>

Remember to replace the broken pipes (�) with solid vertical pipes.

yosmc

11:35 am on Feb 9, 2003 (gmt 0)

Ok thanks for the help guys - I'll try this. :-)