Referrer Spamming - Can't block IP
Code:
66.250.69.100 - - [23/Jul/2005:15:12:00 -0400] "GET /blog/index.php HTTP/1.0" 403 - "http://fioricet.asso.ws" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7" 66.250.69.101 - - [23/Jul/2005:15:12:01 -0400] "GET /blog/index.php HTTP/1.0" 403 - "http://hydrocodone.euro.tm" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7" 66.250.69.100 - - [23/Jul/2005:15:12:02 -0400] "GET /blog/index.php HTTP/1.0" 403 - "http://bdsm.euro.tm" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7" 66.250.69.100 - - [23/Jul/2005:15:12:03 -0400] "GET /blog/index.php HTTP/1.0" 403 - "http://hydrocodone.euro.tm" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7" 66.250.69.100 - - [23/Jul/2005:15:12:04 -0400] "GET /blog/index.php HTTP/1.0" 403 - "http://fioricet.asso.ws" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7" 66.250.69.100 - - [23/Jul/2005:15:12:04 -0400] "GET /blog/index.php HTTP/1.0" 403 - "http://buy-viagra.societe.st" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7" 66.250.69.100 - - [23/Jul/2005:15:12:05 -0400] "GET /blog/index.php HTTP/1.0" 403 - "http://discount-viagra.societe.st" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7" 66.250.69.101 - - [23/Jul/2005:15:12:07 -0400] "GET /blog/index.php HTTP/1.0" 403 - "http://xanax.corp.st" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 Firebird/0.7"
# iptables -L -n | grep 66.250.69
DROP all -- 66.250.69.0/24 0.0.0.0/0
DROP all -- 66.250.69.0/24 0.0.0.0/0
DROP all -- 66.250.69.0/24 0.0.0.0/0
DROP all -- 66.250.69.0/24 0.0.0.0/0
DROP all -- 66.250.69.0/24 0.0.0.0/0
DROP all -- 0.0.0.0/0 66.250.69.0/24
DROP all -- 0.0.0.0/0 66.250.69.0/24
DROP all -- 0.0.0.0/0 66.250.69.0/24
DROP all -- 0.0.0.0/0 66.250.69.0/24
DROP all -- 0.0.0.0/0 66.250.69.0/24
and in the .htaccess for that site:
<Files 403.shtml>
order allow,deny
allow from all
</Files>
deny from 66.250.69.100
deny from 66.250.69.101
Those still show up in the logs though. I can't figure it out. I also tried working with mod_rewrite, but it seems to not work (sends everything to the rewriterule page):
RewriteEngine on
# Block referrer spam
RewriteCond %{HTTP_REFERER} (get2\.us) [NC,OR]
RewriteCond %{HTTP_REFERER} (ontheweb\.nl) [NC,OR]
RewriteCond %{HTTP_REFERER} (zu5\.net) [NC,OR]
RewriteCond %{HTTP_REFERER} (bestall) [NC,OR]
RewriteCond %{HTTP_REFERER} (analloverz) [NC,OR]
RewriteCond %{HTTP_REFERER} (subito) [NC,OR]
RewriteCond %{HTTP_REFERER} (onlinepharmacy) [NC,OR]
RewriteCond %{HTTP_REFERER} (totaldebtservice) [NC,OR]
RewriteCond %{HTTP_REFERER} (viagra) [NC,OR]
RewriteCond %{HTTP_REFERER} (free1) [NC,OR]
RewriteCond %{HTTP_REFERER} (discount) [NC,OR]
RewriteCond %{HTTP_REFERER} (vialis) [NC,OR]
RewriteCond %{HTTP_REFERER} (levitra) [NC,OR]
RewriteCond %{HTTP_REFERER} (societe) [NC,OR]
RewriteCond %{HTTP_REFERER} (shemale) [NC,OR]
RewriteCond %{HTTP_REFERER} (orgasm) [NC,OR]
RewriteCond %{HTTP_REFERER} (tranny) [NC,OR]
RewriteCond %{HTTP_REFERER} (transexual) [NC,OR]
RewriteCond %{HTTP_REFERER} (incest) [NC,OR]
RewriteCond %{HTTP_REFERER} (forced-sex) [NC,OR]
RewriteCond %{HTTP_REFERER} (xanax) [NC,OR]
RewriteCond %{HTTP_REFERER} (hydrocodone) [NC,OR]
RewriteCond %{HTTP_REFERER} (phentermine) [NC,OR]
RewriteCond %{HTTP_REFERER} (kapsi) [NC,OR]
RewriteCond %{HTTP_REFERER} (jamminweb) [NC,OR]
RewriteCond %{HTTP_REFERER} (poker) [NC,OR]
RewriteCond %{HTTP_REFERER} (tadalafil) [NC,OR]
RewriteCond %{HTTP_REFERER} (vicodin) [NC,OR]
RewriteCond %{HTTP_REFERER} (ambien) [NC,OR]
RewriteCond %{HTTP_REFERER} (car\.loan) [NC,OR]
RewriteCond %{HTTP_REFERER} (f-z-a) [NC,OR]
RewriteCond %{HTTP_REFERER} (asso\.ws) [NC,OR]
RewriteCond %{HTTP_REFERER} (bdsm) [NC,OR]
RewriteCond %{HTTP_REFERER} (euro\.tm) [NC,OR]
RewriteCond %{HTTP_REFERER} (fioricet) [NC,OR]
RewriteCond %{HTTP_REFERER} (societe\.st) [NC,OR]
RewriteCond %{HTTP_REFERER} (corp\.st) [NC,OR]
RewriteRule .* bad_referrer.php [L]
# Block referrer spam
RewriteCond %{HTTP_REFERER} (get2\.us) [NC,OR]
RewriteCond %{HTTP_REFERER} (ontheweb\.nl) [NC,OR]
RewriteCond %{HTTP_REFERER} (zu5\.net) [NC,OR]
RewriteCond %{HTTP_REFERER} (bestall) [NC,OR]
RewriteCond %{HTTP_REFERER} (analloverz) [NC,OR]
RewriteCond %{HTTP_REFERER} (subito) [NC,OR]
RewriteCond %{HTTP_REFERER} (onlinepharmacy) [NC,OR]
RewriteCond %{HTTP_REFERER} (totaldebtservice) [NC,OR]
RewriteCond %{HTTP_REFERER} (viagra) [NC,OR]
RewriteCond %{HTTP_REFERER} (free1) [NC,OR]
RewriteCond %{HTTP_REFERER} (discount) [NC,OR]
RewriteCond %{HTTP_REFERER} (vialis) [NC,OR]
RewriteCond %{HTTP_REFERER} (levitra) [NC,OR]
RewriteCond %{HTTP_REFERER} (societe) [NC,OR]
RewriteCond %{HTTP_REFERER} (shemale) [NC,OR]
RewriteCond %{HTTP_REFERER} (orgasm) [NC,OR]
RewriteCond %{HTTP_REFERER} (tranny) [NC,OR]
RewriteCond %{HTTP_REFERER} (transexual) [NC,OR]
RewriteCond %{HTTP_REFERER} (incest) [NC,OR]
RewriteCond %{HTTP_REFERER} (forced-sex) [NC,OR]
RewriteCond %{HTTP_REFERER} (xanax) [NC,OR]
RewriteCond %{HTTP_REFERER} (hydrocodone) [NC,OR]
RewriteCond %{HTTP_REFERER} (phentermine) [NC,OR]
RewriteCond %{HTTP_REFERER} (kapsi) [NC,OR]
RewriteCond %{HTTP_REFERER} (jamminweb) [NC,OR]
RewriteCond %{HTTP_REFERER} (poker) [NC,OR]
RewriteCond %{HTTP_REFERER} (tadalafil) [NC,OR]
RewriteCond %{HTTP_REFERER} (vicodin) [NC,OR]
RewriteCond %{HTTP_REFERER} (ambien) [NC,OR]
RewriteCond %{HTTP_REFERER} (car\.loan) [NC,OR]
RewriteCond %{HTTP_REFERER} (f-z-a) [NC,OR]
RewriteCond %{HTTP_REFERER} (asso\.ws) [NC,OR]
RewriteCond %{HTTP_REFERER} (bdsm) [NC,OR]
RewriteCond %{HTTP_REFERER} (euro\.tm) [NC,OR]
RewriteCond %{HTTP_REFERER} (fioricet) [NC,OR]
RewriteCond %{HTTP_REFERER} (societe\.st) [NC,OR]
RewriteCond %{HTTP_REFERER} (corp\.st) [NC,OR]
RewriteRule .* bad_referrer.php [L]
- Matt
