Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
spam
Does anybody else get spam hits from places like
http://ff-anale.hillovi.org/
http://bc-5400.esilive.org/
The addresses are always different, the content is different but the designs are always the same.
I get dozens of infrequent single hits from places like those above…
Was wondering if anybody else has similar annoyances and if they managed to figure out a way to stop them.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: spam
Is it comment spam or just regular email spam?
If it’s comment spam, can you post the exact contents of such a spam message?
Offline
#3 2007-11-24 11:45:05
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: spam
I think he means referrer spam.
Offline
Re: spam
colak wrote:
Was wondering if anybody else has similar annoyances and if they managed to figure out a way to stop them.
I try to ignore them as long as possible, and then I shoot. Via .htaccess, like so:
SetEnvIf Referer ^ff-anale\.hillovi\.org unwanted
SetEnvIf Referer ^bc-5400\.esilive\.org unwanted
SetEnvIf Referer ^*\.example\.com unwanted
Deny from env=unwantedYou can either block individual referrer hosts, like in the first two lines, or block a whole domain like in the third line. Please note that you have to escape dots with a backslash.
Offline
Re: spam
Mary... Thanks for clarifying.
Robert… Thanks for the rule
The problem with these is that they only ‘hit’ once/address. My htaccess would just fill with ‘unwanted’. They also each use different ip.
HAd to deal with spam referrers before and recently neme was attacked by a bot which was hitting a particular page 20 times/minute. The above spam referrers though are just a couple of about 80-90 which ‘visited’ neme in the past few months. They all use the same design template and colour scheme but have different content, ips and urls.
Last edited by colak (2007-11-24 14:45:56)
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
#6 2007-11-28 05:51:57
- net-carver
- Archived Plugin Author
- Registered: 2006-03-08
- Posts: 1,648
Re: spam
wet wrote:
I try to ignore them as long as possible, and then I shoot. Via .htaccess, like so:
SetEnvIf Referer ^ff-anale\.hillovi\.org unwanted
SetEnvIf Referer ^bc-5400\.esilive\.org unwanted
SetEnvIf Referer ^*\.example\.com unwanted
Deny from env=unwantedYou can either block individual referrer hosts, like in the first two lines, or block a whole domain like in the third line. Please note that you have to escape dots with a backslash.
Robert, this might help me with some unwanted referrer domains. Where abouts in the ,htaccess file should this go — before or after the rewrite rules — or doesn’t it matter?
— Steve
Offline
Re: spam
Before or after, but not in between ;-)
Offline
#8 2007-11-28 06:00:55
- net-carver
- Archived Plugin Author
- Registered: 2006-03-08
- Posts: 1,648
Re: spam
wet wrote:
Before or after, but not in between ;-)
Hehe. Will keep them restrained. Thank you.
— Steve
Offline
#9 2007-11-28 06:20:15
- net-carver
- Archived Plugin Author
- Registered: 2006-03-08
- Posts: 1,648
Re: spam
wet wrote:
Before or after, but not in between ;-)
Before or after kills the site with a 500 Internal Server Error :( I don’t think I’ll try in between!
I don’t think it’s my edits of your example, I escaped the dots as you pointed out. Do these need to be wrapped in a conditional test for some Apache module — a bit like the mod_rewrite one?
— Steve
Offline
Re: spam
Here are another few
http://tc-tim.cyberitly.org/
http://ni-milano.careo04.cn/
http://ft-toscana.paruses.org/
http://t-estero.cbainf.org/
http://dl1-2001.netinfo103.org/
http://ff-anale.hillovi.org/
http://bc-5400.esilive.org/
http://p-allergiche.it98net.org/
http://r-daniele.online20.org/
http://n2-parigi.metatowr.org/
http://p-chomsky.cycloped.org/
http://ppp-pbx.kaistapi.org/
http://td-legge.lumiing.org/
http://idp-nivarra.infsync.org/
http://d-gallo.denmcd.org/
http://dusd-amicizia.marldb.org/
http://ceb-marche.esliupn.org/
http://m-page.keyinfbr.org/
http://ps-adda.ataslan.org/
http://a-funivia.antikpwr.org/
http://ae-ici.aspas1.org/
http://pc-online.teamawws.net/
http://jrd-acciaio.wetupn.org/
http://cd-cuori.inioz.org/
http://bsf-pilastro.cpplok.org/
http://tot-inglese.earumiki.org/
http://sb-milano.antikwiki.org/
What they all have in common is their subdomains all of which use the dash and their design. But as I said. They use different IPs and they only spam refer once so blocking them with htaccess would produce no results.
Basically I’m wondering if others here get ‘hits’ from these sites.
>Edited to add some more:)
Last edited by colak (2008-04-09 14:49:58)
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
#11 2007-11-28 09:02:59
- net-carver
- Archived Plugin Author
- Registered: 2006-03-08
- Posts: 1,648
Re: spam
colak wrote:
What they all have in common is their subdomains all of which use the dash and their design. But as I said. They use different IPs and they only spam refer once so blocking them with htaccess would produce no results.
Basically I’m wondering if others here get ‘hits’ from these sites.
Mine are from ‘pro-n’ sites in the format aaa-bbb.ccc-ddd.info. In my case the ccc-ddd.info is fixed. Hope I can get these filters working, as the referrers are becoming sickening.
Any other way of blocking these apart from Robert’s example?
— Steve
Offline
Re: spam
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline