Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2019-12-10 20:31:28

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 7,521
Website

block top level domain

This is the third day our site is attacked by spam referrers. We get well over 500 hits a day. The referrers, according to the server logs have various IP addresses (and URLs), and. target what they seem to be random but existing pages of the site. What they all have in common is that they all have a .xyz domain. Is there a way to block all referrers from that domain using htaccess? My searches for a solution returned no actual results, but I might be searching using the wrong keywords.


Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | Respbublika! | NeMe @ github

Online

#2 2019-12-10 21:24:36

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 3,657
Website

Re: block top level domain

Maybe the answer to this stackoverflow question but using .xyz in place of .ru and combining it with whatever you use to deny access (for example)?


TXP Builders – finely-crafted code, design and txp

Offline

#3 2019-12-11 06:09:52

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 7,521
Website

Re: block top level domain

Thanks so much Julian. This is what I added

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^https?://[^/]+\.xyz/? [NC]
RewriteRule .* - [F]

I’m now waiting to see if it’ll work.


Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | Respbublika! | NeMe @ github

Online

#4 2019-12-16 19:20:36

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,679

Re: block top level domain

Yiannis, you’re like a magnet for these people! If this continues, look into a web application firewall (mod_security, etc), it may offer you an extra layer of protection for behavioural types over and above your .htaccess file.

Offline

#5 2019-12-17 05:46:09

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 7,521
Website

Re: block top level domain

gaekwad wrote #320573:

Yiannis, you’re like a magnet for these people!

Hi Pete,

Indeed, through the. years our site has suffered 2 DDoS attacks, its total content harvested and published on 3 other domains, spammed relentlessly, had a false DMCA notice… the list continues… The constant was txp and this community who have been excellent, all the way.

If this continues, look into a web application firewall (mod_security, etc), it may offer you an extra layer of protection for behavioural types over and above your .htaccess file.

The attacks seem to be still there but slowing down. I will into mod_security once I get some time.


Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | Respbublika! | NeMe @ github

Online

Board footer

Powered by FluxBB