Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: Referrer spam
skewray wrote #340572:
I suspect these hits are Google Cloud, not fake IPs. FYI, my ham-handed solution :
# Google AS15169 Evil=96.2% 2025-08-27 Warning: May block Google employees....The ranges are not a complete set, just what I’ve seen on my site. If I get the cookie thing working, I may rip this sort of stuff out. It is a bit labor intensive to create.
Thanks so much. I’ll look into it tomorrow when I’m fresh. Meanwhile, I have halved the speeds and added an apology to all the pages of the website.
I do not think that there are for LLMs as they also list a referrer sites such as techcrunch, sears, etc. I do not think that bonafide LLM bots would do that, although I may be wrong.
<IfModule ratelimit_module>
SetOutputFilter RATE_LIMIT
SetEnv rate-limit 50
SetEnv rate-initial-burst 200
</IfModule>Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
What I’ve been seeing recently are bursts of hits, but each one is from not only different IPs, but from all over the world. Not referrer spam, though; I haven’t seen any of that in years. Whoever is crawling my site, for whatever reason, is renting a cloud server somewhere, doing a bunch of single-access drive-by hits, and then closing it down. Multiplied by thousands. Very sly.
Sometimes these clusters have a central country of origin. Since I’ve shut down the US, then it was China, then India, then Brazil, then Vietnam. Whoever this is, they use cloud+ISP companies, so just blocking the entire ASN isn’t worth it.
Offline
Re: Referrer spam
colak wrote #340566:
Edited to add that
ratelimit_modulehas reduced the speed of the bots dramatically.
Excellent!
Offline
#16 Yesterday 17:58:12
- vistopher
- Plugin Author
- Registered: 2025-09-15
- Posts: 4
Re: Referrer spam
colak wrote #340570:
Maybe I should wait until then?
No guarantee I will update it with any speed.. the plugin should still work after the modification so I’m not too concerned about updating it. Although it will be very nice for future plugins
Offline
#17 Today 04:31:10
Re: Referrer spam
vistopher wrote #340576:
No guarantee I will update it with any speed.. the plugin should still work after the modification so I’m not too concerned about updating it. Although it will be very nice for future plugins
Hi,
I installed and enabled the plugin, but I cannot see the IPs in admin > Visitor logs, but I do see them after clicking on the relevant table in rss_admin_db_manager.
I’m running the latest txp.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
#18 Today 05:12:09
Re: Referrer spam
skewray wrote #340572:
I suspect these hits are Google Cloud, not fake IPs. FYI, my ham-handed solution :
# Google AS15169 Evil=96.2% 2025-08-27 Warning: May block Google employees....The ranges are not a complete set, just what I’ve seen on my site. If I get the cookie thing working, I may rip this sort of stuff out. It is a bit labor intensive to create.
The RewriteCond %{HTTP_USER_AGENT} directive returns a 500 for me:(
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
#19 Today 05:41:37
Re: Referrer spam
I’ve been researching if I can apply the ratelimit_module only for specific IPs. At the moment it is a global directive which is not nice for legit visitors. No results were returned.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline