Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: Referrer spam
colak wrote #340570:
Maybe I should wait until then?
No guarantee I will update it with any speed.. the plugin should still work after the modification so I’m not too concerned about updating it. Although it will be very nice for future plugins
Offline
Re: Referrer spam
vistopher wrote #340576:
No guarantee I will update it with any speed.. the plugin should still work after the modification so I’m not too concerned about updating it. Although it will be very nice for future plugins
Hi,
I installed and enabled the plugin, but I cannot see the IPs in admin > Visitor logs, but I do see them after clicking on the relevant table in rss_admin_db_manager.
I’m running the latest txp.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
skewray wrote #340572:
I suspect these hits are Google Cloud, not fake IPs. FYI, my ham-handed solution :
# Google AS15169 Evil=96.2% 2025-08-27 Warning: May block Google employees....The ranges are not a complete set, just what I’ve seen on my site. If I get the cookie thing working, I may rip this sort of stuff out. It is a bit labor intensive to create.
The RewriteCond %{HTTP_USER_AGENT} directive returns a 500 for me:(
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
I’ve been researching if I can apply the ratelimit_module only for specific IPs. At the moment it is a global directive which is not nice for legit visitors. No results were returned.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
colak wrote #340578:
Hi,
I installed and enabled the plugin, but I cannot see the IPs in admin > Visitor logs, but I do see them after clicking on the relevant table in rss_admin_db_manager.
I’m running the latest txp.
I’ve only tested it on 4.8.8, not the beta versions. I will try to install the latest beta tonight and see if what the issue is.
Offline
Re: Referrer spam
It appears that all attacks come from ips belonging to google starting with 34.174. I’m very close to apply a Deny from 34.174. directive to up to 1 million users.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
TXP Builders – finely-crafted code, design and txp
Offline
Re: Referrer spam
jakob wrote #340593:
You are, it seems, not alone as many others are reporting similar activity from those IPs.
Thanks so much Julian, I’m glad I’m not the only one. I wrote to google and their form said that they would respond within a week. As others have the problem hopefully Google will take action.
Meanwhile, I’m denying access to every single ip that starts with 34.174.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
colak wrote #340578:
Hi,
I installed and enabled the plugin, but I cannot see the IPs in admin > Visitor logs, but I do see them after clicking on the relevant table in rss_admin_db_manager.
I’m running the latest txp.
Alright, the github is updated and works with the 4.9.0 beta versions.
This is the change I had not accounted for:- Developer: ‘Visitor logs’ panel is now bound to the new ‘lore’ event name (was: ‘log’) to prevent conflicts with privacy filters.
Offline
Re: Referrer spam
vistopher wrote #340601:
Alright, the github is updated and works with the 4.9.0 beta versions.
- Developer: ‘Visitor logs’ panel is now bound to the new ‘lore’ event name (was: ‘log’) to prevent conflicts with privacy filters.
Thanks so much. It works as intended.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
colak wrote #340592:
I’m very close to apply a
Deny from 34.174.directive to up to 1 million users.
Out of curiosity, which syntax are you using? The older (Apache 2.2) Allow / Deny Directive, or the newer Require Directive (see Apache docs)?
<RequireAll>
Require all granted
Require not ip 34.174.
</RequireAll>Although from the docs it is not clear if a partial IP address actually work. Documentation seems a little unclear, although this page (httpd.apache.org/docs/2.4/howto/access.html#host) it seems to imply a partial IP is allowed (and posting the above in my .htaccess does not throw a 500).
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
Re: Referrer spam
phiw13 wrote #340613:
Out of curiosity, which syntax are you using? The older (Apache 2.2)
Allow / Deny Directive, or the newerRequire Directive(see Apache docs)?
<RequireAll>...Although from the docs it is not clear if a partial IP address actually work. Documentation seems a little unclear, although this page (httpd.apache.org/docs/2.4/howto/access.html#host) it seems to imply a partial IP is allowed (and posting the above in my
.htaccessdoes not throw a500).
Hi Philippe,
I use the latest 2.4 version, and the following in my htaccess.
<RequireAll>
Require all granted
Require not ip 34.174.0.0/16
</RequireAll>Require not ip 34.174 did not work for me.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
colak wrote #340615:
Hi Philippe,
I use the latest 2.4 version, and the following in my htaccess.
<RequireAll>...
Require not ip 34.174did not work for me.
Thanks! So partial IP is’t apparently working as well as dreamed about. Good to know.
I had previously only worked with full specific IPs.. I currently have no needs to go blocking on a large scale, but who knows what the future brings.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
Re: Referrer spam
Just to clarify that Require not ip 34.174.0.0/16 works as Require not ip 34.174. should have worked.
I think that it is harsh mass blocking 1 million IPs, but hopefully the attack will stop in a few days, and I’ll comment out the rule.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
On my site, Require not ip 34.174.0.0/16 does not work, but Require not ip 34.174. does. The first does pass the syntax check, since everything including and after the / is ignored. This is why I ended up doing the code I posted earlier. That, and I didn’t want to block legitimate traffic like googlebots, Mastodon servers, Bluesky, &c.
Offline