Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: Referrer spam
vistopher wrote #340601:
Alright, the github is updated and works with the 4.9.0 beta versions.
- Developer: ‘Visitor logs’ panel is now bound to the new ‘lore’ event name (was: ‘log’) to prevent conflicts with privacy filters.
Thanks so much. It works as intended.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
colak wrote #340592:
I’m very close to apply a
Deny from 34.174.directive to up to 1 million users.
Out of curiosity, which syntax are you using? The older (Apache 2.2) Allow / Deny Directive, or the newer Require Directive (see Apache docs)?
<RequireAll>
Require all granted
Require not ip 34.174.
</RequireAll>Although from the docs it is not clear if a partial IP address actually work. Documentation seems a little unclear, although this page (httpd.apache.org/docs/2.4/howto/access.html#host) it seems to imply a partial IP is allowed (and posting the above in my .htaccess does not throw a 500).
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
Re: Referrer spam
phiw13 wrote #340613:
Out of curiosity, which syntax are you using? The older (Apache 2.2)
Allow / Deny Directive, or the newerRequire Directive(see Apache docs)?
<RequireAll>...Although from the docs it is not clear if a partial IP address actually work. Documentation seems a little unclear, although this page (httpd.apache.org/docs/2.4/howto/access.html#host) it seems to imply a partial IP is allowed (and posting the above in my
.htaccessdoes not throw a500).
Hi Philippe,
I use the latest 2.4 version, and the following in my htaccess.
<RequireAll>
Require all granted
Require not ip 34.174.0.0/16
</RequireAll>Require not ip 34.174 did not work for me.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
colak wrote #340615:
Hi Philippe,
I use the latest 2.4 version, and the following in my htaccess.
<RequireAll>...
Require not ip 34.174did not work for me.
Thanks! So partial IP is’t apparently working as well as dreamed about. Good to know.
I had previously only worked with full specific IPs.. I currently have no needs to go blocking on a large scale, but who knows what the future brings.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
#29 Today 02:10:16
Re: Referrer spam
Just to clarify that Require not ip 34.174.0.0/16 works as Require not ip 34.174. should have worked.
I think that it is harsh mass blocking 1 million IPs, but hopefully the attack will stop in a few days, and I’ll comment out the rule.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
#30 Today 03:04:09
Re: Referrer spam
On my site, Require not ip 34.174.0.0/16 does not work, but Require not ip 34.174. does. The first does pass the syntax check, since everything including and after the / is ignored. This is why I ended up doing the code I posted earlier. That, and I didn’t want to block legitimate traffic like googlebots, Mastodon servers, Bluesky, &c.
Offline
#31 Today 03:21:24
Re: Referrer spam
skewray wrote #340572:
I suspect these hits are Google Cloud, not fake IPs. FYI, my ham-handed solution :
# Google AS15169 Evil=96.2% 2025-08-27 Warning: May block Google employees....The ranges are not a complete set, just what I’ve seen on my site. If I get the cookie thing working, I may rip this sort of stuff out. It is a bit labor intensive to create.
I found that the reason I was getting a 500 on this was the white spaces. I will not be using it, but the configuration below worked for me.
RewriteCond %{HTTP_USER_AGENT} "^Mozilla" [OR]
RewriteCond %{HTTP_USER_AGENT} "aiohttp" [OR]
RewriteCond %{HTTP_USER_AGENT} !"Google"
RewriteCond %{REMOTE_ADDR} ^34\.([1-9]?\d|1[0-8]\d|19[01])\. [OR]
RewriteCond %{REMOTE_ADDR} ^35\.(20[89]|2[1-3]\d|24[0-7])\. [OR]
RewriteCond %{REMOTE_ADDR} ^66\.249\.(6[4-9]|[78]\d|9[0-5])\. [OR]
RewriteCond %{REMOTE_ADDR} ^104\.19[6-9]\. [NC]
RewriteRule .* - [F,E=rej:R21]Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
#32 Today 03:26:28
Re: Referrer spam
The official Apache .htaccess “standard” doesn’t allow comments after the []. Mine does, so I document each line.
The E=rej:R21 is for logging on my website. I should have taken that out when I posted it. (The “R21” rule has blocked 59 times so far this month!)
Last edited by skewray (Today 03:28:08)
Offline