Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: Referrer spam
vistopher wrote #340601:
Alright, the github is updated and works with the 4.9.0 beta versions.
- Developer: ‘Visitor logs’ panel is now bound to the new ‘lore’ event name (was: ‘log’) to prevent conflicts with privacy filters.
Thanks so much. It works as intended.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
colak wrote #340592:
I’m very close to apply a
Deny from 34.174.directive to up to 1 million users.
Out of curiosity, which syntax are you using? The older (Apache 2.2) Allow / Deny Directive, or the newer Require Directive (see Apache docs)?
<RequireAll>
Require all granted
Require not ip 34.174.
</RequireAll>Although from the docs it is not clear if a partial IP address actually work. Documentation seems a little unclear, although this page (httpd.apache.org/docs/2.4/howto/access.html#host) it seems to imply a partial IP is allowed (and posting the above in my .htaccess does not throw a 500).
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
Re: Referrer spam
phiw13 wrote #340613:
Out of curiosity, which syntax are you using? The older (Apache 2.2)
Allow / Deny Directive, or the newerRequire Directive(see Apache docs)?
<RequireAll>...Although from the docs it is not clear if a partial IP address actually work. Documentation seems a little unclear, although this page (httpd.apache.org/docs/2.4/howto/access.html#host) it seems to imply a partial IP is allowed (and posting the above in my
.htaccessdoes not throw a500).
Hi Philippe,
I use the latest 2.4 version, and the following in my htaccess.
<RequireAll>
Require all granted
Require not ip 34.174.0.0/16
</RequireAll>Require not ip 34.174 did not work for me.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
colak wrote #340615:
Hi Philippe,
I use the latest 2.4 version, and the following in my htaccess.
<RequireAll>...
Require not ip 34.174did not work for me.
Thanks! So partial IP is’t apparently working as well as dreamed about. Good to know.
I had previously only worked with full specific IPs.. I currently have no needs to go blocking on a large scale, but who knows what the future brings.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
Re: Referrer spam
Just to clarify that Require not ip 34.174.0.0/16 works as Require not ip 34.174. should have worked.
I think that it is harsh mass blocking 1 million IPs, but hopefully the attack will stop in a few days, and I’ll comment out the rule.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
On my site, Require not ip 34.174.0.0/16 does not work, but Require not ip 34.174. does. The first does pass the syntax check, since everything including and after the / is ignored. This is why I ended up doing the code I posted earlier. That, and I didn’t want to block legitimate traffic like googlebots, Mastodon servers, Bluesky, &c.
Offline
Re: Referrer spam
skewray wrote #340572:
I suspect these hits are Google Cloud, not fake IPs. FYI, my ham-handed solution :
# Google AS15169 Evil=96.2% 2025-08-27 Warning: May block Google employees....The ranges are not a complete set, just what I’ve seen on my site. If I get the cookie thing working, I may rip this sort of stuff out. It is a bit labor intensive to create.
I found that the reason I was getting a 500 on this was the white spaces. I will not be using it, but the configuration below worked for me.
RewriteCond %{HTTP_USER_AGENT} "^Mozilla" [OR]
RewriteCond %{HTTP_USER_AGENT} "aiohttp" [OR]
RewriteCond %{HTTP_USER_AGENT} !"Google"
RewriteCond %{REMOTE_ADDR} ^34\.([1-9]?\d|1[0-8]\d|19[01])\. [OR]
RewriteCond %{REMOTE_ADDR} ^35\.(20[89]|2[1-3]\d|24[0-7])\. [OR]
RewriteCond %{REMOTE_ADDR} ^66\.249\.(6[4-9]|[78]\d|9[0-5])\. [OR]
RewriteCond %{REMOTE_ADDR} ^104\.19[6-9]\. [NC]
RewriteRule .* - [F,E=rej:R21]Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
The official Apache .htaccess “standard” doesn’t allow comments after the []. Mine does, so I document each line.
The E=rej:R21 is for logging on my website. I should have taken that out when I posted it. (The “R21” rule has blocked 59 times so far this month!)
Last edited by skewray (2025-09-24 03:28:08)
Offline
Re: Referrer spam
colak wrote #340615:
Hi Philippe,
I use the latest 2.4 version, and the following in my htaccess.
<RequireAll>...
Just an update that this only worked for a day.
I’m now experimenting with
<If "%{REMOTE_ADDR} =~ /^34\.174\.\d{1,3}\.\d{1,3}/">
Require all denied
</If>and if it does not work, I’ll try
<If "%{REMOTE_ADDR} =~ /^34\.174\.(?:25[0-5]|2[0-4]\d|1?\d{1,2})\.(?:25[0-5]|2[0-4]\d|1?\d{1,2})/">
Require all denied
</If>or
<If "-R '34.174.0.0/16'">
Require all denied
</If>A suggestion by our host returned a 500 error.
<IfModule mod_authz_core.c>
Require all granted
Require not ip 34.174
</IfModule>Previous versions of Apache were so much simpler!
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
Just a heads up for whoever is attacked by the 34.174. range Google Cloud IPs. Blocking all of them, which is what I did, also blocks the w3 validator which is apparently using them too. Nothing I can do here except validate my articles by copy/pasting the source in the validator.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Referrer spam
colak wrote #340810:
Blocking the … 34.174. range IPs … also blocks the w3 validator … Nothing I can do here except validate my articles by copy/pasting the source in the validator.
Does your favoured browser have a validator browser extension? I don’t know how they work – it’s possible they just pass on the source to the w3c validator and output the results – but maybe not. That might end up being quicker than what you have now.
TXP Builders – finely-crafted code, design and txp
Offline
Re: Referrer spam
jakob wrote #340811:
Does your favoured browser have a validator browser extension? I don’t know how they work – it’s possible they just pass on the source to the w3c validator and output the results – but maybe not. That might end up being quicker than what you have now.
It does through the developer tools extension. Maybe that is the one which is passing through the Google cloud. I’ll check on it.
> Edit: It’s the w3 validator! Pasting a url there returns my 403 page.
Last edited by colak (2025-10-02 08:19:21)
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline