In: , ,
On: 2005 / 02 / 05 Viewed: 51744 times
Shorter URL for this post: http://ozh.in/4b

Refer SpamI have been hit quite bad by referer spammers these last few days, with peaks at one hit every 2 seconds (bots loading pages of my site with a fake referer in order to make someone click on their site, have a look at this refer spam screenshot)

It's not like I really care : I don't display publicly my referers and I'm not dumb enough to click on their links, so they are not earning a single click from my site. Plus, I'm bandwith unmetered and uncapped on a fat 100 Mbits, so their bot loading pages is not a real problem. It's just that I'd rather be slashdotted than refer-spam-hammered :)

So I wrote a simple anti refer spam script, sending back the spammers to their own site.

Update 2005-02-25 : I'm currently improving quite a few things in this script, yet having in mind that I want to keep it as easy as possible. Stay tuned if you're interested, feel free to leave a comment asking for a notice when it's available.

Update 2005-09-01 : this script is deprecated. I've made a much much more efficient, smarter, and that require ultra light if any maintenance. I just have to find time to publish it :)

Get the script

The script is rather simple : an array of obvious spammers site (or keywords, or top domain), and a loop comparing the referer with each entry of the array. If one matches, client gets redirected to its own site. Now if they want to hammer themselves once every 2 seconds, I really don't care :)

  1. <?php
  2. $spams = array (
  3.   "terashells.com", "chat-nett.com", "exitq.com", "cxa.de", "sysrem03.com",
  4.   "pharmacy.info", "guide.info", "drugstore.info",
  5. ); // array of evil spammers
  6.  
  7. $ref = $_SERVER["HTTP_REFERER"];
  8.  
  9. foreach ($spams as $site) {
  10.     $pattern = "/$site/i";
  11.     if (preg_match ($pattern, $ref)) {
  12.         header("Location: $ref"); exit();
  13.     }
  14. }
  15. ?>

You can either cut and paste the code above, or download the script which contains my real-time updated spammers list (which doesn't grow fast, hopefully) :

Install and customize

To add more entries to the spam array, just add comma separated strings, enclosed with quotes. These strings can be a full url (www.i-am-a-naughty.spammer.com), just the main domain (spammer.com), or even a keyword (poker-online, but be warned that a genuine visitor coming from http://joesblog.com/archives/i-hate-poker-online/ will be bounced back)

Make sure strings contain no slashes, or otherwise modify the script as suggested by Chris in comment #2 (and, by the way, thanks for the tip Chris :)

Unless bandwith is a real problem to you and you are being hit real bad, I'd suggest not to give the list too much attention. Just add entries when you notice a serious spammer, or you are quickly going to manage a 1000 entry array :)

Then, add the following line to the very beginning of the pages you want to protect (in most blog, adding it at the top of index.php in your blog root will protect your whole site)

  1. <?php
  2. require('/home/you/blog/physical/path/to/no-refer-spam.php');
  3. ?>

Your file, i.e. index.php, must begin with these 3 lines.

Final words

My script is one solution amongst many. If your host permits it, you can as well use mod_rewrite and add lines to your .htaccess, but I find mod_rewrite rules less user friendly than a straight PHP script.

If you are looking for a neat script to watch your referers, I'd suggest you give Refer a try.

Shorter URL

Want to share or tweet this post? Please use this short URL: http://ozh.in/4b

Metastuff

This entry "No Refer Spam" was posted on 05/02/2005 at 3:34 pm and is tagged with , ,
Watch this discussion : Comments RSS 2.0.

30 Blablas

  1. 1
    XeroCool United States »
    thought, on 05/Feb/05 at 4:34 pm # :

    Great.

  2. 2
    chris waigl France »
    commented, on 05/Feb/05 at 5:30 pm # :

    Thanks a lot. I just installed it. But I replaced preg_match() with strstr() because I got an error message ("unknown modifier…") when I entered a string that includes slashes, like a full URI.

  3. 3
    r0gi3r Belgium »
    said, on 06/Feb/05 at 4:44 pm # :

    I hope it works i'm getting sick from that @#$% online casino every 2 min.

  4. 4
    Ozh France »
    thought, on 07/Feb/05 at 12:56 am # :

    it does work pretty well, at least for me : I've been refer spam free since I wrote it. Keeping an eye on my refer list to update the spam list, if needed, but so far everything is much better :)

  5. 5
    Dave's Chalkboard United States »
    trackback on 08/Feb/05 at 5:13 am # :

    http://www.planetOzh.com

    http://www.planetOzh.com
    I have been hit quite bad by referer spammers these last few days, with peaks at one hit every 2 seconds (bots loading pages of my site with a fake referer in order to make someone click on their site, have a look at this refer spam …

  6. 6
    Gary United States »
    said, on 13/Feb/05 at 7:17 pm # :

    Cool…will give it a try. Can one use wildcards with this? *windowsoftware.biz for instance, or *software.biz to cover whateversoftware.biz?

  7. 7
    Donncha Ireland »
    replied, on 15/Feb/05 at 1:25 pm # :

    Unfortunately, it's fairly likely that the referer spam client won't follow the redirect. I added similar redirecting to my comment spam measures, redirecting to go.php?remote_url on my server but that url hasn't appeared in my logs yet, despite getting 2 comment spams in the minutes since.
    You could be referer free simply because the request isn't getting through. The exit takes care of that. I'll leave the code in for a while, but damn, I was looking forward to getting some revenge on those guys!

  8. 8
    Ozh France »
    said, on 15/Feb/05 at 8:41 pm # :

    from a spam bot point of view, don't know exactly what is going to happen, I guess it depends on how the bot is actually programmed. The thing I can be sure of, is that since I wrote this script, my refer log is casino and other crap free :)

  9. 9
    Trash Deerwood Blog » Another way ... United States »
    pingback on 24/Feb/05 at 1:36 pm # :

    [...] ound that someone had written a very straight forward way to block referrer spam. Over at frenchfragfactory.net, there is a nice little script that basically loops thr [...]

  10. 10
    Claire United States »
    replied, on 02/Mar/05 at 2:37 am # :

    Just installed it…hopefully it'll start catching the referrers I keep seeing :)

  11. 11
    :// aloha! dO15 mi£ € ©1nc() »... United States »
    pingback on 08/Mar/05 at 9:32 pm # :

    [...] ustom fields" + Amazon Wishlist: para quem não tem o Amazon Hacks (como o Spiceee) + No-Refer-Spam: bloqueador de insetos humanos na sua referer list + WordPress [...]

  12. 12
    Jens Wedin Sweden »
    thought, on 09/Mar/05 at 8:52 am # :

    Hi and thanks, I have used your script now for a few weeks and I must say that I am very impressed. Only a very few spammers a getting through, good thing is that I just add their domain and they are gone.

    Thanks for making my day a bit easier.

  13. 13
    chris United States »
    thought, on 10/Mar/05 at 7:17 pm # :

    O.K. I'm not that good at programming so exactly where does the inital code go? Is it in the section of each page–or the index page? Then the three lines of code goes where? In the body?

    thanks,

  14. 14
    Uriel Italy »
    thought, on 28/Mar/05 at 3:47 pm # :

    Hi, i found your script very useful, but i changed it that way:

    ——————

    In that way i only need to place a part of the string composing the spammer name.

    Thank you, anyway.

    Uriel

  15. 15
    XIKITA /blog » 1 down, 3 to go. United States »
    pingback on 30/Mar/05 at 5:46 pm # :

    [...] ). Wish me luck because I definitely need it! Site news (or something): Since I installed this script and this patch [via aestia], my referrers list is free of spam. R [...]

  16. 16
    Tone United States »
    thought, on 27/Jun/05 at 12:33 pm # :

    This thing is great!

    I've installed it on my blog as well as a dozen more than I host. It has given me back the usefulness of awstats (no longer is it flooded with garbage).

    Thanks for a great plugin!

  17. 17
    Ozh France »
    replied, on 27/Jun/05 at 6:31 pm # :

    Thank you. However stay tuned : I think I'm going to release a much much more efficient version of this script later on this script, that will require no maintaining nor adding new hosts ever.

  18. 18
    Matthew United States »
    commented, on 06/Jul/05 at 4:54 pm # :

    Thanks a million – I'm gettin tired of seeing all this stuff in my logs!

  19. 19
    IlManu Italy »
    replied, on 12/Jul/05 at 7:37 pm # :

    Works great ! Thank you very much ! :D

  20. 20
    Marco Netherlands »
    wrote, on 05/Sep/05 at 4:36 pm # :

    I tried to post an explanation why this doesn't work but alas… it gets marked as spam. *baffled*

    Anyway, it doesn't work. A bot doesn't follow redirects.

  21. 21
    Marco Netherlands »
    said, on 05/Sep/05 at 4:39 pm # :

    Here's what I tried to post, for those who are interested:

    http://www.i-marco.nl/weblog/ozh-why.txt

  22. 22
    Ozh France »
    commented, on 05/Sep/05 at 8:43 pm # :

    Marco, you're right, and I know this :)
    Actually this script is mostly deprecated. I have written a much more efficient and smarter one, I have yet to find some time to release the thing :)

  23. 23
    Marco Netherlands »
    commented, on 05/Sep/05 at 10:57 pm # :

    Ah ok! Well if you've found a way to make spammers eat up their own bandwidth while saving our own I'm extremely interested!

  24. 24
    localhost Netherlands »
    replied, on 06/Sep/05 at 11:38 am # :

    I would love to see your new solution as well. Hope you don't use the approach Marco has available by using a htaccess file. My host doesn't support this.

  25. 25
    Ozh France »
    said, on 06/Sep/05 at 11:50 am # :

    Hey, it seems like I really have to release the thing now :)
    Marco » no, unfortunately, this doesn't waste spammers bandwidth :) But it saves yours, and your referral log, which is cool anyway :)
    "localhost" » no, it only relies on a PHP script you can include on any PHP powered website.

  26. 26
    localhost Netherlands »
    commented, on 06/Sep/05 at 1:35 pm # :

    Just mail it. I'm more then willing to post it on my own blog with all needed credits to you.

  27. 27
    Webbericht Europe »
    pingback on 09/Nov/05 at 12:45 pm # :

    [...] Ich werde jetzt mal das Skript von planetOzh testen und hoffen, dass ich damit erst einmal sicher bin. Abgelegt von Kolja Schönfeld unter: Berichte | Webbericht | Spam [...]

  28. 28
    Lee United Kingdom »
    commented, on 03/Dec/05 at 1:07 pm # :

    I'd like to know when you update this :)

    To my horror only the other day I started getting refer spam in awstats, about 400 domains…is very depressing.

  29. 29
    Ralph United States »
    thought, on 01/Aug/06 at 1:53 pm # :

    Would not it be easier to block unwanted referers through .htaccess?

  30. 30
    likejazz Korea (South) »
    replied, on 14/Oct/06 at 7:33 pm # :

    I'm NOT spammer. likejazz.com is just written in Korean.

Leave a Reply

Comment Guidelines or Die

  • HTML: You can use these tags: <a href=""> <em> <i> <b> <strong> <blockquote>
  • Posting code: Post raw code (no <> &lt; etc) within appropriate tags : [php][/php], [css][/css], [html][/html], [js][/js], [sql][/sql], [xml][/xml], or generic [code][code]
  • Gravatars: Curious about the little images next to each commenter's name ? Go to Gravatar.
  • Spam: Various spam plugins on patrol. I'll put pins in a Voodoo doll if you spam me.
  • I will mark as Spam test comments, all comments with SEO names (ie "My Cool Online Shop" instead of "Joe") or containing forum-like signatures.

Read more ?

 gre.gario.us »