I have been hit quite bad by referer spammers these last few days, with peaks at one hit every 2 seconds (bots loading pages of my site with a fake referer in order to make someone click on their site, have a look at this refer spam screenshot)
It's not like I really care : I don't display publicly my referers and I'm not dumb enough to click on their links, so they are not earning a single click from my site. Plus, I'm bandwith unmetered and uncapped on a fat 100 Mbits, so their bot loading pages is not a real problem. It's just that I'd rather be slashdotted than refer-spam-hammered :)
So I wrote a simple anti refer spam script, sending back the spammers to their own site.
Update 2005-02-25 : I'm currently improving quite a few things in this script, yet having in mind that I want to keep it as easy as possible. Stay tuned if you're interested, feel free to leave a comment asking for a notice when it's available.
Update 2005-09-01 : this script is deprecated. I've made a much much more efficient, smarter, and that require ultra light if any maintenance. I just have to find time to publish it :)
Get the script
The script is rather simple : an array of obvious spammers site (or keywords, or top domain), and a loop comparing the referer with each entry of the array. If one matches, client gets redirected to its own site. Now if they want to hammer themselves once every 2 seconds, I really don't care :)
-
<?php
-
$spams = array (
-
"terashells.com", "chat-nett.com", "exitq.com", "cxa.de", "sysrem03.com",
-
"pharmacy.info", "guide.info", "drugstore.info",
-
); // array of evil spammers
-
-
$ref = $_SERVER["HTTP_REFERER"];
-
-
foreach ($spams as $site) {
-
$pattern = "/$site/i";
-
if (preg_match ($pattern, $ref)) {
-
header("Location: $ref"); exit();
-
}
-
}
-
?>
You can either cut and paste the code above, or download the script which contains my real-time updated spammers list (which doesn't grow fast, hopefully) :
- no-refer-spam.txt : save as .php
- no-refer-spam.php : copy and paste in a blank .php, but don't download it directly, this is highlighted html, not plain code
Install and customize
To add more entries to the spam array, just add comma separated strings, enclosed with quotes. These strings can be a full url (www.i-am-a-naughty.spammer.com), just the main domain (spammer.com), or even a keyword (poker-online, but be warned that a genuine visitor coming from http://joesblog.com/archives/i-hate-poker-online/ will be bounced back)
Make sure strings contain no slashes, or otherwise modify the script as suggested by Chris in comment #2 (and, by the way, thanks for the tip Chris :)
Unless bandwith is a real problem to you and you are being hit real bad, I'd suggest not to give the list too much attention. Just add entries when you notice a serious spammer, or you are quickly going to manage a 1000 entry array :)
Then, add the following line to the very beginning of the pages you want to protect (in most blog, adding it at the top of index.php in your blog root will protect your whole site)
-
<?php
-
require('/home/you/blog/physical/path/to/no-refer-spam.php');
-
?>
Your file, i.e. index.php, must begin with these 3 lines.
Final words
My script is one solution amongst many. If your host permits it, you can as well use mod_rewrite and add lines to your .htaccess, but I find mod_rewrite rules less user friendly than a straight PHP script.
If you are looking for a neat script to watch your referers, I'd suggest you give Refer a try.
Related posts
Shorter URL
Want to share or tweet this post? Please use this short URL: http://ozh.in/4b
Pages: [3] 2 1 » Show All
said, on 14/Oct/06 at 7:33 pm # :
I'm NOT spammer. likejazz.com is just written in Korean.
thought, on 01/Aug/06 at 1:53 pm # :
Would not it be easier to block unwanted referers through .htaccess?
replied, on 03/Dec/05 at 1:07 pm # :
I'd like to know when you update this :)
To my horror only the other day I started getting refer spam in awstats, about 400 domains...is very depressing.
pingback on 09/Nov/05 at 12:45 pm # :
[...] Ich werde jetzt mal das Skript von planetOzh testen und hoffen, dass ich damit erst einmal sicher bin. Abgelegt von Kolja Schönfeld unter: Berichte | Webbericht | Spam [...]
commented, on 06/Sep/05 at 1:35 pm # :
Just mail it. I'm more then willing to post it on my own blog with all needed credits to you.
commented, on 06/Sep/05 at 11:50 am # :
Hey, it seems like I really have to release the thing now :)
Marco » no, unfortunately, this doesn't waste spammers bandwidth :) But it saves yours, and your referral log, which is cool anyway :)
"localhost" » no, it only relies on a PHP script you can include on any PHP powered website.
replied, on 06/Sep/05 at 11:38 am # :
I would love to see your new solution as well. Hope you don't use the approach Marco has available by using a htaccess file. My host doesn't support this.
wrote, on 05/Sep/05 at 10:57 pm # :
Ah ok! Well if you've found a way to make spammers eat up their own bandwidth while saving our own I'm extremely interested!
said, on 05/Sep/05 at 8:43 pm # :
Marco, you're right, and I know this :)
Actually this script is mostly deprecated. I have written a much more efficient and smarter one, I have yet to find some time to release the thing :)
commented, on 05/Sep/05 at 4:39 pm # :
Here's what I tried to post, for those who are interested:
http://www.i-marco.nl/weblog/ozh-why.txt