In: , ,
On: 2005 / 02 / 05
Shorter URL for this post:

Refer SpamI have been hit quite bad by referer spammers these last few days, with peaks at one hit every 2 seconds (bots loading pages of my site with a fake referer in order to make someone click on their site, have a look at this refer spam screenshot)

It's not like I really care : I don't display publicly my referers and I'm not dumb enough to click on their links, so they are not earning a single click from my site. Plus, I'm bandwith unmetered and uncapped on a fat 100 Mbits, so their bot loading pages is not a real problem. It's just that I'd rather be slashdotted than refer-spam-hammered :)

So I wrote a simple anti refer spam script, sending back the spammers to their own site.

Update 2005-02-25 : I'm currently improving quite a few things in this script, yet having in mind that I want to keep it as easy as possible. Stay tuned if you're interested, feel free to leave a comment asking for a notice when it's available.

Update 2005-09-01 : this script is deprecated. I've made a much much more efficient, smarter, and that require ultra light if any maintenance. I just have to find time to publish it :)

Get the script

The script is rather simple : an array of obvious spammers site (or keywords, or top domain), and a loop comparing the referer with each entry of the array. If one matches, client gets redirected to its own site. Now if they want to hammer themselves once every 2 seconds, I really don't care :)

  1. <?php
  2. $spams = array (
  3.   "", "", "", "", "",
  4.   "", "", "",
  5. ); // array of evil spammers
  7. $ref = $_SERVER&#91;"HTTP_REFERER"];
  9. foreach ($spams as $site) {
  10.     $pattern = "/$site/i";
  11.     if (preg_match ($pattern, $ref)) {
  12.         header("Location: $ref"); exit();
  13.     }
  14. }
  15. ?>

You can either cut and paste the code above, or download the script which contains my real-time updated spammers list (which doesn't grow fast, hopefully) :

Install and customize

To add more entries to the spam array, just add comma separated strings, enclosed with quotes. These strings can be a full url (, just the main domain (, or even a keyword (poker-online, but be warned that a genuine visitor coming from will be bounced back)

Make sure strings contain no slashes, or otherwise modify the script as suggested by Chris in comment #2 (and, by the way, thanks for the tip Chris :)

Unless bandwith is a real problem to you and you are being hit real bad, I'd suggest not to give the list too much attention. Just add entries when you notice a serious spammer, or you are quickly going to manage a 1000 entry array :)

Then, add the following line to the very beginning of the pages you want to protect (in most blog, adding it at the top of index.php in your blog root will protect your whole site)

  1. <?php
  2. require('/home/you/blog/physical/path/to/no-refer-spam.php');
  3. ?>

Your file, i.e. index.php, must begin with these 3 lines.

Final words

My script is one solution amongst many. If your host permits it, you can as well use mod_rewrite and add lines to your .htaccess, but I find mod_rewrite rules less user friendly than a straight PHP script.

If you are looking for a neat script to watch your referers, I'd suggest you give Refer a try.

Shorter URL

Want to share or tweet this post? Please use this short URL:


This entry "No Refer Spam" was posted on 05/02/2005 at 3:34 pm and is tagged with , ,
Watch this discussion : Comments RSS 2.0.

30 Blablas

  1. chris waigl says:

    Thanks a lot. I just installed it. But I replaced preg_match() with strstr() because I got an error message ("unknown modifier…") when I entered a string that includes slashes, like a full URI.

  2. r0gi3r says:

    I hope it works i'm getting sick from that @#$% online casino every 2 min.

  3. Ozh says:

    it does work pretty well, at least for me : I've been refer spam free since I wrote it. Keeping an eye on my refer list to update the spam list, if needed, but so far everything is much better :)

    I have been hit quite bad by referer spammers these last few days, with peaks at one hit every 2 seconds (bots loading pages of my site with a fake referer in order to make someone click on their site, have a look at this refer spam …

  5. Gary says:

    Cool…will give it a try. Can one use wildcards with this? * for instance, or * to cover

  6. Donncha says:

    Unfortunately, it's fairly likely that the referer spam client won't follow the redirect. I added similar redirecting to my comment spam measures, redirecting to go.php?remote_url on my server but that url hasn't appeared in my logs yet, despite getting 2 comment spams in the minutes since.
    You could be referer free simply because the request isn't getting through. The exit takes care of that. I'll leave the code in for a while, but damn, I was looking forward to getting some revenge on those guys!

  7. Ozh says:

    from a spam bot point of view, don't know exactly what is going to happen, I guess it depends on how the bot is actually programmed. The thing I can be sure of, is that since I wrote this script, my refer log is casino and other crap free :)

  8. […] ound that someone had written a very straight forward way to block referrer spam. Over at, there is a nice little script that basically loops thr […]

  9. Claire says:

    Just installed it…hopefully it'll start catching the referrers I keep seeing :)

  10. […] ustom fields" + Amazon Wishlist: para quem não tem o Amazon Hacks (como o Spiceee) + No-Refer-Spam: bloqueador de insetos humanos na sua referer list + WordPress […]

  11. Jens Wedin says:

    Hi and thanks, I have used your script now for a few weeks and I must say that I am very impressed. Only a very few spammers a getting through, good thing is that I just add their domain and they are gone.

    Thanks for making my day a bit easier.

  12. chris says:

    O.K. I'm not that good at programming so exactly where does the inital code go? Is it in the section of each page–or the index page? Then the three lines of code goes where? In the body?


  13. Uriel says:

    Hi, i found your script very useful, but i changed it that way:


    In that way i only need to place a part of the string composing the spammer name.

    Thank you, anyway.


  14. […] ). Wish me luck because I definitely need it! Site news (or something): Since I installed this script and this patch [via aestia], my referrers list is free of spam. R […]

  15. Tone says:

    This thing is great!

    I've installed it on my blog as well as a dozen more than I host. It has given me back the usefulness of awstats (no longer is it flooded with garbage).

    Thanks for a great plugin!

  16. Ozh says:

    Thank you. However stay tuned : I think I'm going to release a much much more efficient version of this script later on this script, that will require no maintaining nor adding new hosts ever.

  17. Matthew says:

    Thanks a million – I'm gettin tired of seeing all this stuff in my logs!

  18. IlManu says:

    Works great ! Thank you very much ! :D

  19. Marco says:

    I tried to post an explanation why this doesn't work but alas… it gets marked as spam. *baffled*

    Anyway, it doesn't work. A bot doesn't follow redirects.

  20. Marco says:

    Here's what I tried to post, for those who are interested:

  21. Ozh says:

    Marco, you're right, and I know this :)
    Actually this script is mostly deprecated. I have written a much more efficient and smarter one, I have yet to find some time to release the thing :)

  22. Marco says:

    Ah ok! Well if you've found a way to make spammers eat up their own bandwidth while saving our own I'm extremely interested!

  23. localhost says:

    I would love to see your new solution as well. Hope you don't use the approach Marco has available by using a htaccess file. My host doesn't support this.

  24. Ozh says:

    Hey, it seems like I really have to release the thing now :)
    Marco » no, unfortunately, this doesn't waste spammers bandwidth :) But it saves yours, and your referral log, which is cool anyway :)
    "localhost" » no, it only relies on a PHP script you can include on any PHP powered website.

  25. localhost says:

    Just mail it. I'm more then willing to post it on my own blog with all needed credits to you.

  26. Webbericht says:

    […] Ich werde jetzt mal das Skript von planetOzh testen und hoffen, dass ich damit erst einmal sicher bin. Abgelegt von Kolja Schönfeld unter: Berichte | Webbericht | Spam […]

  27. Lee says:

    I'd like to know when you update this :)

    To my horror only the other day I started getting refer spam in awstats, about 400 domains…is very depressing.

  28. Ralph says:

    Would not it be easier to block unwanted referers through .htaccess?

  29. likejazz says:

    I'm NOT spammer. is just written in Korean.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>
Gravatars: Curious about the little images next to each commenter's name ? Go to Gravatar and sign for a free account
Spam: Various spam plugins may be activated. I'll put pins in a Voodoo doll if you spam me.

Read more ? »