Apparently spammers have taken to hitting up web servers and flooding them with REFERER spam. Stuff like this:
126.96.36.199 - - [07/Feb/2005:14:34:23 -0800] "GET /pictures/index.cgi?mode=album&album=/cars/misc/rally HTTP/1.1" 200 11108 "http://texas-holdem.crescentarian.net/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iRider 2.21.1108; FDM)"
Notice the texas-holdem stuff. So that appears in my log analysis software, flooding it with this junk. I figure it's either bots that do this on purpose or people who have downloaded spyware/adware. Either way, it's annoying. This is my solution:
SetEnvIfNoCase Referer "(holdem|hole-em|casino|viagra|chatt-nett|diet-pills|poker|mortgage|roulette|valium|phentermine|loans)" referer_spam order deny,allow deny from env=referer_spam CustomLog /home/nathan/logs/www.mybrainhurts.com-access.log combined env=!referer_spam CustomLog /home/nathan/logs/www.mybrainhurts.com-spam.log combined env=referer_spam
So, the first line sets an environment variable "referer_spam" if it encounters any of the regex in the Referer. The next section disallows them to access files on the server and tosses a 403. Heh, bastards. The next 2 lines define different log files for the stuff tagged as "referer_spam". Easy.