Killing Referer Spam

published on 2005-02-21 in computing

Apparently spammers have taken to hitting up web servers and flooding them with REFERER spam. Stuff like this: - - [07/Feb/2005:14:34:23 -0800] "GET /pictures/index.cgi?mode=album&album=/cars/misc/rally HTTP/1.1"  200 11108 ""  "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iRider 2.21.1108; FDM)"

Notice the texas-holdem stuff. So that appears in my log analysis software, flooding it with this junk. I figure it's either bots that do this on purpose or people who have downloaded spyware/adware. Either way, it's annoying. This is my solution:

SetEnvIfNoCase Referer

order deny,allow  
deny from env=referer_spam  
CustomLog /home/nathan/logs/ combined
CustomLog /home/nathan/logs/ combined

So, the first line sets an environment variable "referer_spam" if it encounters any of the regex in the Referer. The next section disallows them to access files on the server and tosses a 403. Heh, bastards. The next 2 lines define different log files for the stuff tagged as "referer_spam". Easy.

Tags: spam email linux