I’ve noticed through my website statistics program (I use Mint, thankyouverymuch), and I’ve noticed a couple of referrers that are suddenly referring a ton of hit to my website. I as curious what I did to attract these guys, so I peeked in my Apache logs a bit, and headed over to their website to find out what they’re all about. Turns out, they’re basically opening a little frame in their site, and redirecting browsers to hit Movable Type trackback posts. Mind you, I haven’t run Movable Type in … 6 months?
Now, my Movable Type install doesn’t exist anymore, but I do have a rewrite rule in my Apache configuration to capture 404 (resource not found) errors and have WordPress deal with them. This is so you get pretty website addresses for me, rather than something ugly with variable names in the website address.
I decided that I wanted to block these guys. Not because they’re bothering me in any way — the trackback script they’re trying to hit on my server doesn’t exist anymore — but they are skewing my website statistics.
Warning: technology speak ahead.
I knew that I could solve this with mod_rewrite in Apache, but I never remember the conditionals and syntax of anything more than a very basic rule rewrite. A bit of searching online led me to ilovejackdaniels.com, who have already fixed this problem (and in a bigger way than I need to). Basically, they use Apache’s mod_rewrite to forbid any request with a certain referrer field using RewriteCond and HTTP_REFERER variables. I dropped the following two lines into my .htaccess, where I do the rest of my mod_rewrite work:
RewriteCond %{HTTP_REFERER} (tbsp2.php) [NC]
RewriteRule .* - [F]
What does this do? The first line checks the HTTP_REFERER variable, and if it contains tbsp2.php, it executes the next RewriteRule directive. In my case, two different websites (who I will not link to), have a page called /klx/tbsp2.php with the aforementioned frame sketchiness going on. The RewriteRule directive tells Apache to not redirect the client or do any rule rewriting. The magic is in the [F] – this tells Apache to return a 403 Forbidden error. These don’t get tracked into my Mint statistics, so they’ll no longer skew my stats. And now, anytime I notice additional spamming referrers, I’ll just add another RewriteCond to my configuration.
And no, I haven’t been misspelling "referrer" through this. For some reason, RFC2616 documents this as "referer", which is wrong.