Blocking spam referrers

I’ve noticed through my website statistics program (I use Mint, thankyouverymuch), and I’ve noticed a couple of referrers that are suddenly referring a ton of hit to my website. I as curious what I did to attract these guys, so I peeked in my Apache logs a bit, and headed over to their website to find out what they’re all about.  Turns out, they’re basically opening a little frame in their site, and redirecting browsers to hit Movable Type trackback posts.  Mind you, I haven’t run Movable Type in … 6 months?

Now, my Movable Type install doesn’t exist anymore, but I do have a rewrite rule in my Apache configuration to capture 404 (resource not found) errors and have WordPress deal with them.  This is so you get pretty website addresses for me, rather than something ugly with variable names in the website address.

I decided that I wanted to block these guys.  Not because they’re bothering me in any way — the trackback script they’re trying to hit on my server doesn’t exist anymore — but they are skewing my website statistics.

Warning: technology speak ahead.

I knew that I could solve this with mod_rewrite in Apache, but I never remember the conditionals and syntax of anything more than a very basic rule rewrite.  A bit of searching online led me to, who have already fixed this problem (and in a bigger way than I need to).  Basically, they use Apache’s mod_rewrite to forbid any request with a certain referrer field using RewriteCond and HTTP_REFERER variables.  I dropped the following two lines into my .htaccess, where I do the rest of my mod_rewrite work:

RewriteCond %{HTTP_REFERER} (tbsp2.php) [NC] 

RewriteRule .* - [F]

What does this do?  The first line checks the HTTP_REFERER variable, and if it contains tbsp2.php, it executes the next RewriteRule directive.  In my case, two different websites (who I will not link to), have a page called /klx/tbsp2.php with the aforementioned frame sketchiness going on.  The RewriteRule directive tells Apache to not redirect the client or do any rule rewriting.  The magic is in the [F] – this tells Apache to return a 403 Forbidden error.  These don’t get tracked into my Mint statistics, so they’ll no longer skew my stats.  And now, anytime I notice additional spamming referrers, I’ll just add another RewriteCond to my configuration.

And no, I haven’t been misspelling "referrer" through this.  For some reason, RFC2616 documents this as "referer", which is wrong.

I hate web spam…

I really hate web spam. Since I used to run [Movable Type]( here, lots of spammers used to hit up /mt/mt-tb.cgi and /mt/mt-comments.cgi to try to auto-spam my blog. I’ve been running [Wordpress]( for (checks archives) nearly 3 months now, and I’m still seeing it.

Today, I was checking out my [Mint]( statistics, and I noticed I had some really spammy-looking [outclicks]( from my [photo gallery]( Turns out spambots on in “t3h internets” are spamming my comments in there too, so I’ve disabled Gallery comments now.

Sigh. I wish someone would come up with a [TypeKey]([LiveID]([OpenID]( system that actually worked and was well used, so comments could be better managed.

(ed. note: now that I’ve written all that, there’s a lot of links up there. And it looks spammy. How ironic and lovely.)

I’m a liar

Well, at least, according to the local [Girl Scouts]( I am. You see, I went to the grocery store the other day, and upon exiting, there were Girl Scouts selling their [cookies]( (mmmm, [Thin Mints](!). Diann had just bought some a few days before, so I told the 8 year-old that I had already acquired my cookie supply for the year.

I’m walking away, and I hear the girl tell the scout mom, “I don’t remember selling any cookies to him the other day.”


Now that’s a cool pepper: FeedBack

Those of you using [Mint]( may want to install the [FeedBack Pepper]( that was released today.

It’s very cool — finally lets you get a handle on how many people are following your site via RSS feeds. A little bit of Apache mod_rewrite trickery, and now I can see how many people are watching me via feeds. Nicely done.