1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Getting Rid Of Adminshop and Xopy.com

Discussion in 'Apache' started by wiseone, Dec 27, 2004.

  1. #1
    Anyone got any good tricks for getting rid of all the adminshop referrer spam?

    I am using .htaccess to do this... However, new sites appear everyday.

    Just wonder if anyone had any good tricks.
     
    wiseone, Dec 27, 2004 IP
    miko67 likes this.
  2. xml

    xml Peon

    Messages:
    254
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #2
    xml, Dec 27, 2004 IP
  3. topsites

    topsites Guest

    Messages:
    42
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Well the best solution I found for this problem is to use .htaccess in such a way as to bounce the hits back to the spammer. You see if you simply absorb the hits it does no good because the spammers are not aware of which sites they are spamming, and they don't actually go behind themselves to physically look and see if their links are ranking on anyone's statistics. They use text files full of domains to spam, sometimes thousands, and they even spam domains that don't have public stats so if one (or 2) sites are out there absorbing their hits, they never know the difference.

    With a bounce-back, it is a Kodak-moment to see the spammer's face when they wake up one day to check their own statistics and see they're sending all the hits to themselves, from their own sites. The more people that use the bounce-back technique, the sooner these folk will cease and desist.
    If everyone affected were to use it, the spammers site would crash as multiple servers send back the spammer's request creating a self-inflicted DDOS attack.

    Here is how it works:

    ###STOP REFERRAL SPAMMERS
    # Options +FollowSymlinks
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} ^http://(www\.)?refspamsite1.com.*$ [OR]
    RewriteCond %{HTTP_REFERER} ^http://(www\.)?refspamsite2.com.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} ^http://(www\.)?refspamsite3.com.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} ^http://(www\.)?refspamsite4.com.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} ^http://(www\.)?refspamsite5.com.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} ^http://(www\.)?refspametcetc.com.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} ^http://(www\.)?lastrefspamsite.com.*$ [NC]
    RewriteRule ^(.*)$ %1 [R=301,L]

    Watch and enjoy as the spammer gets mirror hits :)

    The ONLY other solution would be to write a countermeasure which somehow detects the use of the actual program, but that is beyond me. It would be nifty to write this countermeasure with the bounceback built-in, case some programmer sees this ... sigh

    Peace
    Pascal, mgr.
    Awards and Topsites portal
    http://atopqualitysite.com/
     
    topsites, Jan 6, 2005 IP
    miko67 likes this.
  4. J.D.

    J.D. Peon

    Messages:
    1,198
    Likes Received:
    65
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Wouldn't this ruleset just redirect the browser to your own website? %1 matches RewriteCond's () expression, so the final URL would be

    www.yoursite.com/www

    J.D.
     
    J.D., Jan 6, 2005 IP
  5. topsites

    topsites Guest

    Messages:
    42
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #5

    When you redirect a request, the Referer does not get updated to reflect your site as the redirecting site :)
    See:
    http://epcostello.net/articles/2004/05/blocking_referer_spam.php
     
    topsites, Jan 6, 2005 IP
  6. J.D.

    J.D. Peon

    Messages:
    1,198
    Likes Received:
    65
    Best Answers:
    0
    Trophy Points:
    0
    #6
    I think you misunderstood me. %1 in your request will be replaced with "www" or an empty string (%N is always from RewriteCond). Since there's no "http://" in your RewriteRule, Apache will take the value of %1 (i.e. "www") and append it to the value of RewriteBase. Unless you have some other rules you didn't mention, you will get a hit to your own site. Try it and look at the Location header.

    I will try your URL if you give me a referrer string I can use to trigger your ruleset.

    J.D.
     
    J.D., Jan 6, 2005 IP
  7. topsites

    topsites Guest

    Messages:
    42
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Well, it could be I am wrong but I took the information from this article:
    http://epcostello.net/articles/2004/05/blocking_referer_spam.php

    Which states:
    This redirects the traffic back to the spammers in question -
    RewriteRule ^(.*)$ %1 [R=301,L]

    But this tells the client to redirect to itself:
    RewriteRule ^(.*)$ http://%1 [R=301,L]

    That is, at least, what I figured from the article.
    Far as what the command-line actually does, I know it redirects but my own knowledge ends there.
    Peace
     
    topsites, Mar 16, 2005 IP
  8. nevetS

    nevetS Evolving Dragon

    Messages:
    2,544
    Likes Received:
    211
    Best Answers:
    0
    Trophy Points:
    135
    #8
    You should find the largest downloadable file at the spammers site, then redirect those requests there. That way they start paying in bandwidth.
     
    nevetS, Mar 16, 2005 IP
  9. topsites

    topsites Guest

    Messages:
    42
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #9
    That's a good idea ! Their largest file is usually an image on their site :) 50-100k per image easy, way these morons program sites.
    Way to do it is:
    RewriteRule \.*$ http://refspammersportal.biz/images/theirlargest.jpg [R,L]

    (find a large image {kilobytes, that is} via right-click -> properties while casually surfing their site)

    I just implemented it, I got over 70 of these spamsites in .htaccess, things ought to be FUN now hell yeah LOL! Believe it or not, most of these sites (all but about 4 or 5 of them) belong to two spammers who each have a network of sites they spam off. The current redirect points to an 'A' network spamsite ... In a few days, I'll switch it to an image on the 'B' spamnet so both spammers can enjoy this f*k I've been dealing with every day since November last year and see just how much FUN it really is to try and block the crap.

    ...
    Far as the earlier issue concerning mirror-hits, I did some research and found the following command should work better:

    RewriteRule ^(.*) ${HTTP_REFERER} [R=301,L]

    What I would like to do next is get a RewriteRule that sends THEM a referrer of my choice, as I would love to make this referrer say:
    http://this_is_NOT_real_traffic_you_stupid_refspam.moron

    I did find out some more things, please be careful with the [NC,OR] statement part... Could someone explain what NC does, and OR?

    Now another trick is with some these spammers a lot of their domain names contain similarities in keywords which are hopefully unique. In my case, I found a TON of them contained 'dating' as part of the url and while looking through my stats, wouldn't you know it... Out of over 1,000 referrers, not a single legitimate 'dating' domain sending traffic. Well ... well... well ...
    Keyword-based blocking takes effect:

    RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)dating(-|.).*$ [NC]

    (Make sure in this case use only NC - if you use OR, any parts of any site(s) on YOUR server containing the word 'dating' will also suffer the consequences as I found my romance page not working correctly due to this. If you use both NC and OR, similar bad effect happens.)

    The keyword tactic shortened my blacklist by domain names considerably (by 3k) after catching several other repeated keywords that no real referrers of mine use, and likely never will.
    Hope is help,
    Pascal
     
    topsites, Mar 20, 2005 IP
  10. J.D.

    J.D. Peon

    Messages:
    1,198
    Likes Received:
    65
    Best Answers:
    0
    Trophy Points:
    0
    #10
    You are assuming that these requests are made by standard-complient user agents that will follow your redirection instructions. The thing is, most likely they are not - after all, their only goal is to get your web server to log their referrer, and they get what they want anyway.

    J.D.
     
    J.D., Mar 20, 2005 IP
    miko67 likes this.