If you want to see my .htaccess file, just let me know. I’ll be happy to send it to you.

Sounds good to me. Drop me an email with it and thanks big time!

If your control panel supports it, try the IP Deny function. It lets you put in the ip addresses to deny access to. You can even use partial ip addresses, and it will look up ips based on url.

The only problem with denying IP addresses is that most spammers use dynamic IPs these days to get around that very tactic. With the .htaccess method I can define partial URL names to block using pattern matching and that is much more effective as it’ll catch it regardless of IP address.

I did try IP banning. That was working, but it was also banning normal users too. I wasn’t just banning a single IP since spammers use multiple IP’s or dynamic IP’s. I would ban an entire ISP. After getting an e-mail from someone who was banned, I decided the referral banning was the way to go.

dave,

could you send you .htaccess file to me. I am going through this bandwidth mess now and would like some help.

Tank863

I too would like a copy of your .htaccess file if possible.

Thanks a bunch.

I really could use this file too please!!!

I have never used all my bandwidth and I got slammed yesterday.

I gave up on using .htaccess a long time ago. It took way too much time to keep adding entries to the list.

A tool that comes pretty close to working great is Referrer Karma (http://unknowngenius.com/blog/wordpress/ref-karma/).

It does a pretty good job without having to enter data into the .htaccess file.

I have all but given up on weblogging due to scumbags that comment spam and refer spam. There was a time when weblogging used to be fun, now it just seems like a lot of work. I already have a job and don’t really feel like “working” on my blog too.

Good luck with your referral spam problem…

I would love to take a gander at that .htaccess file. Thanks!

Heh, I stopped using that method long ago. I found I was adding many entries to the file every day. I finally just gave up on the whole idea.

There are probably many people that still do this. One person uses .htaccess exclusivly to stop commment and referral spam.

John Dvorak talks about comment spam and a simple .htaccess modification that will pevent 99% of it. Heard that on the latest TWiT podcast.

Dave - Is there a way to block users with .htaccess who are in turn blocking their IP addresses from appearing in my server log (currently these are logged as “no entry). If you can also send me a copy of your .htaccess file, I would really appreciate it.

Ed

I have long since given up on the idea of using .htaccess. It just took way too much effort to deal with it.

Mostly the problem with blocking an IP address is that if the user is using a dialup connection or a proxy system like AOL, the IP address will change pretty often. Blocking a range of IP’s will block people that are not doing bad things too.

I finally just gave up on the hosting a site myself and am using WordPress.com as my blog provider now.

I don’t know enough about EE to answer Ed’s question. Unless the webserver is configured very strangely, the raw server logs must contain IP number or resolved names of whoever queries the server. EE’s internal logs are a different matter, but if both are available for correlation, a solution may present itself.

As to the effectiveness of spam countermeasures like mod-access and mod-rewrite, I run an EE site for somebody and literally a dozen lines of rewrite code make the server survive between 10-20k referrer spams a day - more than enough to get the site kicked off a shared server. The long and short of it is that you have to resign yourself to an arms race and carefully craft and adapt your countermeasures, all of which can be automated to large degree.