Block the SPAM Referrers from your Apache

Download the IP Blacklist Here (342 KB)

Blacklist current as of 2008-06-17 09:55:52 PM CST

Quick overview for using this blacklist with Apache:

  1. Make sure you have mod_access installed.
  2. Download the latest blacklist here. Save it in a directory accessible by Apache.
  3. Put this line in your httpd.conf file:

    AccessConfig /path/to/blacklist/access.conf
    In Apache2: Includes /path/to/blacklist/access.conf
  4. Restart Apache (apachectl graceful)
  5. Voila, you should start seeing error 403, access denied lines in your apache logs.

Detailed Information

I run a blog and a very important website. Paultastic.com is screaming up the Alexa rankings: my traffic rank has scorched up 1,432,596 in the last three months. (That's really not a big deal).

Unfortunately, the prestige of such a powerful website brings the interests of many spammers. Most of my hits from spammers come from two proxy servers on the alestra network in Mexico, but there are about 400 hosts that bring in the spammers.

My solution? Once I see a reference to a spamming IP in my logs, I put you on my "No Site For You!" list and you get banned forever.

"But Paul, what about the maintenance of such a system? It will take too much of my time!"

Nonsense, just use my same list. I assume these spam hits are coming from the same zombied PCs and proxy servers. If you are interested in the details of the compilation of this list, see my blog entry here.

Okay, now to the good stuff. Just put this in your Apache httpd.conf file. Repeat for multiple sites. You must be using mod_access for this to work. I'm sure you have it, but in case you don't...

NOTE: These are the current sites that have spammed me as of 2008-06-17 09:55:52 PM CST. This eliminates most of the referer SPAM I've been getting. I'm guessing it will help you out too.

5/6/2005 Update

I was getting scanned pretty hard by a company called Cyvellience. According to what I can find out about them, they are agents of the RIAA, MPAA, and other organizations looking for people hosting unauthorized media files like MP3s and Hollywood movies. Hey, I think its wrong to share those out, too, but give me a break, don't be scanning my website on a regular basis, taking up bandwidth, ignoring robots.txt files, and trying to break into different parts of my site, mmmmkay?.

According to Cyveillance Exposed, this company scans websites without obeying common rules of netiquette. So I used the IP blocks given on that site and added them to my "No Soup For You!" Apache block list. I also changed the <Directory> with <FilesMatch> because I found it to be more accurate.

Download here

That is all. Restart Apache gracefully:

$> apachectl graceful

You should start seeing 403 codes in your server logs for your spammers. This means they were rejected, and therefore your configuration file is working.


All content © 1997-2008 . All Rights Reserved.