Blacklist current as of about 5 years ago
Quick overview for using this blacklist with Apache:
I run a blog and a very important website. Paultastic.com is screaming up the Alexa rankings: my traffic rank has scorched up 1,432,596 in the last three months. (That's really not a big deal).
Unfortunately, the prestige of such a powerful website brings the interests of many spammers. Most of my hits from spammers come from two proxy servers on the alestra network in Mexico, but there are about 400 hosts that bring in the spammers.
My solution? Once I see a reference to a spamming IP in my logs, I put you on my "No Site For You!" list and you get banned forever.
"But Paul, what about the maintenance of such a system? It will take too much of my time!"
Nonsense, just use my same list. I assume these spam hits are coming from the same zombied PCs and proxy servers. If you are interested in the details of the compilation of this list, see my blog entry here.
Okay, now to the good stuff. Just put this in your Apache
httpd.conf file. Repeat for multiple sites. You must be using mod_access for this to work. I'm sure you have it, but in case you don't...
NOTE: These are the current sites that have spammed me as of about 5 years CST. This eliminates most of the referer SPAM I've been getting. I'm guessing it will help you out too.
I was getting scanned pretty hard by a company called Cyvellience. According to what I can find out about them, they are agents of the RIAA, MPAA, and other organizations looking for people hosting unauthorized media files like MP3s and Hollywood movies. Hey, I think its wrong to share those out, too, but give me a break, don't be scanning my website on a regular basis, taking up bandwidth, ignoring robots.txt files, and trying to break into different parts of my site, mmmmkay?.
According to Cyveillance Exposed, this company scans websites without obeying common rules of netiquette. So I used the IP blocks given on that site and added them to my "No Soup For You!" Apache block list. I also changed the <Directory> with <FilesMatch> because I found it to be more accurate.
That is all. Restart Apache gracefully:
$> apachectl graceful
You should start seeing 403 codes in your server logs for your spammers. This means they were rejected, and therefore your configuration file is working.