Ultimate htaccess Blacklist

By Jeff Starr on Thursday, June 28, 2007 — 57 Responses

Post #361 categorized as Function, last updated on Oct 15, 2007
Tagged with apache, blacklist, htaccess, list, mod_rewrite, spam, tricks

[ Image: Solar Eclipse ] For those of us running Apache, htaccess rewrite rules provide an excellent way to block spammers, scrapers, and other scumbags easily and effectively. While there are many htaccess tricks involving blocking domains, preventing access, and redirecting traffic, Apache’s mod_rewrite module enables us to target bad agents by testing the user-agent string against a predefined blacklist of unwanted visitors. Any matches are immediately and quietly denied access.

There are many ways to obtain an effective htaccess blacklist. There are several excellent forums around the web that provide a plethora of priceless htaccess advice. Highly suggested. Additionally, after copying and pasting your favorite forum blacklist examples to your domain’s root htaccess file, you will want to continue with its development by tracking bandwidth thieves, comment spammers, and site scrapers and adding them to the list. Or, you may wish to skip the tedious grunt work and simply grab a copy of the Ultimate htaccess Blacklist!

The Ultimate htaccess Blacklist began as a short list of only the most heinous offenders. Blocking scum was such an enjoyable activity that we soon added to the list the identity of every nasty agent we could find. The result has been a very low-stress, spam-free site with virtually zero stolen bandwidth. The list is fairly comprehensive and attempts to blacklist as many site rippers, grabbers, spammers and bad bots as possible. While no blacklist could ever block them all (nor would they want to using this method)1, an elaborate htaccess blacklist can do wonders to improve overall performance, decrease site maintenance, and reduce server expense. Overall, we consider this blacklist a great foundation on which to build and customize your own ultimate htaccess blacklist!2

So without further ado, here is our version of the ultimate htaccess blacklist, as promised. Simply copy and paste the following code into the root htaccess file of your site to enjoy a serious reduction in wasted bandwidth, stolen resources, and comment spam. Don’t forget to backup your data and test everything, etc. — After that, you’re good to go!

The Ultimate htaccess Blacklist

# Ultimate htaccess Blacklist from Perishable Press
# Deny domain access to spammers and other scumbags
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} almaden [OR]
RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR]
RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR]
RewriteCond %{HTTP_USER_AGENT} ^attach [OR]
RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR]
RewriteCond %{HTTP_USER_AGENT} ^BackWeb [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bandit [OR]
RewriteCond %{HTTP_USER_AGENT} ^BatchFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^Buddy [OR]
RewriteCond %{HTTP_USER_AGENT} ^bumblebee [OR]
RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^CICC [OR]
RewriteCond %{HTTP_USER_AGENT} ^Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Copier [OR]
RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DA [OR]
RewriteCond %{HTTP_USER_AGENT} ^DIIbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo\ Pump [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Wonder [OR]
RewriteCond %{HTTP_USER_AGENT} ^Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^Drip [OR]
RewriteCond %{HTTP_USER_AGENT} ^DSurf15a [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EasyDL/2.99 [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} email [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FileHound [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} FrontPage [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetSmart [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^gigabaz [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go\!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^gotit [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^grub-client [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} ^HTTrack [OR]
RewriteCond %{HTTP_USER_AGENT} ^httpdown [OR]
RewriteCond %{HTTP_USER_AGENT} .*httrack.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^Indy*Library [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^InternetLinkagent [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^Iria [OR]
RewriteCond %{HTTP_USER_AGENT} ^JBH*agent [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^JustView [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^LexiBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^lftp [OR]
RewriteCond %{HTTP_USER_AGENT} ^Link*Sleuth [OR]
RewriteCond %{HTTP_USER_AGENT} ^likse [OR]
RewriteCond %{HTTP_USER_AGENT} ^Link [OR]
RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mag-Net [OR]
RewriteCond %{HTTP_USER_AGENT} ^Magnet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^Memo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mirror [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla*MSIECrawler [OR]
RewriteCond %{HTTP_USER_AGENT} ^MS\ FrontPage* [OR]
RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [OR]
RewriteCond %{HTTP_USER_AGENT} ^MSIECrawler [OR]
RewriteCond %{HTTP_USER_AGENT} ^MSProxy [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetMechanic [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR]
RewriteCond %{HTTP_USER_AGENT} ^Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^Openfind [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^Ping [OR]
RewriteCond %{HTTP_USER_AGENT} ^PingALink [OR]
RewriteCond %{HTTP_USER_AGENT} ^Pockey [OR]
RewriteCond %{HTTP_USER_AGENT} ^psbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^Pump [OR]
RewriteCond %{HTTP_USER_AGENT} ^QRVA [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^Reaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Recorder [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Scooter [OR]
RewriteCond %{HTTP_USER_AGENT} ^Seeker [OR]
RewriteCond %{HTTP_USER_AGENT} ^Siphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SlySearch [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^Snake [OR]
RewriteCond %{HTTP_USER_AGENT} ^SpaceBison [OR]
RewriteCond %{HTTP_USER_AGENT} ^sproose [OR]
RewriteCond %{HTTP_USER_AGENT} ^Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^Szukacz [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^URLSpiderPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^Vacuum [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [OR]
RewriteCond %{HTTP_USER_AGENT} ^webcollage [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebHook [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebMiner [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebMirror [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^Webster [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Whacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^x-Tractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]
Copyright2009PerishablePress

Footnotes

Subscribe to Perishable Press

36085 visits

57 Responses

TopLeave a comment

[ Gravatar Icon ]

#1Phil

Probably just being dim, but I don’t get the final two lines (where the condition is that the referrer is http://www.iaea.org). Is there some spambot that pretends to be an incoming link from the IAEA?

[ Gravatar Icon ]

#2Perishable

Yes, apparently there is a nasty bot from somewhere in Southeast Asia that uses iaea.org as the referrer. Not sure if it is still crawling the web — you may be safe removing it from the list..

[ Gravatar Icon ]

#3Phil

OK, thanks.

I ran into a problem with the blacklist provided, however, and think there might be a typo.

The following line causes an internal error on my server. If I add a space after the DISCo slash, then it works fine again:
RewriteCond %{HTTP_USER_AGENT} ^DISCo\Pump [OR]

Thanks for the great blacklist. I’m now using it in place of the less comprehensive version I obtained from here:
http://www.javascriptkit.com/howto/htaccess13.shtml

Phil.

[ Gravatar Icon ]

#4Perishable

Phil,

Yes, good catch. The DISCo condition should definitely have a space before the Pump:

RewriteCond %{HTTP_USER_AGENT} ^DISCo\ Pump [OR]

I have corrected the blacklist so others should not experience any problems.
Thank you for your help!

Regards,
Jeff

[ Gravatar Icon ]

#5WillMacc

Excellent blacklist for the htaccess file!
It even had a few on there I haven’t seen before! :)
I rant on this subject on my blog all the time:
http://www.a-daily-rant.com/

[ Gravatar Icon ]

#6Perishable

WillMacc,

We are honored by your presence! Your work at http://www.a-daily-rant.com/ is excellent and much appreciated. I highly recommend your site for anyone serious about winning the war against spam, scrapers, and other online scum!

Many thanks!

[ Gravatar Icon ]

#7Greg

Thanks so much, with any doubt, the best list ever.Your site is fantastic !!
I’m wondering if you could privude the same list but in a “compress version” ?
Likethis for exemple: RewriteCond %{HTTP_USER_AGENT} ADSARobot|Anarchie|ASPSeek|Atomz|BackWeb|Bandit|…and so much more… with the [OR] and/or the [NC,OR] at the ends of lines.
Thank you agnain !

[ Gravatar Icon ]

#8Greg

You can see, wht I’m talking about here: http://www.toulouse-renaissance.net/c_outils/c_htaccess_compact.htm

;-)

[ Gravatar Icon ]

#9Perishable

Greg,

By all means, that is a great idea. I will rewrite the blacklist and post a complete, compressed version featuring even more agents within the next week or so. Stay tuned..

[ Gravatar Icon ]

#10Robs

Thanks - just a heads up that this line causes the whole list to fail on my server (it ignores everything and lets every bot through). Comment it out and there is no problem

RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]

[ Gravatar Icon ]

#11Perishable

Robs,

Thanks for the heads up — may I ask what type of server/software are you using?

Thanks,
Jeff

[ Gravatar Icon ]

#12Perishable

Greg,
Thanks again for the suggestion to release a compressed version of the ultimate htaccess blacklist. I finally managed to find the time to rewrite the list, and decided to add another fifty or so agents. Even with the new entries, the compressed blacklist is almost half the size of the original. Here is a link to the new article.
Cheers,
Jeff

[ Gravatar Icon ]

#13Greg

Well done !

Your Welcome :-)

[ Gravatar Icon ]

#14Sanstenarios

Hi,

glad to find up to date info about referer spam. If i get the point, referer spam is created using forged referer info in the http request, but can’t the user agent be forged also ?

[ Gravatar Icon ]

#15Perishable

Sanstenarios,
Thanks for the comments. Unfortunately, any blacklist will only stop only those agents that admit to being on the list. Of course, forging identifying data such as referrer info and user agent is indeed possible, rendering virtually all such lists at least partially ineffective. Nonetheless, extensive blacklists such as the one provided in this article remain quite effective in denying access to spam whores and other scumbags. So, until that perfect solution manifests, we continue to employ any and all tools at our disposal.

[ Gravatar Icon ]

#16Sanstenarios

I set up the compress list and gonna check my logs ;)

Thanx

[ Gravatar Icon ]

#17khalifa

great list thnx

[ Gravatar Icon ]

#18Perishable

My pleasure!

[ Gravatar Icon ]

#19Lisa

Wow! This is one big list :) By default, my .htaccess file already has the line “RewriteEngine on” and
“RewriteBase /”. I don’t need to rewrite them right?

I’m a little confused with how .htaccess works.

[ Gravatar Icon ]

#20Perishable

Yes, Lisa, that is correct — you only need to specify each of those directives once per directory. If your htaccess file is in the root of your site, then you only need to declare them in that file, even if you place additional rewrite rules in subdirectories further downstream. The RewriteEngine on is simply telling the Apache server software to enable the rewrite module so that it can process rewrite rules, while the RewriteBase / declaration explicitly sets the base URL for per-directory rewrites.

[ Gravatar Icon ]

#21Proximuz

Hi.

Thanks for your list :) It’s your list up to date?

[ Gravatar Icon ]

#22Perishable

Hi Proximuz,

I last updated this list on October 15, 2007. Blacklists such as this are difficult to keep updated because the bad bots are constantly changing — there are new bots popping up every day, and old ones that simply disappear. Currently, I am constructing a fresh blacklist that I will post later this year.. until then, you may want to check out the Ultimate Blacklist 2 — last updated on November 5th, 2007, and also compressed for easier handling :)

[ Gravatar Icon ]

#23Proximuz

Hi Perishable :)

Thanks for your answers:)
I’m gonna take a look at your link.

Thanks

[ Gravatar Icon ]

#24Perishable

My pleasure, Proximuz :)
Best of luck!! ;)

[ Gravatar Icon ]

#25Rasheed

Hello Jef,

I suffer a lot from site scrappers.

I have this list in my site.

For test purposes i tried to (scrap) my site using Offline Explorer but it was not blocked.

I also tried the same thing with your site (just for 30 sec) and did not get Offline Explorer blocked.

What should i do to block it ?

How can i determine which software the scrapper is using ? The raw log file shows that ?

Thanks,

Rasheed.

[ Gravatar Icon ]

#26Perishable

Hi Rasheed,

I feel your pain!
Perhaps this will work:

# block Offline Explorer
SetEnvIfNoCase User-Agent "Offline Explorer" keep_out
<Limit GET POST>
   order allow,deny
   allow from all
   deny from env=keep_out
</Limit>

It takes a different approach by using SetEnvIfNoCase, but I am not certain that “Offline Explorer” is the actual user agent for that client. If it doesn’t work, you may also want to try alternate names for the user agent.

I hope it helps!

[ Gravatar Icon ]

#27Rasheed

Hi Jeff,

I found they changed the agent name to IE.

If i block it also Internet Explorer will be blocked (403).

Frustrating !

[ Gravatar Icon ]

#28Perishable

Ouch — That sucks! I guess I can remove that line from the blacklist now.. ;)

[ Gravatar Icon ]

#29Jeff Mez

If you have RSS feeds, something in this list blocks Google and Yahoo from being able to read your RSS XML. Feedburner was still able to update. I put this on my site on Feb-16 and just today checked my feeds on My-Google and Yahoo. Both stopped updating on Feb-16. I commented out just this blacklist from my .htaccess file, waited about 30 minutes and sure enough, Google and Yahoo both updated to today. :\

[ Gravatar Icon ]

#30Perishable

Thanks for the input, Jeff. I will be looking into this. In the meantime, you may want to check out a lighter, “friendlier” type of blacklist. :)

[ Gravatar Icon ]

#31Peter

Hi
Does this even have to go into a .htaccess file? Can’t it be used more globally by having it in a apache config file?

[ Gravatar Icon ]

#32Perishable

Yes, the blacklist may definitely be placed directly into Apache’s httpd.conf file.

[ Gravatar Icon ]

#33Peter

Thanks for the follow up. With several domains its much easier to maintain doing this globally.

I log all activity to a database and the amount of 403 I’m getting is impressive between this and the 2G Blacklist.

:)

[ Gravatar Icon ]

#34Perishable

Absolutely! I love to watch the idiot bots bounce off the walls ;)

[ Gravatar Icon ]

#35HR Blog

Thanks for this list and the updated list. I love watching all the denials in the logs.. Is that creepy?

[ Gravatar Icon ]

#36TechJammer

I have noticed that comment spammers are bypassing this security step, and just forging my sites own referer ID. Has anyone discovered a way to detect a forged referer ID?

[ Gravatar Icon ]

#37Mark

My ISP just upgraded to PHP5, and I discovered that an “old” version of this list was caused 500 server errors. I replaced it with the new list, and it’s smiles all around again. I’m just leaving this note as a a thank you and as a “heads up” to anyone else running into a PHP5 panic attack.
Thanks again !!!

[ Gravatar Icon ]

#38Json

Hi Mark

I get the same with both lists.
Which list did you use?

Cheers

[ Gravatar Icon ]

#39Json

Fixed, it was a syntax issue!

“Order allow,deny” not “order allow,deny” Case sensitive.

Cheers

[ Gravatar Icon ]

#40Mark

Hello !

I can’t remember now, but it seems you located the error already anyway,
so it’s all good now, I suppose :)

Thanks again,

Mark

[ Gravatar Icon ]

#41Jeff Starr

@Json: It might be because I just woke up, but I am not seeing where there are any instances of order allow,deny in the blacklist.. what am I missing here?

[ Gravatar Icon ]

#42Json

@Jeff Starr: Sorry I didn’t post any code. My 500 error was from the wrong case in “order - should be Order

Order allow,deny
allow from all
deny from eudora.com
deny from bravenet.com
deny from tripod.com
deny from lethadinan.pib.ir
deny from xanga.com
deny from iblogme.com

[ Gravatar Icon ]

#43Jeff Starr

@Json: Okay thanks, now I understand. But keep in mind that by posting that comment on this thread, you insinuate that the faulty code was obtained from, or otherwise related to, this article. As far as I can tell, no such directives are provided on either this post or in the related (compressed version) blacklist. In any case, I am glad that you have resolved the issue with your code. :)

[ Gravatar Icon ]

#44Json

Cool will do for next time. I still can’t figure out how to test it though.
I have searched for a .htaccess testing system but couldn’t find one.

Cheers

[ Gravatar Icon ]

#45John

Silly Question: Couldn’t the spammers just set an user-agent of mozilla? or are you assuming they are not that smart?

[ Gravatar Icon ]

#46Jeff Starr

@John: Not silly at all, really. As with any group of people, there are those with intelligence and those lacking in it. In my experience, there are many spammers who declare mozilla and other common user-agents to bypass filters, but the vast majority do not. Unfortunately, user-agent blacklists are based on assumptions, but they continue to prove useful nonetheless.

[ Gravatar Icon ]

#47John

Hi Jeff,

Good deal, makes sense.

Thanks!
-John

[ Gravatar Icon ]

#48Milan

This seems very useful, thanks.

Unfortunately, my hosting provider (GoDaddy) doesn’t provide detailed logs, so it is hard to know how much difference this is making.

Are there any disadvantages to having a long .htaccess file, in terms of site performance?

[ Gravatar Icon ]

#49Jeff Starr

@Milan: I have not tested this list of directives specifically (in terms of performance), but have seen much bigger lists (and htaccess files) in play that don’t seem to have much of a negative impact on performance. But then again, I’m not going to sit here and tell you that it doesn’t have an effect - the server has to process all of those matches for every valid page request, so probably not advisable for high-volume traffic sites and/or slow servers. One thing you can do to improve performance in general is to add the following line to your root htaccess file:

AllowOverride None

For more info on this method, see my article Stupid htaccess Tricks.

Share your thoughts..

TopRead official comment policy

The rules are simple. Comment intelligently. Stay on-topic. Don’t spam! Suspected spam will be deleted. Use your real name or nickname, not a site name or business name. Using a site name or business name is a good way to get your link or comment removed. Certain comments are moderated; if your comment does not appear after several days, or if you wish to comment privately, contact me. Also, by posting a comment, you grant this site a perpetual license to reproduce your comment, name, and website URL. Lastly, you may use basic HTML markup, but please do not use <pre> tags. Instead, wrap your code with <code> tags. Use a new set of <code> tags for each code term or phrase, as well as for each individual line of code (i.e., multiple lines of code require multiple code tags). Please see the complete comment policy for more information.

Search Perishable Press
Standards-based web design
WordPress, blogging & security
  • WordPress / Plugins, Themes, Tutorials
  • Blogging / Social media, social networking
  • Security / Anti-spam, blacklists, firewalls
Featured Content

Explore Perishable Press

Join 2345.52+ Subscribers
Perishable Resources
Perishable Projects
Random Friends
© 2009 Perishable Press • Design by Monzilla Media
Site CreditsSite MapLinkageTop