Killing referrer spam at the Apache level Calm_Pear wrote on 2005/03/08: he! :-) lol... but I'm not using apache and the link is down too... ;-) Calm_Pear wrote on 2005/03/08: google's cache works... http://22.214.171.124/search?q=cache:DnCesUolYqAJ:cavlec.yarinareth.net/archives/2005/01/11/killing-referrer-spam/+%22Killing-referrer-spam%22&hl=en Milo wrote on 2005/03/08: Strange, the original is working fine for me... Anyway, the trick amounts to adding the following three lines to your .htaccess file: SetEnvIfNoCase Referer ".*(word1|word2|etc).*" BadReferrer order deny,allow deny from env=BadReferrer Mathieu 'P01' HENRI wrote on 2005/03/08: Why would people make their stats public ? o_Ô I doubt it really interrest someone else but the admin of the site, and it exposes their site to referrer spam. Milo wrote on 2005/03/08: I dunno, I kinda like seeing referrers at other sites... Also, referrers for specific weblog entries can be an interesting source of more information. Mathieu 'P01' HENRI wrote on 2005/03/08: Indeed. And your site is a great example of that. Have you ever had a case of referrer spam ? BTW, I've got tricked 1 or 2 times by your referrer box when I checked the referrers in my stats. I clicked on a link and shazaam the URL of my stats appeared in full on your site :p Oops Milo wrote on 2005/03/08: Yeah, that's tricky... ;) I am getting hundreds of attempts at comment- and referrer-spam every day. I filter a lot of it via php but this new .htaccess-based method saves some cpu-power. huphtur wrote on 2005/03/08: what about using trackback and/or pingback? Milo wrote on 2005/03/08: I have never seen a useful trackback or pingback. Roel wrote on 2005/03/08: The new Nucleus referrer plugin checks the referring webpage to see if there is really a link to your site. That is a very solid way for verifying if you are(n't) dealing with spam (though links accessed through a webmail or online rss aggregator cannot be verified). http://www.rakaz.nl/nucleus/item/57 Mathieu 'P01' HENRI wrote on 2005/03/08: It could be a kind of magic bullet if in case of a fake referrer it send for approval an updated version of the .htaccess to the admin to filter referrer spams from/for similar domains. However I fear such plugin put the server into a crawl during a spam fiesta with dozens/hundreds of spam attempts per minute. Jan! wrote on 2005/03/09: Actually, Roel, that still doesn't provide fool-proof protection. All it takes is one smart enough spammer to keep a bucket of [ip] => [hostname1..hostnameN] translations and dynamically insert a link to all hostnames for the IP doing the request.