3

I have been trying to block some referral spam to our WordPress sites using .htaccess code similar to that shown below.

This seems to be fairly effective in blocking the primary domains (semalt.com) and explicitly defined subdomains (semalt.semalt.com).

But, the wildcard subdomains (i.e. 1.semalt.com, 2.semalt.com) seem to be getting past the filters.

Is there anything obviously wrong with this code allowing wildcard subdomains to get through?

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

# block spammers
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*semalt\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*kambasoft\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*savetubevideo\.com [NC,OR]
RewriteCond %{HTTP_REFERER} semalt\.semalt\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*seoanalyses\.com [NC]
RewriteRule .* - [F]

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Also, I have managed to reduce the stream to a trickle, so it is possible the htaccess code is correct, and the spammers are getting around this other ways. Thanks!

Todd
  • 41
  • 1
  • 5
  • Update: I have since discovered that the hosting company (WPengine) has a Nginx layer which takes precedence over the .htaccess on Apache. When the host implemented a domain block on Nginx, the referral spam dropped to zero (for those domains). – Todd Oct 18 '14 at 22:29
  • And, while I am sure the code is not optimal, it has been effective in blocking those referrers (and their wildcard subdomains) on straight Apache servers. – Todd Oct 18 '14 at 22:35
  • 1
    possible duplicate of [blocking semalt referrers with htaccess rules](http://stackoverflow.com/questions/25477342/blocking-semalt-referrers-with-htaccess-rules) – Luke Peterson Jan 26 '15 at 05:40
  • 1
    One More addendum. Turns out there is both actual referrer spam to block and 'ghost' referrer spam to block. More info here: [link](http://www.ohow.co/what-is-referrer-spam-how-stop-it-guide/) – Todd Jul 25 '15 at 15:42

2 Answers2

1

There are thousands of such websites spamming blogs and forums and the only solution is to block spam referrer sites using .htaccess But this is not the solution to rid of spam hits on your site. You need to configure the Google Analytical tool too. You can try following code (tested)

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*ilovevitaly\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*success\-seo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*ilovevitaly.\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*ilovevitaly\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*ilovevitaly\.info/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*iloveitaly\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*floating\-share\-buttons\.com/ [NC,OR] 
RewriteCond %{HTTP_REFERER} ^http://.*econom\.co/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*savetubevideo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*kambasoft\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*buttons\-for\-website\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*.Get\-Free\-Traffic\-Now\.com/ [NC,OR] 
RewriteCond %{HTTP_REFERER} ^http://.*.free\-social\-buttons\.com/ [NC,OR] 
RewriteCond %{HTTP_REFERER} ^http://.*semalt\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*darodar\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*best\-seo\-report\.com/ [NC]
RewriteRule ^(.*)$ – [F,L]

Also see Getting rid of spam referral hits on your website or blog

Disk01
  • 347
  • 3
  • 11
0

The last post cheated me into copying and pasting the code in my htaccess file resulting in allowing those sites to pass through Hotlink protection. Now I have 85K plus of toxic backlinks from Semalt and such pointing to my images and exhausting my server resources. Beware!

Dieguzki
  • 1