Refspam Redux, updated

Two thirds of my referrer logs now consist of spam. This is unacceptable.

If somebody could tell me why this .htaccess file isn’t working, I’d appreciate it:

SetEnvIfNoCase Referer "http://\*info/$" cockbites
Order Deny,Allow
Deny from env=cockbites
Allow from all

I’d also like a regex that accomodates every string with the word “phentermine” in it. Apparently, I’m missing something key about Apache’s .htaccess regexes, and any help would be appreciated.

I don’t know what kind of a target market these assholes think they’re going for, especially considering that none of these .info domains actually exist. Is this some kind of bizzare cross-pollenation of spamvertising and a DDOS?

Update: Mr. Bruce has revealed my idiocy to me, and my now-correctly-functioning .htaccess file looks like this:

SetEnvIfNoCase Referer "^http://.*info" cockbites
Order Deny,Allow
Deny from env=cockbites

SetEnvIfNoCase Referer hentermin asshats
Order Deny,Allow
Deny from env=asshats


  1. Mike Bruce
    Posted November 24, 2004 at 10:55 am | Permalink

    Even if it is denied, won’t it still get a line in the log, and return a 403 (or something) to the client? Or are you not getting that far?

  2. Mike Hoye
    Posted November 24, 2004 at 12:06 pm | Permalink

    They’re still showing up as 200s in the log, which I understand means “transmission complete”, and each one includes the number of bytes transmitted. So presumably my gracious host is paying for this stupidity with actual cash money, which I find doubly offensive.

    I’d like these referrers sent right into 404 land; I really don’t care if somebody wants to refer to me from the .info domain, because the new TLDs are a joke that wouldn’t get a laugh in the back seat of the world’s shortest bus.

  3. Mike Bruce
    Posted November 24, 2004 at 2:10 pm | Permalink

    Remove the “Allow from All”, and make your regex something like:


    You probably don’t want to match the last slash as the end of the string, so the ‘$’ is bad. ‘\*’ is, as far as I can tell, matching a literal ‘*’, which is probably not what you want, either. I added the ‘^’ to the front because it’s more specific and in some universe might therefore be faster or something.

    (Key passage from the mod_access documentation for the Deny,Allow scheme: “Any client which does not match a Deny directive or does match an Allow directive will be allowed access to the server.”)

  4. Mike Hoye
    Posted November 24, 2004 at 2:46 pm | Permalink

    Of course. Why escape the asterisk? Stupid, stupid.

    Thanks, Mike.

  5. Mike Bruce
    Posted November 24, 2004 at 2:54 pm | Permalink

    And don’t forget the preceding dot…

    Also, to match everything with “erminephent”, just do something like:

    SetEnvIfNoCase Referer erminephent ermine
    Deny from env=ermine

    Hrm, I’m getting an error “This comment could not be posted due to questionable content” when I try to send this, so I’m adding some text…

    Maybe the p-word is tripping some kind of filter…I’m going to try obscuring that.