Refspam Redux, updated

Two thirds of my referrer logs now consist of spam. This is unacceptable.

If somebody could tell me why this .htaccess file isn’t working, I’d appreciate it:

SetEnvIfNoCase Referer "http://\*info/$" cockbites
Order Deny,Allow
Deny from env=cockbites
Allow from all

I’d also like a regex that accomodates every string with the word “phentermine” in it. Apparently, I’m missing something key about Apache’s .htaccess regexes, and any help would be appreciated.

I don’t know what kind of a target market these assholes think they’re going for, especially considering that none of these .info domains actually exist. Is this some kind of bizzare cross-pollenation of spamvertising and a DDOS?

Update: Mr. Bruce has revealed my idiocy to me, and my now-correctly-functioning .htaccess file looks like this:

SetEnvIfNoCase Referer "^http://.*info" cockbites
Order Deny,Allow
Deny from env=cockbites

SetEnvIfNoCase Referer hentermin asshats
Order Deny,Allow
Deny from env=asshats

5 Comments | Skip to comment form

  1. Mike Bruce

    Even if it is denied, won’t it still get a line in the log, and return a 403 (or something) to the client? Or are you not getting that far?

  2. Mike Hoye

    They’re still showing up as 200s in the log, which I understand means “transmission complete”, and each one includes the number of bytes transmitted. So presumably my gracious host is paying for this stupidity with actual cash money, which I find doubly offensive.

    I’d like these referrers sent right into 404 land; I really don’t care if somebody wants to refer to me from the .info domain, because the new TLDs are a joke that wouldn’t get a laugh in the back seat of the world’s shortest bus.

  3. Mike Bruce

    Remove the “Allow from All”, and make your regex something like:


    You probably don’t want to match the last slash as the end of the string, so the ‘$’ is bad. ‘\*’ is, as far as I can tell, matching a literal ‘*’, which is probably not what you want, either. I added the ‘^’ to the front because it’s more specific and in some universe might therefore be faster or something.

    (Key passage from the mod_access documentation for the Deny,Allow scheme: “Any client which does not match a Deny directive or does match an Allow directive will be allowed access to the server.”)

  4. Mike Hoye

    Of course. Why escape the asterisk? Stupid, stupid.

    Thanks, Mike.

  5. Mike Bruce

    And don’t forget the preceding dot…

    Also, to match everything with “erminephent”, just do something like:

    SetEnvIfNoCase Referer erminephent ermine
    Deny from env=ermine

    Hrm, I’m getting an error “This comment could not be posted due to questionable content” when I try to send this, so I’m adding some text…

    Maybe the p-word is tripping some kind of filter…I’m going to try obscuring that.