I am under phentermine attack?

mwillems is it the very first line in the index.php? Sorry if it’s obvious, just that’s the only thing I can think of.

Terry, yes, it is the very first line.

And your ideas are very welcome, Terry!

AHA — the string as suggested by the sacript was wrong: it was <?php include_once (“/var/www/html/willems.ca/blog/wp-content/referrer-karma.php”); check_referrer(); ?>

That should have read <?php include_once (“/blog/wp-content/referrer-karma.php”); check_referrer(); ?>

So now, wqhen I browse my own site, I get a blank page only. Maybe my internal IP is not reverse lookup-able or something?

The database is still empty though., In other words the passwords etc are good, since the tables have been created – but the tables are still empty.

Michael

excuse me?

This is an open thread. Im not doing anything you arent doing , Terry. Last time I checked I am able to make suggestions as well. And please dont forget that there might be other people that read this — maybe THEY wont want to use a wordpress plugin to fight referer spam. After all, its somewhat ass backwards to make a blogging application perform a task that Apache already handles.

Secondly,

RewriteCond %{HTTP_REFERER} ^(.*)pill(.*)$ [NC]

catches ANY referer with the string pill in it.

RewriteCond %{HTTP_REFERER} ^(.*)phent(.*)$ [NC]

catches any string with the partial match phent in it.

And obviously, you add more strings.

You’re obviously not interested in any more suggestions, so good luck with your spam.

Whoami,

If you saw my logs you would not suggest that, I think. It is not just Phentermine. There are literally hundreds of strings. From child porn to herbal viagra. They change daily.

Michael

Whatever whooami, carry on. And FYI your htaccess suggestion is helpful, I was just saying it’s too bad you chose to talk to us the way you did.

So now, wqhen I browse my own site, I get a blank page only. Maybe my internal IP is not reverse lookup-able or something?

Not a good thing! lol. I’m tapped out for ideas mwillems, sorry.

On the contrary, I assure you that I would suggest using my method. Its not a mystery, and youre not the only one to have had this happen.

If you had looked at the Google results I pointed you to, you might have seen this. Its very similar to what Ive already suggested.

https://www.joemaller.com/htaccess.txt

It sounds to me, like you just dont understand the power of Apache and mod_rewrite.

PS: terry, get over yourself, as of yet, Ive not said anything rude, so chill out, and YOU carry on. 3 of my posts were caught by askimet and NOT showing up, hence the HELLLO – you flatter yourself to think that I was adressing you.

you are using a wordpress plugin to block referer spam? good God, what has the world come to.

What were you suggesting here? That we’re brainiacs or idiots?

Edit: I’m done in here for the day. Have a good one :).

was I addressing you? No.

If you must know, I find it absolutely ludicrous and very comical that, especially, someone that has root access to a box would resort to making WordPress manage referer spam.

The plugin, notwithstanding, using wordpress to do something that Apache/mod_rewrite already handles efficiently is like putting the steering wheel of your car in your trunk.

But surely, whoami, mod_rewrite does not do the kind of stuff that this script does?

Are these all referrer to the same other site? Specifically, shaablog.com?

If so, what’s the problem?

RewriteCond %{HTTP_REFERER} ^(.*)shaablog(.*)$ [NC]
RewriteRule ^.* - [F]

Now, I grant you that referrer karma is a neat plugin, and it’s more generalized and capable of a wider variety of things.

But if this is a one-shot deal, the .htaccess method is best simply because it takes nearly no server resources and will more or less instantly stop the denial of service attack that the referrer spam basically amounts to.

caught by askimet again, so im not sure if this got through the first time:

what are you trying to do? prevent refer spam from showing up in your logs?

IF you look at that script, it sends referer spammers a 403.

What Ive suggested doing does exactly the same thing.

IF you want to bloat your database with needless data, recording crap referers.

No, I’m sorry, my solution wont do that.

And for the record, just because a referer gets sent a 403 doesn’t mean it doesn’t show up in your logs. It still shows up. regardless of what is responsible for the 403.

222.66.48.253 - - [21/Jun/2007:21:02:56 -0400] "GET /archives/2005/01/02/guestbook-entries/ HTTP/1.1" 403 1030 "https://www.txmind.com/buy_diet_pill_phentermine_com_canadian_pharmacies.html" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1)"

right out of my own access log, and that, is referer spam getting a 403.

—

otto ?? my point exactly ??

>>>Are these all referrer to the same other site? Specifically, shaablog.com?<<<

I wish. Twice a day, that domain changes.

Whoami: OK, aha… .htaccess then? Let’s see if I can get httpd.conf configured right to actually read it then.

Oh and what am I tryoing to do? When this happens, several times a day (like, 2-4 times), my server load goes up to at least 50-100. So the server effectively dies. I turn off httpd (which takes me forever under that load) and the load vanishes immediately.

And I still wonder how to do this using .htaccess.

Like I have 152 variants in the last two days of the word “mortgage”. I counted. I either exclude all mortgage posts (might be a bit heavy) or add 152 lines to the htaccess for THIS thing alone – and then there’s all the pills, the sex, etc.

And I still wonder how to do this using .htaccess.

and Ive explained repeatedly, you appear to not be reading.

RewriteCond %{HTTP_REFERER} ^(.*)pill(.*)$ [NC]

catches ANY referer with the string pill in it.

RewriteCond %{HTTP_REFERER} ^(.*)phent(.*)$ [NC]

catches any string with the partial match phent in it.

RewriteCond %{HTTP_REFERER} ^(.*)mortgage(.*)$ [NC]

catches any string with the word mortgage in it.

Thusly,

RewriteCond %{HTTP_REFERER} ^(.*)pill(.*)$ [NC]
RewriteCond %{HTTP_REFERER} ^(.*)phent(.*)$ [NC]
RewriteCond %{HTTP_REFERER} ^(.*)mortgage(.*)$ [NC]
RewriteRule ^.* - [F]

sends a 403 to any referer with the strings, pill, phent, or mortgage.

Ive provided numerous examples, as well as links. I suspect you arent reading, which doesnt help to motivate me to continue replying. Not to mention that we are 30-some odd posts into a thread, and it took “pulling teeth” to get an even acknowledgment of my suggestion..