In my never-ending quest to fight comment spam in my weblog I have been closing off older entries to comments. This works remarkably well, comment spam has come down significantly. Unfortunately, the attempts have not. A simple sampling of my log shows over 200 POST requests today to entries with turned off comments. Obviously, a spam bot. This begs for a new rewrite rule. Granted, the comments were not posted, but it annoys me regardless.. so from now on, if you wish to make a POST request to my server there is a new condition.. you need to be referred from my domain.. Turned off the referer in your browser? Bummer.. you can't post comments.
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} !.mt-tb\.cgi*
RewriteCond %{HTTP_REFERER} !.*unix-girl\.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^-$
RewriteRule (.*) /post_error.html [R,L]
The above Rule will send anyone who tries to post to my server without a referer from my domain to an error page. Of course, many spam bots use the actual url they're posting to as a referer.. for those just need to depend on either the user agent (one I saw was just "-") or some idea I'll come up with later.
Side benefit: also stops all those stupid scripts looking for formmail and friends.
Edit: Added a line which will except trackbacks.
TrackBack URL for this entry: http://www.unix-girl.com/mt/mt-tb.cgi/1211
Careful spammers..Kasia bites.. :)
#What a great idea! I too was able to drastically reduce comment spam by closing older comments. I'm doing it with an MT plug in, but this would be a good next step.
#Neet Idea! But you are also blocking Trackbacks I discovered.
#D'oh, trackbacks should work again, thanks :)
#Handy idea. I have been taking to blocking GETS on images where my site isn't the referer.
#Kasia, btw, guys like Garnett and his stinko 'lnxwvs' site are exactly the reason I employ Jay Allen's MT-Blacklist ... though I am going to employ your most excellent hacks as well ...
#Correct me if I am wrong, but surely this will block all scripts etc. on your site that are posted-to from other servers. I can't think of an example situation for this, but surely it would better to specifically rewrite for just mt-comment.cgi???
i.e.
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .mt-comment\.cgi*
RewriteCond %{HTTP_REFERER} !.*unix-girl\.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^-$
RewriteRule (.*) /post_error.html [R,L]
This is a call to bloggers who read this about what they...
(read more)
April 29, 2004 05:18 PM
I hate spam as much as the next person, so when something is suggested to help combat it, I'm always willing to give it a go. So in addition to the MT blacklist, and closing off comments after xx days,...
(read more)
April 30, 2004 09:17 AM
Even though you may have installed Jay Allen's MT-Blacklist to thwart comment spam, wouldn't it be nice to deny spambots from consuming your system's bandwidth and CPU by redirecting them to a 'error page' especially designed for our vermonous visitors...
(read more)
May 7, 2004 10:17 AM
Even though you may have installed Jay Allen's MT-Blacklist to thwart comment spam, wouldn't it be nice to deny spambots from consuming your system's bandwidth and CPU by redirecting them to a 'error page' especially designed for our vermonous visitors...
(read more)
May 7, 2004 10:22 AM
Courtesy of Lance, A way to get rid of comment spambots using .htaccess. I figured that maybe the non-geeks who don't read my blog would be interested....
(read more)
May 8, 2004 02:09 AM
It turns out that Kasia’s comment spam hack with mod_rewrite also blocks a desktop weblog client (like ecto) from posting. To make another exception, add this line: RewriteCond %{REQUEST_URI} !.mt-xmlrpc.cgi* I’d put this in a comment, but ...
(read more)
September 2, 2004 04:01 PM