kasia in a nutshell

Can you turn on some form of referrer blocking for that site?

If yo have mod_rewrite use ...

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://(www\.)?baddomain\.com [NC]
RewriteRule \.(jpe?g¦gif)$ - [NC,F]

You will need to edit the "¦" character, and change it back to a solid vertical pipe - otherwise, you'll get a server error.

or

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://www.google.com/
RewriteRule /* http://www.yoursite.com/restricted_url.html [R,L]

To forward them to a page :)

or

SetEnvIfNoCase Referer "^http://www.bad-sites.com/" BadReferrer
order deny,allow
deny from env=BadReferrer

... You get the idea :)

The users won't notice if you publish a list of IPs. Most of the users probably don't even know what an IP address *is*.

Also, if the page is a teaser page the people may have just been served a popup and they may not even be intending to visit the site.

hmm... I wonder if there's a way to exploit the image tag in order to serve some plugin/javascript/html/etc that'll do something nasty, like block the end users' system from seeing the offending sites, or change the desktop wallpaper to random images from goatse.cx

Fortunately, I have deadlines which prevent me from spending time on such an ethically dogdgy activity.

hmmm... I think I like the way Matt thinks ;)

I tried redirecting to a view-source: URL (to trigger a Notepad popup) but mod_rewrite didn't recognize the URL scheme so it just redirected to http://view-source://blahblah. You could certainly redirect straight to the goatse.cx image, although given the nature of the originating domains, I don't think that would shock them that much.

Here's my current mod_rewrite rule:
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_REFERER} "-cartoon" [OR]
RewriteCond %{HTTP_REFERER} "-sex" [OR]
RewriteCond %{HTTP_REFERER} "-naked" [OR]
RewriteCond %{HTTP_REFERER} "incest-" [OR]
RewriteCond %{HTTP_REFERER} "teen-" [OR]
RewriteCond %{HTTP_REFERER} "xxx" [OR]
RewriteCond %{HTTP_REFERER} "-rape" [OR]
RewriteCond %{HTTP_REFERER} "-stories" [OR]
RewriteCond %{HTTP_REFERER} "hardcore"
RewriteRule .* /error/fuckyou/index.html [L]

The entire /error/fuckyou/ directory is password protected with standard .htaccess basic auth.

Several idea..

1. Javascript redirecting the whole site to an fbi site.. (maybe).. IE will execute that. Haven't tried if mod_rewrite would do that.

2. A big, crude "FUCK YOU SPAMMER" image (since the porn sites I looked at didn't bother with width/height tags it would display). Of course that uses my own bandwidth.. but I'm annoyed.. I don't care. Of course, that's easily fixed by adding width/height tags..

I'll write this whole thing up in an article on dslreports tonight..

I like Mark's idea -- redirect to an auth-protected site so a password dialog pops up on their screen. Other similarly intrusive schemes would be a great idea!

Is there other ways we could annoy the people with that malware installed? pop-ups and view-source windows are the right track IMO. Maybe some embedded sounds too...

Think of it, these referrer spammers are giving us a cross-site scripting attack tied up with a ribbon on top! ;)

It would be nice to have something similar as the IE browser crash http://www.gerald-steffens.com/blog/archives/00000016.htm but for images. Perhaps a killer GIF or PNG with wrong entries confusing and crashing the browser ;-) In this case the visitors would not be able to visit the offending site any longer.

thanks to mark - it works fine