Bouncing requests (5 posts)

  1. andymerrett
    Posted 11 years ago #

    I have decided to turn off trackbacks, but of course this isn't enough as my bandwidth is still being used up as the bots access the pages ending in /trackback - they just seem to add it automatically.

    So I added this to my htaccess file
    RedirectMatch permanent ^/.*/trackback$ http://invalid.host

    Which redirects them to a non-existent domain. However, what I'd really like to do (and yes I know most of the spam is from open relays etc so this may seem pointless) is to bounce the spam back to the originating IP address.

    Now I've seen how to do this for specific referrers / user agents, but I want to do it for a specific pattern match on a file (ie ends in 'trackback')

    Any ideas on how to do this? For the moment, this is saving bandwidth, but I'd like to "fire back".

    To see what I want to base the solution on, see Blocking Referer Spam.

  2. andymerrett
    Posted 11 years ago #

    If anyone is interested in my current solution, read on.

    My goals:

    1. Never allow trackbacks on my blog (people can still link direct to the article, just not use the trackback feature)
    2. Never allow bots to read trackback pages that don't exist - thus saving bandwidth (many bots assume WordPress and other blogs have the /trackback URI even if TBs are turned off)
    3. Hurt the originating referer or IP (or at least don't just gracefully die and accept the deluge of traffic without hitting back)

    Here's my solution, achieved using .htaccess:

    First, for anyone who accesses any URI containing /trackback (none are legitimate) simply bounce the request back to the originating IP address, thus:

    RewriteCond %{REQUEST_URI} /trackback
    RewriteRule .* http://%{REMOTE_ADDR}/ [R=301,L]

    Now, for any known bad referring web sites, bounce the request back to their server - however, make sure that it is a page that doesn't exist (else they still may get some credit for a valid hit on their site) and also make it damn obvious in their logs that they have been bounced for spamming...

    RewriteCond %{HTTP_REFERER} smsportali.net [NC,OR]
    RewriteCond %{HTTP_REFERER} poker-online [NC,OR]
    RewriteCond %{HTTP_REFERER} ^(http://www.)[a-z]+-[a-z]+- [NC,OR]
    RewriteCond %{HTTP_REFERER} crescentarian.net [NC,OR]
    RewriteCond %{HTTP_REFERER} 6q.org [NC]
    RewriteRule ^(.*)$ %{HTTP_REFERER}/

    Would probably show up in their logs, if they ever check them. And 'apparently' the referer will still show up as themselves, as the rewrite doesn't change the referer to my own site (even if it does, I don't care, they know they've spammed me and I can prove from my logs that they hit me first)

    It may not work for everyone, of course if you want TBs enabled you'll have to go some other route - dying gracefully is an option - but as I read elsewhere, if everyone bounced to the IP or the referer (and for referer spam, the referer always has to be published, and be the spammers promotional website, as that's the whole point) then it may dent their operation, even if just a little.

    Comments? Suggestions? Improvements? Let me know.

  3. hetta
    Posted 11 years ago #

    and this:
    both work.

    Include your keywords (no need for full URLs), put the scripts into <?php ?> tags at the top of the files that are being hit (comments-post, comments-popup, index and trackback are the usual ones), and watch the fun in your logs.

    Those of you who have turned off trackbacks and renamed comment forms might turn the original pages into spammer traps right after the bouncing back thingies. If you do, they'll ban themselves if they make it through your keywords. Of course, they'll need to be banned in robots.txt first ... and you might wish to rename things so they're not that obvious as spammer traps.


  4. James Huff
    Support Team Rep.
    Posted 11 years ago #

    This works perfectly and requires no .htaccess modification:


  5. andymerrett
    Posted 11 years ago #

    Since implementing my strategy - in conjunction with turning off trackbacks, and refusing comments after a couple of months - I have seen attempts to spam my pages dramatically reduce. There are still some attempts to access non-existent trackback pages, but less. And as for those relying on referrer spamming - well at present there's only one sad spammer trying to promote some pages on a club for non-low profits.

    I am not sure why these sites are leaving me alone - because when I do a redirect 'bounceback' to their site, their logs should show their own site as the referrer, and not mine. They are obviously getting 404s on their logs, and not the genuine referrer hits they crave. There must be some way they know that the bounce came from my site, as I don't believe it's coincidence and I am sure they haven't stopped spamming. Oh well, for now at least, it works.

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.