 |
My Top 3 |
 |
I hate getting referrer spam. While I know that referrer spam is a fact of life for anybody hosting a website, I hate seeing my logs filled with crap. Being proactive about this log-jacking is hard, but I like doing something about it anyway.
My current method is to block any IP address that spammed me by using IPTables. This has several benefits. Instead of having Apache HTTPD work harder I can have Linux work harder as IPTables is going to be more efficient at blocking connections than Apache HTTPD is.
Getting IP addresses from the logs
- Grep referer string from log and dump to file:
grep pills.com access.log > further string and concatenate to file:grep tickets.com access.log >> your favorite text editor to remove everything except the IP addresses
Sorting your IP addresses
- Next you sort the IP addresses for unique strings and sort them:
cat referer-spam | sort | uniq > referer-spam.unique. Remember, in unix-like systems file extensions don’t mean anything which makes a format filename.foo even more useful as way to add metadata to a file. Crude, but useful.
Adding that IPTables mojo
- Now that I have the unique IP address list I make it ready for inclusion into iptables:
cp referer-spam.unique I open my file in my favorite text editor and prepend and append the proper IP scripting. - First we want to log the connection. This allows us to track these IP addresses in the future. A string like
123.154.155.177becomes-A INPUT -s 123.154.155.177 -i eth0 -p tcp -m tcp -j LOG --log-prefix "INPUT: SPAM: " - Next we drop the connection:
-A INPUT -s 123.154.155.177 -i eth0 -p tcp -m tcp -j DROP. - Finally add all information to your IPTables file and load IPTables with that file:
iptables-restore <
Leave a Reply