Re: [mod-security-users] Blocking referer spam
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Blocking referer spam
|
From: Ivan R. <iv...@we...> - 2005-03-16 16:07:31
|
Kayne McGladrey wrote: > Hello, > > I've been running mod_security for a while now to successfully block > referer spam, comment spam, and trackback spam from my blog. I'm > running on a shared server and thus am forced to use my .htaccess > file. I've asked about including the mod_security rules in a rules > file, and my hosting provider will not allow that use. > ... > Where it says "RULES GO HERE" there are a series of rules to block > spamvertised websites. My .htaccess is about 160k because of all the > rules. Last month, I added the following line: > > SecFilterSelective HTTP_Referer|ARGS "doobu.com" Strictly speaking, you should use "doobu\.com". Otherwise the dot will be taken to represent any character. > This is intended to block referer spam from doobu.com. This has been > working for roughly a month. Beginning yesterday, I began seeing the > rat bastards from doobu.com start filling up my logfile again: Have you considered the possibility your hosting provider has turned mod_security off? Because your rule works in my test environment. Remove the <IfModule ...> safeguards to see what will happen. You can find out more about what happens if you turn the debug log on and use it with level 9. (You should do this in a less popular folder, or one you created especially for this purpose.) BTW, I've never tried to create a debug log from a .htaccess file. It might not work. -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
