Skip Navigation

Blog » Block Referrer Spam (Updated)

Referrer spam is becoming increasingly common. At best, it will only render your log files useless. At worst, it can cause your site to be dropped by search engines and your running costs to skyrocket. Here's how to block spurious referrers.

Log files are a useful tool for webmasters. It helps to know how people are finding your site, and what software they are using to view it, among other things. A strange decision by a small group of bloggers, though, has given unscrupulous marketers another window of opportunity to manipulate search engines to increase their traffic.

The decision made by these short-sighted bloggers was to display, on their site, a list of recent referrers to each page. I can't imagine any reason why a visitor might be in the least bit interested in seeing this, but nevertheless many sites now display referrers on every page.

As search engine spiders visit sites, they grab the contents of each page they visit. They use this snapshot in their index - meaning that although a page may change every minute or two, a search engine may be using a single copy of a page for several days, or even weeks.

So a referral URL that is on a page when the spiders come to visit can have quite a bit of value, if the search engine visiting uses link popularity in any way (Google uses link popularity, as do many others).

So marketers have started to use programs to visit pages using a fake referral header, to get their URLs listed on as many sites as possible, in the hopes that this will increase their traffic.

However, this renders log files almost completely useless. These fake visitors usually visit from search engines, having searched for a keyphrase relevant to their own site. They skew statistics relating to number of visitors received, the countries used to visit, the technology used to view the page, how users found the page, how long they spent on the site ... and so on.

A webmaster may find their search engine rankings dropping because of this, and they may find search engines have removed them completely. Many sites that use spam techniques are quickly identified and penalised, and penalties will often be applied to sites that link to them as well.

There are plenty of techniques available for blocking referrer spam, and everyone has their favourite. Personally, I use a combination of two techniques.

The first is fairly simple - my referrer log is not indexable. I don't display referrers on the pages of my site. My referral log is publicly available, but search engines are instructed to ignore it. This removes the main incentive for people to referrer-spam my site (the other reason for this type of spam - the hope that the site owner will themselves visit the spamming URL - is less common, because it has such a low response rate).

Second, I use an .htaccess file to block requests from whatever I've managed to identify as either a crawler designed to find URLs to spam or a spamming URL. This is a relatively simple blacklist, and though it cannot work as a long term solution to this problem, it keeps me happy for now.

To implement this technique on your own site, first make sure you are running Apache with mod_rewrite. If you are, create a file called ".htaccess" (just that, not .htaccess.txt or anything else) and paste the following into it:

Update: 14th September 2005

The list below has been expanded substantially over the last year, and now covers much more spam than before. As stated before, this is not a practical solution to the problem in the long term, as this list can only ever get longer and longer, and may become unmaintainable, or even (eventually) slow a site to a crawl as all the rules are processed. However, as of now, it is still a useful tool.

RewriteEngine on # Block Referrer Spam # Drugs / Herbal RewriteCond %{HTTP_REFERER} (sleep-?deprivation) [NC,OR] RewriteCond %{HTTP_REFERER} (sleep-?disorders) [NC,OR] RewriteCond %{HTTP_REFERER} (insomnia) [NC,OR] RewriteCond %{HTTP_REFERER} (phentermine) [NC,OR] RewriteCond %{HTTP_REFERER} (phentemine) [NC,OR] RewriteCond %{HTTP_REFERER} (vicodin) [NC,OR] RewriteCond %{HTTP_REFERER} (hydrocodone) [NC,OR] RewriteCond %{HTTP_REFERER} (levitra) [NC,OR] RewriteCond %{HTTP_REFERER} (hgh-) [NC,OR] RewriteCond %{HTTP_REFERER} (-hgh) [NC,OR] RewriteCond %{HTTP_REFERER} (ultram-) [NC,OR] RewriteCond %{HTTP_REFERER} (-ultram) [NC,OR] RewriteCond %{HTTP_REFERER} (cialis) [NC,OR] RewriteCond %{HTTP_REFERER} (soma-) [NC,OR] RewriteCond %{HTTP_REFERER} (-soma) [NC,OR] RewriteCond %{HTTP_REFERER} (diazepam) [NC,OR] RewriteCond %{HTTP_REFERER} (gabapentin) [NC,OR] RewriteCond %{HTTP_REFERER} (celebrex) [NC,OR] RewriteCond %{HTTP_REFERER} (viagra) [NC,OR] RewriteCond %{HTTP_REFERER} (fioricet) [NC,OR] RewriteCond %{HTTP_REFERER} (ambien) [NC,OR] RewriteCond %{HTTP_REFERER} (valium) [NC,OR] RewriteCond %{HTTP_REFERER} (zoloft) [NC,OR] RewriteCond %{HTTP_REFERER} (finasteride) [NC,OR] RewriteCond %{HTTP_REFERER} (lamisil) [NC,OR] RewriteCond %{HTTP_REFERER} (meridia) [NC,OR] RewriteCond %{HTTP_REFERER} (allegra) [NC,OR] RewriteCond %{HTTP_REFERER} (diflucan) [NC,OR] RewriteCond %{HTTP_REFERER} (zovirax) [NC,OR] RewriteCond %{HTTP_REFERER} (valtrex) [NC,OR] RewriteCond %{HTTP_REFERER} (lipitor) [NC,OR] RewriteCond %{HTTP_REFERER} (proscar) [NC,OR] RewriteCond %{HTTP_REFERER} (acyclovir) [NC,OR] RewriteCond %{HTTP_REFERER} (sildenafil) [NC,OR] RewriteCond %{HTTP_REFERER} (tadalafil) [NC,OR] RewriteCond %{HTTP_REFERER} (xenical) [NC,OR] RewriteCond %{HTTP_REFERER} (melatonin) [NC,OR] RewriteCond %{HTTP_REFERER} (xanax) [NC,OR] RewriteCond %{HTTP_REFERER} (herbal) [NC,OR] RewriteCond %{HTTP_REFERER} (drugs) [NC,OR] RewriteCond %{HTTP_REFERER} (lortab) [NC,OR] RewriteCond %{HTTP_REFERER} (adipex) [NC,OR] RewriteCond %{HTTP_REFERER} (propecia) [NC,OR] RewriteCond %{HTTP_REFERER} (carisoprodol) [NC,OR] RewriteCond %{HTTP_REFERER} (tramadol) [NC] RewriteRule .* - [F] # Porn RewriteCond %{HTTP_REFERER} (porno) [NC,OR] RewriteCond %{HTTP_REFERER} (shemale) [NC,OR] RewriteCond %{HTTP_REFERER} (gangbang) [NC,OR] RewriteCond %{HTTP_REFERER} (-cock) [NC,OR] RewriteCond %{HTTP_REFERER} (-anal) [NC,OR] RewriteCond %{HTTP_REFERER} (-orgy) [NC,OR] RewriteCond %{HTTP_REFERER} (cock-) [NC,OR] RewriteCond %{HTTP_REFERER} (anal-) [NC,OR] RewriteCond %{HTTP_REFERER} (orgy-) [NC,OR] RewriteCond %{HTTP_REFERER} (singles-?christian) [NC,OR] RewriteCond %{HTTP_REFERER} (dating-?christian) [NC,OR] RewriteCond %{HTTP_REFERER} (cumeating) [NC,OR] RewriteCond %{HTTP_REFERER} (cream-?pies) [NC,OR] RewriteCond %{HTTP_REFERER} (cumsucking) [NC,OR] RewriteCond %{HTTP_REFERER} (cumswapping) [NC,OR] RewriteCond %{HTTP_REFERER} (cumfilled) [NC,OR] RewriteCond %{HTTP_REFERER} (cumdripping) [NC,OR] RewriteCond %{HTTP_REFERER} (krankenversicherung) [NC,OR] RewriteCond %{HTTP_REFERER} (cumpussy) [NC,OR] RewriteCond %{HTTP_REFERER} (suckingcum) [NC,OR] RewriteCond %{HTTP_REFERER} (drippingcum) [NC,OR] RewriteCond %{HTTP_REFERER} (pussycum) [NC,OR] RewriteCond %{HTTP_REFERER} (swappingcum) [NC,OR] RewriteCond %{HTTP_REFERER} (eatingcum) [NC,OR] RewriteCond %{HTTP_REFERER} (cum-) [NC,OR] RewriteCond %{HTTP_REFERER} (-cum) [NC,OR] RewriteCond %{HTTP_REFERER} (sperm) [NC,OR] RewriteCond %{HTTP_REFERER} (christian-?dating) [NC,OR] RewriteCond %{HTTP_REFERER} (jewish-?singles) [NC,OR] RewriteCond %{HTTP_REFERER} (sex-?meetings) [NC,OR] RewriteCond %{HTTP_REFERER} (swinging) [NC,OR] RewriteCond %{HTTP_REFERER} (swingers) [NC,OR] RewriteCond %{HTTP_REFERER} (personals) [NC,OR] RewriteCond %{HTTP_REFERER} (sleeping) [NC,OR] RewriteCond %{HTTP_REFERER} (libido) [NC,OR] RewriteCond %{HTTP_REFERER} (grannies) [NC,OR] RewriteCond %{HTTP_REFERER} (mature) [NC,OR] RewriteCond %{HTTP_REFERER} (enhancement) [NC,OR] RewriteCond %{HTTP_REFERER} (sexual) [NC,OR] RewriteCond %{HTTP_REFERER} (gay-?teen) [NC,OR] RewriteCond %{HTTP_REFERER} (teen-?chat) [NC,OR] RewriteCond %{HTTP_REFERER} (gay-?chat) [NC,OR] RewriteCond %{HTTP_REFERER} (adult-?finder) [NC,OR] RewriteCond %{HTTP_REFERER} (adult-?friend) [NC,OR] RewriteCond %{HTTP_REFERER} (friend-?finder) [NC,OR] RewriteCond %{HTTP_REFERER} (friend-?adult) [NC,OR] RewriteCond %{HTTP_REFERER} (finder-?adult) [NC,OR] RewriteCond %{HTTP_REFERER} (finder-?friend) [NC,OR] RewriteCond %{HTTP_REFERER} (discrete-?encounters) [NC,OR] RewriteCond %{HTTP_REFERER} (cheating-?wives) [NC,OR] RewriteCond %{HTTP_REFERER} (housewives) [NC,OR] RewriteCond %{HTTP_REFERER} (\-sex\.) [NC,OR] RewriteCond %{HTTP_REFERER} (xxx) [NC,OR] RewriteCond %{HTTP_REFERER} (snowballing) [NC] RewriteRule .* - [F] # Weight RewriteCond %{HTTP_REFERER} (fat-) [NC,OR] RewriteCond %{HTTP_REFERER} (-fat) [NC,OR] RewriteCond %{HTTP_REFERER} (diet) [NC,OR] RewriteCond %{HTTP_REFERER} (pills) [NC,OR] RewriteCond %{HTTP_REFERER} (weight) [NC,OR] RewriteCond %{HTTP_REFERER} (supplement) [NC] RewriteRule .* - [F] # Gambling RewriteCond %{HTTP_REFERER} (texas-?hold-?em) [NC,OR] RewriteCond %{HTTP_REFERER} (poker) [NC,OR] RewriteCond %{HTTP_REFERER} (casino) [NC,OR] RewriteCond %{HTTP_REFERER} (blackjack) [NC] RewriteRule .* - [F] # Loans / Finance RewriteCond %{HTTP_REFERER} (mortgage) [NC,OR] RewriteCond %{HTTP_REFERER} (refinancing) [NC,OR] RewriteCond %{HTTP_REFERER} (cash-?advance) [NC,OR] RewriteCond %{HTTP_REFERER} (cash-?money) [NC,OR] RewriteCond %{HTTP_REFERER} (pay-?day) [NC] RewriteRule .* - [F] # User Agents RewriteCond %{HTTP_USER_AGENT} (Program\ Shareware|Fetch\ API\ Request) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (Microsoft\ URL\ Control) [NC] RewriteRule .* - [F] # Misc / Specific Sites RewriteCond %{HTTP_REFERER} (netwasgroup\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (nic4u\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (wear4u\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (foxmediasolutions\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (liveplanets\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (aeterna-tech\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (continentaltirebowl\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (chemsymphony\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (infolibria\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (globaleducationeurope\.net) [NC,OR] RewriteCond %{HTTP_REFERER} (soma\.125mb\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (mitglied\.lycos\.de) [NC,OR] RewriteCond %{HTTP_REFERER} (foxmediasolutions\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (jroundup\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (feathersandfurvanlines\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (conecrusher\.org) [NC,OR] RewriteCond %{HTTP_REFERER} (sbj-broadcasting\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (edthompson\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (codychesnutt\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (artsmallforsenate\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (axionfootwear\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (protzonbeer\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (candiria\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (bigsitecity\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (coresat\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (istarthere\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (amateurvoetbal\.net) [NC,OR] RewriteCond %{HTTP_REFERER} (alleghanyeda\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (xadulthosting\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (datashaping\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (zick\.biz) [NC,OR] RewriteCond %{HTTP_REFERER} (newprinceton\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (dvdsqueeze\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (xopy\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (webdevboard\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (devaddict\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (eaton-inc\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (whiteguysgroup\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (guestbookz\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (webdevsquare\.com) [NC,OR] RewriteCond %{HTTP_REFERER} (indfx\.net) [NC,OR] RewriteCond %{HTTP_REFERER} (snap\.to) [NC,OR] RewriteCond %{HTTP_REFERER} (2y\.net) [NC,OR] RewriteCond %{HTTP_REFERER} (astromagia\.info) [NC,OR] RewriteCond %{HTTP_REFERER} (free-?sms) [NC] RewriteRule .* - [F]

The above will block just about all of the most common referral spam that I've seen so far. I'm adding to the list constantly (last addition: 14th September 2005) so do check back and see if there are updates if you're using it.

One potential problem with this technique, other than that it will, in time, become useless as too many URLs are added, is that there is always a possibility authentic visitors will be blocked. So, on this site, instead of the last line above, I've actually used something a little more user-friendly:

RewriteRule .* bad_referrer.php [L]

Instead of a "Forbidden" message, this displays a quick note explaining why there has been an error and that the user can click on a link to proceed. If you want to check this out for yourself, try visiting http://www.addedbytes.com/swingers/block-referrer-spam/ (note the "swingers" portion of the URL). This page will reload with a new URL. Then try visiting http://www.addedbytes.com/spam/block-referrer-spam/. You should find you get a message explaining what has happened, and a URL to click if you want to proceed.

And there we have it. With minimum effort (for now), referral log spamming in my site has been almost entirely removed. Before adding this set of rules and scripts, I was seeing around 200 fake referrals per day in my log files. Now, I see about 3 or 4 a week. Hopefully, this will continue until I can devise a better way of protecting against this kind of problem - before blacklists become an impossibility to manage.


comments powered by Disqus