Referral Spam
Posted by glo on 16 Jan 2005 | Tagged as: Referral Spam
I’ve found a piece of code to ward off referral spam, thanks to John Sinteur known as DreamerFi on the WordPress support boards. Here is the thread with the code below.
if (strpos($HTTP_REFERER, ‘ttp://’) > 0)
{
$pieces=explode(”/”, $HTTP_REFERER);
$lookup = gethostbyname($pieces[2]);
if ($lookup == “161.58.59.8″)
{
syslog(LOG_ALERT,”redirected $pieces[2]”);
header(”Location: ” . $HTTP_REFERER);
exit();
}}
You place the code between the < ?php and the ?> at the top of the index.php page. I put mine after calling the wp-blog-header.php line.
require(’./wp-blog-header.php’);
Note that the 161.58.59.8 is the IP that most of the domains entered into my referral logs leads to. That IP is connected to a main domain, which I will not mention here, and it is a major comment spammers domain. While I have not had any comment spam since implementing Elliot Black’s Hashcash plugin (formally known as Spam Stopgap Extreme), I have had an increase of referral spam.
While referral spam may seem harmless and something that most bloggers aren’t even aware of, it uses bandwidth and bandwidth cost money. I resent spammers using my bandwidth to spam me with. I’ve been looking for a way to stop them and found one but it required me to enter each domain name into a piece of code. That was daunting and the spammer has a lot of domain names. It seems that they have unlimited domains. Amazing! I just don’t get it, what a complete waste of resources. Of course, I don’t get email spammers either and find it hard to believe that they actually make money off their spam but apparently they do. That doesn’t say much for those who spend their money purchasing something from email spam.
Anyway, the code seems to be working. There is another IP with multiple domains that have spammed my referral logs and it is also connected to the IP above. I’m just waiting to find out if I can add it to the code or if I have to create another line using to above code, only with the other IP.
A word of caution: these spammers use spoofed IP addresses while spamming you so don’t use the IPs you see in your WordPress comment field or the ones in your referral logs. all are spoofed. The IPs that I have were traced by doing a traceroute on the domain names in my referral logs. I will post the other IP once I know the best way to use it in the code.
Here is another blog fighting the referral/comment spam problem.
And Here for MT users.