Category Archives: Resource Center

Pesky Spam in your web stats got you down? Get rid of referrer spam for good.

Leave a reply

Pesky Spam in your web stats got you down?
As some of you may have noticed lately your web stats may have been artificially bloated by referrer spam, the most prevalent I have seen lately is due to a script called surf.php

Referrer spam serves one purpose, to get people to look at the referring site. This is usually done when someone sees a high-ranking referrer in their web stats, or, if a site has an automated script that lists and/or links back to whatever it thinks is a “top referrer.”

So spammers have once again decided to ruin a good thing for everyone by exploiting this automated link-back that some scripts have built-in, and have decided to artificially bloat your traffic stats in hopes that your site will link back to theirs. Not only is this annoying, but it wastes your server’s CPU resources due to extra logging and other processing associated with these idiots who cannot get legitimate traffic to their sites. It also can eat up disk space due to larger logs.

So what can be done?
Well if you run Apache web server like most of us do you are in luck. you can block these referrers for good using our friend .htaccess.

First you need to figure out who the referrers are that you want to ban. Mine might look like this:

http://www.xtreamsurf.com/surf.php
http://www.parrotsurf.net/surf.php
http://www.advertising-surf.net/surf.php
http://www.aussieearners.com/surf.php
http://arobuhits.biz/surf.php

Please note:
For this article I have spelled “Referrer” as “Referrer.”  Somehow “Referer” (notice, only one “r”) made it into the HTTP standard even though it is spelled incorrectly. Inside of the .htaccess file you are about to create you should specify:

SetEnvIfNoCase Referer

instead of the correct spelling:

SetEnvIfNoCase Referrer

You can substitute “ReferrerSpam” below with whatever you want to call it, so long as your deny from line matches what you have specified for your environmental variable.

Once you have a list of your spammers, and have taken mental notes on the above, open up your .htaccess file and add these lines:

## Tag our known referrer spammers
SetEnvIfNoCase Referer “.*.xtreamsurf.com” ReferrerSpam
SetEnvIfNoCase Referer “.*.parrotsurf.net” ReferrerSpam
SetEnvIfNoCase Referer “.*.advertising-surf.net” ReferrerSpam
SetEnvIfNoCase Referer “.*.aussieelearners.com” ReferrerSpam
SetEnvIfNoCase Referer “.*.arobuhits.biz” ReferrerSpam

## Block our known referrer spammers
order deny,allow
deny from env=ReferrerSpam

Notably, the sites above are actually known referrer spammers (at the time of this writing) so feel free to add them to your own rules.

Making sure its working properly:
If you want to test it out put a link to your site that is doing the blocking (siteA), from another site that you might have (siteB). Next add siteB to the it to the deny rules for siteA. If you click the link to siteA from siteB you should get the 403 “Forbidden” page that Apache serves up to those that you dislike.

That’s all there is to it. For information on mod_setenvif see the official Apache website at the previous link.

How to Prevent your Website from Being Hacked

11 Replies

Hackers and cyber criminals commonly target websites with vulnerabilities. If you’re using a weak password, third party applications that aren’t up to date, or old and un-updated anti-virus software, you are making your website vulnerable to vicious hacker attacks. Keeping your website secure against harmful intrusions and hacker attacks means more than installing traditional firewalls and intrusion detection systems. Being proactive and taking preventive measures is the best way to fight hacking and have a safe website on the Internet.

What most website owners don’t realize is that it only takes a few simple steps to ensure a higher level of security for their websites. None of these steps are hard to follow and do not require any special software or programming knowledge, but they are absolutely essential in helping you prevent your website from being hacked. These anti-hacking methods are general enough and can be applied to any size website, be it a large online store or a small informational website.

Continue reading