Pesky Spam in your web stats got you down? Get rid of referrer spam for good.

Pesky Spam in your web stats got you down?
As some of you may have noticed lately your web stats may have been artificially bloated by referrer spam, the most prevalent I have seen lately is due to a script called surf.php

Referrer spam serves one purpose, to get people to look at the referring site. This is usually done when someone sees a high-ranking referrer in their web stats, or, if a site has an automated script that lists and/or links back to whatever it thinks is a “top referrer.”

So spammers have once again decided to ruin a good thing for everyone by exploiting this automated link-back that some scripts have built-in, and have decided to artificially bloat your traffic stats in hopes that your site will link back to theirs. Not only is this annoying, but it wastes your server’s CPU resources due to extra logging and other processing associated with these idiots who cannot get legitimate traffic to their sites. It also can eat up disk space due to larger logs.

So what can be done?
Well if you run Apache web server like most of us do you are in luck. you can block these referrers for good using our friend .htaccess.

First you need to figure out who the referrers are that you want to ban. Mine might look like this:

Please note:
For this article I have spelled “Referrer” as “Referrer.”  Somehow “Referer” (notice, only one “r”) made it into the HTTP standard even though it is spelled incorrectly. Inside of the .htaccess file you are about to create you should specify:

SetEnvIfNoCase Referer

instead of the correct spelling:

SetEnvIfNoCase Referrer

You can substitute “ReferrerSpam” below with whatever you want to call it, so long as your deny from line matches what you have specified for your environmental variable.

Once you have a list of your spammers, and have taken mental notes on the above, open up your .htaccess file and add these lines:

## Tag our known referrer spammers
SetEnvIfNoCase Referer “.*” ReferrerSpam
SetEnvIfNoCase Referer “.*” ReferrerSpam
SetEnvIfNoCase Referer “.*” ReferrerSpam
SetEnvIfNoCase Referer “.*” ReferrerSpam
SetEnvIfNoCase Referer “.*” ReferrerSpam

## Block our known referrer spammers
order deny,allow
deny from env=ReferrerSpam

Notably, the sites above are actually known referrer spammers (at the time of this writing) so feel free to add them to your own rules.

Making sure its working properly:
If you want to test it out put a link to your site that is doing the blocking (siteA), from another site that you might have (siteB). Next add siteB to the it to the deny rules for siteA. If you click the link to siteA from siteB you should get the 403 “Forbidden” page that Apache serves up to those that you dislike.

That’s all there is to it. For information on mod_setenvif see the official Apache website at the previous link.