Site news: No referrer, no comment

by Volker Weber

If your personal firewall* blocks referrers, you can no longer post comments to the site. This is another effort to block malicious bots:

RewriteCond %{REQUEST_FILENAME} mt-cmmnt.cgi [NC]
RewriteCond %{HTTP_REFERER} !^http://vowe\.net.*$ [NC]
RewriteRule (.*) - [F,L]

Comment spam bots call cgi without going through the site. For now they are coming in with a blank referrer. Using mod_rewrite it is rather simple to divert them with a 403 return code before they hit cgi, thus avoiding any unnecessary load on the server.

Maybe I will add another rule for those smartass people that send a long string of ++++ instead of a referrer.

*) Technically you are not using a firewall but rather a local proxy server that takes requests from your browser, processes them and then relays the request to the site. Symantec calls the stripping of referrers Browser-Datenschutz in german. No idea how they call this in english.

Comments

Hi Volker,
there have been bits and pieces of defense information published on your blog. Do you have a summary? Kind of problem/solution table?
:-) stw

I guess, that would probably be read by spam bot authors pretty soon and would be a comprehensive compendium on which countermeasures to by-pass to even access a well-protected blog. In order to be one step ahead, this might not be such a good idea.

Ragnar Schierholz, 2004-12-20 09:19

I published a summary of anti-spam measures here (in German):
http://vnude.typepad.com/itfrontal/2004/12/spamschutz_in_w.html

I'm using this rule since two weeks, no more spam so far - but hundreds of HTTP 403s in my log file.

Since you have to allow the comment script's URL as a referrer (because of comment previewing), it will be easy for spambots to fake a correct referrer - they just have to insert the script address. Guess it won't take too long until "smart" spambots will exploit that weakness.

I guess in English it´s call privacy protection. :-)

I can live without previews. Personally, I find them annoying. I proof read in the edit form and I an error slips through, well, that's life.

We could enforce the referer rule by using a regex like

!^http://vowe\.net/([0-9]+)\.html$

to ensure only requests made from entry archives are accepted.

And to check for either an entry archive or the comment cgi, we could use this (untested, but should work after some testing ;) )

RewriteCond %{REQUEST_FILENAME} mt-cmmnt.cgi [NC]
RewriteCond %{HTTP_REFERER} !^http://vowe\.net/([0-9]+)\.html$ [OR]
RewriteCond %{HTTP_REFERER} !^http://vowe\.net/cgi-bin/mt-cmmnt\.cgi$ [NC]
RewriteRule (.*) - [F,L]

If not this way, mod_rewrite also provides chaining, which also could solve the problem.

Post a comment











Shall I remember this for you?




Use your full name and a working email address. Unless you want your comment to be removed. No kidding.



Recent comments

Stephan H. Wissel on Bathtub with a view at 12:21
Nick Daisley on Five days, three countries, three taxis at 12:16
Dominic Bennett on iPhone OS 3.1.3 brings back Internet Tethering to unlocked iPhones at 12:04
Stephan H. Wissel on Snacks at 12:04
Stephan H. Wissel on Five days, three countries, three taxis at 12:02
Andy Mell on Five days, three countries, three taxis at 11:23
Armin Roth on Five days, three countries, three taxis at 11:22
Rob McDonagh on Unintended Acceleration at 23:44
Volker Weber on Unintended Acceleration at 19:39
Charles Robinson on The Future of Publishing at 21:36
Charles Robinson on Unintended Acceleration at 21:31
Rob McDonagh on Unintended Acceleration at 15:28
Asi Christo on iPhone OS 3.1.3 brings back Internet Tethering to unlocked iPhones at 12:49
Ken Bisconti on Bathtub with a view at 10:33
Nick Daisley on Unintended Acceleration at 07:57
Asi Christo on iPhone OS 3.1.3 brings back Internet Tethering to unlocked iPhones at 05:58
Harald Geiger on Bathtub with a view at 01:41
Lars Olufsen on The Future of Publishing at 23:44
Joerg Michael on Relocating your business? You'll keep only the dead wood. at 22:59
Kevan Emmott on Relocating your business? You'll keep only the dead wood. at 21:50
Samuel Orsenne on Relocating your business? You'll keep only the dead wood. at 21:01
Ragnar Schierholz on Bathtub with a view at 20:51
Nick Daisley on The Future of Publishing at 20:18
Giuseppe Grasso on The Future of Publishing at 19:54
Frank Quednau on The Future of Publishing at 18:04

Ceci n'est pas un blog

vowe.net is a personal website published by Volker Weber a.k.a. vowe. I am an author, consultant and systems architect based in Darmstadt, Germany.

rss Click here to subscribe

Hello

About me
Contact
Publications
Certificates
Frequently asked questions
Join the network

Twitter Updates

More >

Local time is 16:33

visitors.gif
172 visitors online

News

Other sources of news, imported into my own format to make them more accessible:

Schlagzeilen
Weather

Archives

As most of my articles roll off the front page rather quickly, I am making an archive of previous posts available here. You can also use the handy search box at the top of the page if you are looking for something particular.

Last 30 days
More archives

Got the T-shirt?

Got the T-shirt?

Systems Architecture

This site runs on an Apache web server on top of the Linux operating system. The content is managed with MovableType which is implemented in Perl. Last but not least the HTML code your browser sees is put together with PHP.

© 1992-2010 Volker Weber.
All Rights Reserved.

Impressum