Site news: No referrer, no comment

by Volker Weber

If your personal firewall* blocks referrers, you can no longer post comments to the site. This is another effort to block malicious bots:

RewriteCond %{REQUEST_FILENAME} mt-cmmnt.cgi [NC]
RewriteCond %{HTTP_REFERER} !^http://vowe\.net.*$ [NC]
RewriteRule (.*) - [F,L]

Comment spam bots call cgi without going through the site. For now they are coming in with a blank referrer. Using mod_rewrite it is rather simple to divert them with a 403 return code before they hit cgi, thus avoiding any unnecessary load on the server.

Maybe I will add another rule for those smartass people that send a long string of ++++ instead of a referrer.

*) Technically you are not using a firewall but rather a local proxy server that takes requests from your browser, processes them and then relays the request to the site. Symantec calls the stripping of referrers Browser-Datenschutz in german. No idea how they call this in english.

Comments

Hi Volker,
there have been bits and pieces of defense information published on your blog. Do you have a summary? Kind of problem/solution table?
:-) stw

Stephan H. Wissel, 2004-12-20 01:54

I guess, that would probably be read by spam bot authors pretty soon and would be a comprehensive compendium on which countermeasures to by-pass to even access a well-protected blog. In order to be one step ahead, this might not be such a good idea.

Ragnar Schierholz, 2004-12-20 09:19

I published a summary of anti-spam measures here (in German):
http://vnude.typepad.com/itfrontal/2004/12/spamschutz_in_w.html

Heiko Hebig, 2004-12-20 09:48

I'm using this rule since two weeks, no more spam so far - but hundreds of HTTP 403s in my log file.

Since you have to allow the comment script's URL as a referrer (because of comment previewing), it will be easy for spambots to fake a correct referrer - they just have to insert the script address. Guess it won't take too long until "smart" spambots will exploit that weakness.

Wolfgang Sommergut, 2004-12-20 10:56

I guess in English it´s call privacy protection. :-)

Adalbert Duda, 2004-12-20 15:09

I can live without previews. Personally, I find them annoying. I proof read in the edit form and I an error slips through, well, that's life.

We could enforce the referer rule by using a regex like

!^http://vowe\.net/([0-9]+)\.html$

to ensure only requests made from entry archives are accepted.

And to check for either an entry archive or the comment cgi, we could use this (untested, but should work after some testing ;) )

RewriteCond %{REQUEST_FILENAME} mt-cmmnt.cgi [NC]
RewriteCond %{HTTP_REFERER} !^http://vowe\.net/([0-9]+)\.html$ [OR]
RewriteCond %{HTTP_REFERER} !^http://vowe\.net/cgi-bin/mt-cmmnt\.cgi$ [NC]
RewriteRule (.*) - [F,L]

If not this way, mod_rewrite also provides chaining, which also could solve the problem.

Sascha Carlin, 2004-12-20 15:26

Recent comments

Paul Knecht on vowe.net outage :: This was a big one at 20:44
Hubert Stettner on Samsung finally starts addressing their Clippy-problem at 08:40
Anton Seissl on Can you see where this is going? at 07:47
Volker Weber on Second monthly update for Moto Z2 Play at 23:21
Heiko Wolf on Second monthly update for Moto Z2 Play at 22:52
Hubert Stettner on Neu auf Heise Online: init - der Wochenausblick at 19:15
Bernd Hofmann on Neu auf Heise Online: init - der Wochenausblick at 18:39
Ragnar Schierholz on Neu auf Heise Online: init - der Wochenausblick at 15:38
Volker Weber on Neu auf Heise Online: init - der Wochenausblick at 14:59
Ragnar Schierholz on Neu auf Heise Online: init - der Wochenausblick at 14:53
Craig Wiseman on Can you see where this is going? at 14:37
Armin Grewe on Neu auf Heise Online: init - der Wochenausblick at 14:14
Jean-Marc Autexier on Can you see where this is going? at 13:32
Helmut Weiss on vowe.net outage :: This was a big one at 12:59
Jörg Hermann on Neu auf Heise Online: init - der Wochenausblick at 12:29
Karl Heindel on Neu auf Heise Online: init - der Wochenausblick at 11:09
Kai Nehm on Can you see where this is going? at 10:22
Hubert Stettner on And what about the iPhone 8 Plus? at 09:48
Fabian Hüster on And what about the iPhone 8 Plus? at 09:10
Axel Koerv on Can you see where this is going? at 20:56
Darren Duke on Can you see where this is going? at 16:55
Harald Gaerttner on Can you see where this is going? at 15:00
Kai Schmalenbach on Can you see where this is going? at 14:35
Jorge Reis Pires on Can you see where this is going? at 13:08
Mathias Ziolo on Can you see where this is going? at 11:48

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Amazon Wish List
Frequently Asked Questions

rss feed  twitter

Local time is 02:06

visitors.gif