Here is the detail of the process :
The trick is separated in 2 parts, the first one is the detection, the second one is the action on detected items.
The detection use RegExp to match the unwanted pattern in the referer or user-agent information returned by the requester.
Once identified the source is added to the "banned" environement group.
Then we use a special trick to return the attack toward the spammer, we redirect them to their own link (301-Redirection)...
And in case the redirection fail, we just deny the request (403-Forbidden Page)
So all you need is to copy the file in the archive on the root of your website, and rename it as ".htaccess".
Note: will work only on Apache webserver !
Example:
# Reject from specific IP addresses
# - Reject a Single address
Deny from 216.86.156.205
# - Reject a Range of address (class-C)
Deny from 148.244.150.
# - Reject a Range of address (class-B)
Deny from 148.244.
#...
# Deny access to all with status "banned"
# Referers Filter (Banned Sites)
SetEnvIfNoCase Referer"^http://([a-z0-9\-]+\.)?blogg\.de.*$" banned
SetEnvIfNoCase Referer "^http://([a-z0-9\-]+\.)?vjackpot\.com.*$" banned
#
Referer Filter (banned Words)
SetEnvIfNoCase Referer "^http://(\W)buy.*$" banned
SetEnvIfNoCase Referer "^http://(\W)cheap.*$" banned
#...
# User-Agent (Browser/SearchBot/Agent) Filter
SetEnvIfNoCase User-Agent "extractor" banned
SetEnvIfNoCase User-Agent "grabber" banned
SetEnvIfNoCase User-Agent "harvest" banned
#...
# Enable Rewrite mode
RewriteEngine On
# Nice trick.. => 301-Redirect to themself...
RewriteCond %{ENV:banned} ^1$
RewriteCond %{HTTP_REFERER} ^(.*)$
RewriteRule ^(.*)$ %1 [R=301,L]
# In any case => 403-Forbidden Page
Order Deny,Allow
Deny from env=banned
Some references:
- -none-