So, I've pretty much killed comment spam on my blog :-) Now the latest annoying craze seems to be happening... - good old referal spam!
For them that aren't in the know... it's sent by people to try and get their websites to appear high in referal lists on other websites. People make fake requests to webservers - they send a request the makes it look like a person is visiting a page on my site after seeing a link of the ste which is being advertised. It's this same header I use to find out what people seached for on Google or whatever when they came to my site.
It's really annoying as it means it's much harder to find out who's actually linking to a site or whatever... in order to save some bandwidth, these evil spammers have started to only ask for the headers of a response from the server (ie they just ask for what data the page was last updated on etc, instead of the whole page). They also only seem to be targetting the index page of the site (for the time being at least).
I've just come up with the following code which sends back the 403 Forbidden response for anyone who's asking for a header only and who is sending a referer.
<Files />
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http [NC]
RewriteCond %{REQUEST_METHOD} ^HEAD$ [NC]
RewriteRule .* / [F,L]
</Files>
Obviously, there are some things out there (webcaches) which use the HEAD command to try and find out if a page has been updated - however a quick look through my logs show that they don't usually send a referer when doing so... fingers crossed I won't be blocking proper people from accessing the blog... I'll monitor my logs to see who's getting blocked and update the code if needed.
I hope this helps someone! Oh yeah... you'll need the Apache module mod_rewrite for it to work - Google it or something to find out how to install it if you don't have it.