referer spam.

[solipsistnation]

Referer spammers can bite me. I just learned how to use mod_security. It's sort of like a very specific (and less arcane) mod_rewrite that can also scan POST variables and stuff like that.

Here are my keywords:

"(holdem|poker|mortgage|hold-em|casino|diet-pill|gamble|viagra|phentermine|pharmacy)"

...and I'm catching dozens per hour. Icky.

(Hey, zonereyrie, maybe I should do the webby tech blog thingy after all.)

Comments

[zonereyrie.livejournal.com]

What are they posting these to, some blogs?

And yeah, I think you should. You bailed on dinner Sunday so I still haven't heard the story you were going to tell. ;-)

[amymarr.livejournal.com]

No, forms on our site. Damn them.

[solipsistnation.livejournal.com]

Well, people's blogs and guestbooks and, even more annoyingly, the IT feedback forms and Continuing Ed question and request forms. It looks like it's coming from some kind of macro engine, too, probably in the form of something hidden in a web page or some kind of malware.

Now I just need to figure out how to make it so that this crap doesn't end up in the main logs at all... That would make the logs inaccurate, though, since this does end up being a hit on the web server.

[purly.livejournal.com]

Actually, if you could keep two logs: one that shows accurate results and one that shows stripped results, then you would know which accounts were carrying the malware by comparing the two.

[purly.livejournal.com]

(and once you know who's carrying it, you can examine their accounts and track it down)

[solipsistnation.livejournal.com]

Unfortunately, it's not people coming _from_ here, it's random people out in the world hitting our site. Lots of students have blogs that allow comments, and some of those get heavily spammed. I found some interesting things looking through analog's search-term report a while ago and found a bunch of comment spam in a couple of student blogs there. I could then find the log entries for when the comments were posted and they were all off-campus.

[usagijer.livejournal.com]

you missed a tasty dinner. HouseO' was going heavy on the Spice. The Nose must Flow. I saw through time! the SCAdians at the next table were introducing some people to the joys of Indian food. they got a big surprise.

[jehanna.livejournal.com]

Oh man, do I miss that place.

PA has no good Indian restaurants! Evil! At least we can get fantastic Thai and Chinese food here....

[stophittinyrslf.livejournal.com]

PA has no good Indian restaurants!

that is totally true, at least as far as the south and east parts of the state go. prior to moving to worcester, i'd probably only seen one or two indian restaurants ever, and the one that i had eaten at was really, really bad. that worcester has indian restaurants all over the place and that many of them are actually good is a fact that amazes me to this day.

[prowler1971.livejournal.com]

referrer spammers? Is this all the supposed referrers I see in my logs that don't actually have a link to my site?

[solipsistnation.livejournal.com]

Yep. They're also often comment-spammers.

Here's a good writeup:

http://atomicplayboy.net/blog/2005/01/30/an-introduction-to-mod-security/

mod_security seeeems to be a little lighter-weight than mod_rewrite for this kind of specialized thing.

[dariusk.livejournal.com]

Yay mod_security! I read about this when I got hit with comment spam.