Comments on: Stop the Topsites Spam!

By: Pat

Pat — Mon, 31 May 2010 21:40:48 +0000

To Olgar Verim
I’m from turkey ‘n i’m turkish… We apologies this bad ‘n disgousting events.
Turkish people aren’t spammers. we would have been avoid that people.
if you want, we work together to block the spammers.
us target and dream => “no spammers in turkey”.

not only spammer but also hackers
we had 5 sites hacked in the last few weeks by turnky hackers , and we decided to make our firewall rules stronger.

What the heck with peoples coming from another world on our servers and decide to crap our work.
why you not stay and try on your servers?
we not bring you here, you do
respect our rules and we will respect yours
wake up we are in North america, you don;t like, then you know what to do.

DOT

By: Gemma Wild

Gemma Wild — Sun, 06 Dec 2009 12:44:14 +0000

With the spam image, I took a screenshot of my web site and wrote across it ‘We LOVE Pink Garden! http://www.pinkgarden.co.uk‘

That way, rather than p**s them off with the F**k Off sign which could make them more determined to spam you, instead they end up advertising my site which is what they were trying to do by signing up to my topsite! Cool eh? He he!

Check it out: http://www.pinkgarden.co.uk/images/topsite_spammer.jpg

Gem =)

By: Jim Westergren

Jim Westergren — Mon, 27 Apr 2009 14:43:08 +0000

Hi Julio,

Sorry for not getting back to you in a while – been busy.

I am glad to hear that it worked out for you in the first site.

About the other what is included in the .htaccess – only the code that I have in my article or something other? And is this other site on the same server? Apache server?

By: Julio Soto

Julio Soto — Thu, 16 Apr 2009 18:06:04 +0000

Hi again Jim,

Good news:
I have successfully blocked with an .htaccess file all that Turkish sites that were spamming mine. Now the button image doesn’t download to their sites and when clicking over the red square of the image’s place my site doesn’t open delivering instead a 403 forbidden error.

I have another site with a topsites that is being spamming too by the same sites, so I uploaded the same .htaccess that to its root folder, but it is now working, the button image appears at the same turkish sites.

So I ask you why the same .htaccess file works fine in one site but not in the other one?

By: Julio Soto

Julio Soto — Tue, 31 Mar 2009 00:04:16 +0000

Thanks Jim.

I made a new .htaccess file using a tool.

In order to block the whole site http://www.trlist100.net/image.php (my main spammer) even subdomains and IP (212.95.40.15), this is the .htaccess command created:
_____________________________________
## SITE REFERRER BANNING
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} trlist100\.net [NC,OR]
RewriteCond %{HTTP_REFERER} trlist100 [NC,OR]
RewriteCond %{HTTP_REFERER} subdomain\.trlist100\.net [NC,OR]
RewriteCond %{HTTP_REFERER} 212\.95\.40\.15 [NC]
RewriteRule .* – [F]
___________________________________

I added it to the existing password .htaccess at the “_db_backups” folder that already exists at the root directory (as I explained in my second spanish message) so the whole command now is:
_______________________________
AuthType Basic
AuthName “User Backups”
AuthUserFile /var/chroot/home/content/a/m/e/americascrap/html/stats/.statspwd
require valid-user
Options +Indexes
## SITE REFERRER BANNING
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} trlist100\.net [NC,OR]
RewriteCond %{HTTP_REFERER} trlist100 [NC,OR]
RewriteCond %{HTTP_REFERER} subdomain\.trlist100\.net [NC,OR]
RewriteCond %{HTTP_REFERER} 212\.95\.40\.15 [NC]
RewriteRule .* – [F]
___________________________________

Saved changes and uploaded via FTP this new .htaccess file to substitute the exisiting one at the folder “_db_backups”.

However the button keeps displaying at http://www.trlist100.net/image.php ……so what is going wrong Jim?

By: Jim Westergren

Jim Westergren — Sun, 29 Mar 2009 16:16:40 +0000

Great that you can understand english.

No, you don’t need a new folder. Just make a new .htaccess and put in the same place as the index file of your web site.

First you need to see what you need to block. That you can do using a statistics program such as Webalizer which I used in my article. To see if it is working you can see in your log files or you can go to the web site that is blocked and see if your topsite button on that site is loading or not.

Hope this helped.

By: Julio Soto

Julio Soto — Sat, 28 Mar 2009 23:10:23 +0000

Okay Jim, thanks for the effort but let’s try in English.

What you say is that:
1) I must leave the folder “_db_backups” as it was with just the original .htaccess password.

2) Then create a new folder (for example “Block Spam”) having inside just the .htaccess file with the instructions to block URLs and country IPs I want to block.

3) And this new folder must be uploaded to the root directory folder where is the index.php too.

So there would be two different folders within the root with two different .htaccess files inside.

Please confirm above 3 steps.

Finally I would like to learn how may I know or test if the .htaccess file I created to fight spammers is working okay?

By: Jim Westergren

Jim Westergren — Fri, 27 Mar 2009 21:09:40 +0000

Hola Julio,

Esta carpeta no es correcto. Esta carpeta y esto escrito es para contrasena (password).

Necesita scritto in otro .htaccess in del mismo carpeta con index.html o index.php. No exista necesita crear.

Por favor mira a qi:
http://www.google.es/search?hl=es&q=.htaccess&btnG=Buscar+con+Google&meta=lr%3Dlang_es

Y despois vamos a qi:
http://www.htaccesstools.com/block-hitbots/

Y scritto del domains tu queres bloquear.

By: Julio Soto

Julio Soto — Tue, 24 Mar 2009 22:04:56 +0000

Gracias Jim por contestar.

En el servidor, en la carpeta raiz tengo una carpeta llamada “_db_backups” y dentro hay un archivo .htaccess

En ese .htaccess encontré ésto:

AuthType Basic
AuthName “User Backups”
AuthUserFile /var/chroot/home/content/a/m/e/americascrap/html/stats/.statspwd
require valid-user
Options +Indexes

que no sé para qué es. PRIMERA PREGUNTA: ¿Tú sabes para que sirve ese escrito?

Entonces a ese escrito le añadí los IPs para bloquear el acceso desde Turquía quedando así:

AuthType Basic
AuthName “User Backups”
AuthUserFile /var/chroot/home/content/a/m/e/americascrap/html/stats/.statspwd
require valid-user
Options +Indexes

order allow,deny
deny from 62.5.128.0/17
deny from 62.16.32.0/19
deny from 62.16.64.0/19
deny from 62.16.96.0/19
deny from 62.33.0.0/16
deny from 62.61.0.0/19
deny from 62.63.64.0/18
” ” ” ” ” ”
” ” ” ” ” ” ”
” ” ” ” ” ” ”
” ” ” ” ” ”
allow from all

Pero pareciera que ésto no está funcionando bien. SEGUNDA PREGUNTA: ¿Habré hecho eso bien?

Gracias

By: Jim Westergren

Jim Westergren — Tue, 24 Mar 2009 18:13:46 +0000

Hola Julio,

Yo ablo poco español, no mucho.

Que es no funciona? Per favor explicar mas.

Hasta pronto

By: Julio Soto

Julio Soto — Mon, 23 Mar 2009 20:00:38 +0000

Hola Jim,

Leí que vives en Bolivia.

Me imagino que sabes español, es que hay algo que no me funciona usando .htaccess para bloquear los spammers en mi topsite.

Saludos

By: MarkusIron

MarkusIron — Tue, 16 Dec 2008 15:24:15 +0000

Just some words about WebAlizer…

I don’t like very much.
It’s rather good and does’t cost anything.
BUT:
1) the stats it gives is incorrect very often
2) some logs of WA are ref spamed, what may cause even DDOS of the site

But its not difficult to tune WA that way so it will work correctly!

By: webmaster

webmaster — Mon, 08 Dec 2008 14:28:16 +0000

I suggest adding *ref* attirbute in robots.txt

By: wattaman

wattaman — Sat, 07 Jun 2008 09:57:16 +0000

Doesn’t work for me. Neither blocking or redirecting to a custom page or URL.
I’m using the .htaccess from the top pf the page, not the one in the .zip.
Is it possible that it could be due to server’s configuration? I know they don’t allow php code (for example) in the .htaccess file.
Anyway, the biggest spammer of mine (sevgibar.com/soft.php) still displays my button and not the redirected page.

By: Die Green

Die Green — Sat, 19 Apr 2008 21:30:24 +0000

Well my hosting has hotlink protection.. it’s been set-up already w/ some of the big spammers.. this is how my hotlink protection list looks like.. (all set-up by host =] no spam!)

^http(s)?://(www\.)?aklimdasin.net
^http(s)?://(www\.)?almanyachat.com
^http(s)?://(www\.)?altdudak.com
^http(s)?://(www\.)?anonym.to
^http(s)?://(www\.)?ara-bul.org
^http(s)?://(www\.)?arkadasohbet.com
^http(s)?://(www\.)?asksokagi.net
^http(s)?://(www\.)?askyeri.net
^http(s)?://(www\.)?astroloji.ws
^http(s)?://(www\.)?bahisci.net
^http(s)?://(www\.)?baysohbet.com
^http(s)?://(www\.)?bedava.mirctr.org
^http(s)?://(www\.)?bedavasohbet.org
^http(s)?://(www\.)?bizimmekan.com
^http(s)?://(www\.)?bizimonline.com
^http(s)?://(www\.)?cafeyurt.com
^http(s)?://(www\.)?cetsohbet.com
^http(s)?://(www\.)?chatchat.gen.tr
^http(s)?://(www\.)?dominacja.najlepsze.net
^http(s)?://(www\.)?dost-chat.com
^http(s)?://(www\.)?e-iklan.net
^http(s)?://(www\.)?egecafe.com
^http(s)?://(www\.)?elmaliseker.net
^http(s)?://(www\.)?foxchat.org
^http(s)?://(www\.)?freehitwebcounters.com
^http(s)?://(www\.)?galatasaray.gen.tr
^http(s)?://(www\.)?geceninrengi.net
^http(s)?://(www\.)?gulum.net
^http(s)?://(www\.)?hadigel.net
^http(s)?://(www\.)?iddaamac.com
^http(s)?://(www\.)?ircstar.net
^http(s)?://(www\.)?itirafsitesi.com
^http(s)?://(www\.)?kacaksohbet.net
^http(s)?://(www\.)?kadersizim.com
^http(s)?://(www\.)?kardelen.gen.tr
^http(s)?://(www\.)?kayip.com
^http(s)?://(www\.)?kodes.com
^http(s)?://(www\.)?kralgazete.com
^http(s)?://(www\.)?kurtlarvadisiteror.org
^http(s)?://(www\.)?kvteror.com
^http(s)?://(www\.)?kvteror.net
^http(s)?://(www\.)?liseliguzeller.net
^http(s)?://(www\.)?meyilli.com
^http(s)?://(www\.)?mirc-irc.com
^http(s)?://(www\.)?mirc.gen.tr
^http(s)?://(www\.)?mircarsivi.com
^http(s)?://(www\.)?mirchit.net
^http(s)?://(www\.)?mircland.com
^http(s)?://(www\.)?mirctr.org
^http(s)?://(www\.)?mircturk.gen.tr
^http(s)?://(www\.)?mircyukle.org
^http(s)?://(www\.)?moviesmammoth.blogspot.com
^http(s)?://(www\.)?musiqueray.org
^http(s)?://(www\.)?myuitm.com
^http(s)?://(www\.)?nazlimcafe.com
^http(s)?://(www\.)?netlek.com
^http(s)?://(www\.)?oyunyolu.net
^http(s)?://(www\.)?pcforumlari.com
^http(s)?://(www\.)?pornolar.org
^http(s)?://(www\.)?radyo.mircturkey.com
^http(s)?://(www\.)?sevelim.com
^http(s)?://(www\.)?site.name.tr
^http(s)?://(www\.)?sohbet.gen.tr
^http(s)?://(www\.)?sohbet.kenthaber.com
^http(s)?://(www\.)?sohbet.org
^http(s)?://(www\.)?sohbet.sevgi.net
^http(s)?://(www\.)?sohbet24.net
^http(s)?://(www\.)?sohbet27.com
^http(s)?://(www\.)?sohbet27.net
^http(s)?://(www\.)?sohbet35.org
^http(s)?://(www\.)?sohbetani.com
^http(s)?://(www\.)?sohbetara.com
^http(s)?://(www\.)?sohbetbol.net
^http(s)?://(www\.)?sohbetcafe.com
^http(s)?://(www\.)?sohbetchat.tc
^http(s)?://(www\.)?sohbetedin.net
^http(s)?://(www\.)?sohbetyap.com
^http(s)?://(www\.)?soyle.net
^http(s)?://(www\.)?the-cloak.com
^http(s)?://(www\.)?topsohbet.com
^http(s)?://(www\.)?tr.cc
^http(s)?://(www\.)?trsohbet.com
^http(s)?://(www\.)?tsohbet.com
^http(s)?://(www\.)?turk-sohbet.org
^http(s)?://(www\.)?turkbul.org
^http(s)?://(www\.)?turkmirc.com
^http(s)?://(www\.)?turkmuhabbet.com
^http(s)?://(www\.)?webalem.net
^http(s)?://(www\.)?yapma.net
^http(s)?://(www\.)?yuzukchat.net

P.S.
your spam protection for comment is really good.. it took me 5.4 seconds to figure out ^^