1

I'm trying to prevent referrer spam to a number of websites I run. Then I encountered a lot of lines like this in the log files.

\xd1\x81\xd1\x82\xd1\x80\xd0\xbe\xd0\xb9\xd0\xba\xd0\xb0.kz

I'm currently keeping the referrer spam from appearing in my customers' AWStats reports with the following line in my .htaccess file.

RewriteCond %{HTTP_REFERER} ^http(s)?:\/\/([^.]+\.)*domain\.com\/

This seems to work fine, but I seem to having problems with encoded URLs. If I decode the URL to стройка.kz can I use that as the condition?

MrWhite
  • 12,647
  • 4
  • 29
  • 41
GeoffAtkins
  • 261
  • 2
  • 9
  • "This seems to work fine" - What exactly are you doing with that `RewriteCond` directive? What does `domain\.com` represent... your domain (ie internal request) or the domain of the spammer? Are you allowing or denying requests that match that directive? – MrWhite May 15 '17 at 17:05
  • See [this question on StackOverflow](http://stackoverflow.com/questions/42202575/htaccess-file-blocking-idn-domains) that offers a solution for blocking _all_ IDN referers. And [this "same" question on the Unix stack](https://unix.stackexchange.com/questions/344628/how-to-block-idn-domain-in-htaccess-file) for more explanation – MrWhite May 15 '17 at 20:10
  • @user82217 - It represents the spammer. This is part of a system where all of our websites (~600 of them) report possible referrer spam to a centralised point, these can then be loaded into a database, from which an updated blocklist is applied to each of those websites on a daily basis. That question on SO is helpful, I didn't see that. I will put that into effect. Thanks. – GeoffAtkins May 16 '17 at 08:00

0 Answers0