Referrer Spam is killing my site. over 1million hits in the last 5 days

xchido · 05-14-2008, 11:44 PM

I am looking at the ip2nation and downloaded their sql schema. Is it better to have a separate db for this or I should add the tables on my current db?

How can I integrate the script into my php pages?

xchido · 05-15-2008, 12:55 AM

I am looking at the ip2nation and downloaded their sql schema. Is it better to have a separate db for this or I should add the tables on my current db?

How can I integrate the script into my php pages? I added the two tables on my current DB and tried adding the script from their site into my index.php but all I get is blank pages.

Where did I go wrong? I am using PostNuke on my site.

xchido · 05-15-2008, 01:12 AM

By the way I am still getting this entries on my logs. They are in the thousands. my daily access logs are over 100MB each so at this rate I am getting close to 1GB of access logs this week alone. 99% filled with these entries. They are mostly the same with different referrer IP addresses. THe same IP addresses that I baned in my htaccess file. Why are they still appearing?

Code:

84.60.135.94 - - [14/May/2008:23:28:35 -0400] "GET /%22http://www.myspace.com/modules/Admin/pnstyle/modules/Admin/pnstyle/%22http://www.myspace.com/modules/Admin/pnstyle/themes/ExtraLite/style/%22http://www.myspace.com/index.php?name=News&catid=27&topic= HTTP/1.1" 404 51867 www.plazazacatecas.com "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET)" "-"

72.38.78.134 - - [14/May/2008:23:28:35 -0400] "GET /%22http://www.myspace.com/modules/Admin/pnstyle/modules/Admin/pnstyle/%22http://www.myspace.com/modules/Admin/pnstyle/themes/ExtraLite/style/%22http://www.myspace.com/%22http://www.myspace.com/modules/Admin/pnstyle/themes/ExtraLite/style/themes/ExtraLite/style/modules/Admin/pnstyle/%22http://www.myspace.com/index.php?name=News&catid=&topic=14 HTTP/1.1" 404 52002 www.infozac.net "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" "-"

98.195.159.40 - - [14/May/2008:23:28:35 -0400] "GET /%22http://www.myspace.com/modules/Admin/pnstyle/modules/Admin/pnstyle/%22http://www.myspace.com/modules/Admin/pnstyle/themes/ExtraLite/style/%22http://www.myspace.com/%22http://www.myspace.com/modules/Admin/pnstyle/themes/ExtraLite/style/themes/ExtraLite/style/%22http://www.myspace.com/index.php?name=News&catid=31&topic= HTTP/1.1" 404 51988 www.portalmichoacan.com "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" "-"

and several others.

What else should I be looking at to stop this traffic?

jiml8 · 05-15-2008, 08:20 AM

Quote:

Originally Posted by xchido

By the way I am still getting this entries on my logs. They are in the thousands. my daily access logs are over 100MB each so at this rate I am getting close to 1GB of access logs this week alone. 99% filled with these entries. They are mostly the same with different referrer IP addresses. THe same IP addresses that I baned in my htaccess file. Why are they still appearing?

What else should I be looking at to stop this traffic?

You are not going to stop that traffic. Your raw log files show every attempt to connect. These are attempts to connect that are all getting a 404 (file not found) response.

You can't stop them from trying to connect; prior to the attempt you don't even know they are there.

The whole point of referer spam is to get links to spam sites when your logs and your site statistics are indexed by the search engines. Your raw logs will always show these attempted connections, but your statistics gathering tools should filter them out. For instance, I usually use AWStats, and all of those 404 attempts would show up as one number on the chart, that being the connects that failed. Also, none of the referers will show up in my statistics as referring sites.

You should have things set up so your raw logs are never searchable by a search engine and if you do choose to expose your outputs from programs like awstats, those bogus referers won't show there.

xchido · 05-15-2008, 09:58 AM

OK! got it now. I just thought it the traffic will stop completely. Yes, my stats show a somewhat normal traffic but not like it was a couple of days ago. Thank you for your help.

I'll hate to keep bugging you but I wonder if you could guide me on how to implement the ip2nation scrip into my site. I gave it a shot last night and what I tried just keeps giving me blank pages.

Or where I can get more detailed instructions somewhere else since the site does not offer much instructions on how to implement the script on a dynamic site.

Thanks!

jiml8 · 05-15-2008, 11:09 AM

To use that script you have to be running php. You have to install the ip2nation database - and I would have made it a separate database rather than tables in an existing one but that is your call. You then have to properly open the database, and just run the script as part of your page script. I have it as an include. If you are getting blank pages, then that is some other issue and you have to do some standard php debugging to figure that out.