Final workaround of referer spam things...
[Initial]: found from my log reports that I've been spammed for a while.
[stage1]: could not stand for those damn spammers that consume my bandwidth too much, need to stop it.
[stage2]: found ISAPI_Rewrite, put it on work with the following facts:
- it's small, nice, and functioning well as a isapi rewriter for incoming requests.
- spam sites were all actually got 403 or 404 errors as defined in the config file, although the actions were still writing into web logs and those spam site still appear as top 5 on my referer statistics.
[stage3]: found Chris Frazier's blog about ReverseDOS, installed it as the second-level-shelter from spammers, just in case accidentally ISAPI_Rewrite stop function, also prevent comment spammers by this tool.
[final stage]: need to find a way to erase the spammer site info from the referer field so that they won't appear in the top 5 of referer statistics as what they were planning to do. the solution for now is to change RewriteRule from that only change the URL and forbidden access to change the HTTP Header (the referer header) to something like "damn.spammers". so that I still see how many times as well as which file my site had been attacked but those spam sites won't apprear on my reports. final sample config file in httpd.ini for ISAPI_Rewrite is as follows:
- # Referrer Spam Blocking... ISAPI_Rewrite Syntax
# Caution!: one RewriteCond one RewriteRule or RewriteHeader!
# Multiple RewriteCond with one RewriteRule will work only on last one RewriteCond
# It's NOT like php mod_rewrite that multiple Cond successively for one Rule!!
# Keep this in mind will save you hours from try and error just like me! :(
# Updated! final working version...
# when matched spam keywords or website patterns,
# rewrite the referer header to "damn.spammers"
RewriteCond Referer: .*(?:keyword1|keyword2|keyword3|keywordN).*
RewriteHeader Referer: .* damn\.spammers
RewriteCond Referer: .*http://(?:www\.)?spam-site1.com.*
RewriteHeader Referer: .* damn\.spammers
RewriteCond Referer: .*http://(?:www\.)?spam-site2.com.*
RewriteHeader Referer: .* damn\.spammers
RewriteCond Referer: .*http://(?:www\.)?spam-site3.com.*
RewriteHeader Referer: .* damn\.spammers
RewriteCond Referer: .*http://(?:www\.)?spam-siteN.com.*
RewriteHeader Referer: .* damn\.spammers
# In IIS Log,
# records the file been attacked ((.*) $1),
# records changed referer name "damn.spammers" to referer field,
# and return back to client a 404 (the F flag).
RewriteCond Referer: .*damn\.spammers.*
RewriteRule (.*) $1 [F,I,L]
therefore both my log reports as well as blog site should get rid of those spammers, hopefully.