[thelist] preventing (further) attempts to spam a site

Eduardo Kienetz eduardok at gmail.com
Wed Jul 19 20:11:40 CDT 2006

I use a .htaccess file with, for example:

SecFilterEngine On
SecFilterScanPOST On
SecFilterDefaultAction "deny,log,status:404"
SecFilterSelective "REMOTE_ADDR" "^85.25.141."
SecFilterSelective "REMOTE_ADDR" "^$"
SecFilterSelective "HTTP_REFERER" "viagra"
SecFilterSelective "HTTP_REFERER" "phentermine"
SecFilterSelective "HTTP_REFERER" "online-cassino"

Actually, my list of REMOTE_ADDR's + HTTP_REFERER's has more than 300
lines. This way apache's mod_security denies access even before the
spammer hits my index.php
Works like a charm.


Eduardo  Bacchi Kienetz
LPI Certified - Level 2

On 7/19/06, Chris Hayes <chris at lwcdial.net> wrote:
> I've thoughtof numerous methods to avoid this.. and with each method I can
> imaginatify (a Bushism 4 sure Yo!)... the anti-method.
> G'luck buddy
> ----- Original Message -----
> From: "misterhaan" <misterhaan at track7.org>
> To: <thelist at lists.evolt.org>
> Sent: Wednesday, July 19, 2006 10:17 PM
> Subject: Re: [thelist] preventing (further) attempts to spam a site
> > Sarah Adams wrote:
> >> I was thinking that once someone (or a bot) tries to submit a form with
> >> bad input (based on evidence of header injection attempts or html where
> >> it shouldn't be allowed), rather than simply clean up the input or
> >> ignore the request, I could return a 404 header. I was thinking this
> >> *might* discourage them from trying again. What are the chances this
> >> will make a spammer stop coming back to spam this form? (I wouldn't
> >> expect it to stop all spammers, but if it stopped even a few, it might
> >> be worth it.)
> > I would think a 403 would be more appropriate than a 404, but at the
> > same time I'd be surprised if spammers are paying any attention to the
> > response they get from the server.

More information about the thelist mailing list