Using mod_rewrite against stupid comment spam bots…

    January 8, 2005

You’d think the comment spammers would be a bit smarter, but apparently not. Over 80% of all attempted spam hits on my site provide no HTTP Referer data.

None of them work, of course, because my MT install isn’t quite what they think it is (they don’t know to type “jeremy” in the extra field). But it still takes up a bit of CPU effort to ask cgiwrap to fire up mt-comments.cgi and whatnot.

So I finally did what I’ve been meaning to do for a while now:

    RewriteCond %{HTTP_REFERER} ^$
    RewriteCond %{REQUEST_METHOD} ^POST$
    RewriteRule ^/mt/mt-comments.cgi – [F]

And 20 seconds after I did an apachectl graceful it blocked an attempt.

Morons, I tell you.
See Also

  • the mod_rewrite docs
  • Ralf’s Apache 1.3 URL Rewriting Guide
  • Kasia’s Spam breeds more spam
  • Jeremy Zawodny is the author of the popular Jeremy Zawodny’s blog. Jeremy is part of the Yahoo search team and frequently posts in the Yahoo! Search blog as well.

    Visit Jeremy’s blog: Jeremy Zawodny’s blog.