how to ban spam entitled people from google referrer
hello,
i ahve the askimet module and visitors' messages are moderated. However I've been getting that spam comment entiled "people" for several days repeatedly.
The IP changes all the time so I can't ban that spammer. The referrer seems to be ggogle each time but what of it?
here's an example of one spam:
content
Date Wednesday, 6 June 2007 - 3:20pm
User Anonymous
Referrer http://www.google.com/
Message Spam detected by Akismet in comment: people
Severity warning
Hostname 75.48.31.34
I probably ought to use a robot.txt -- I used to and I must have deleted it when I last upgraded Drupal. But robots don't always follow the rules set in the robot.txt file anyway.
Anything I can do? I didn't read the message but perhaps I should add a long list to the .htaccess file like here: http://drupal.org/node/48052 ?
Nareman...
This guy is well known. He's attacking one of my sites almost everyday from an IP address belonging to the Univ. of Arizona. I installed the Spam module and it catches every one of his yet lets legitimate posts come through.
Nancy W.
Drupal Cookbook (for New Drupallers)
Adding Hidden Design or How To notes in your database
people spam
Thanks tou Nancy for your reply. Askimet stops these spams too but I'd like to stop that spammer from simply trying to pester us. Is there a way?
What I can do is stop askimet emailing me about those moronic people spams. It would be a load off our email hoster (APINC, association for the promotion of non commercial internet).
---
Libres-Ailé(e)s (Association for Linux and libre software) (France, Cévennes)
Hmm...
I've never tried Akismet, so I don't know. Try posting a support request on the project page.
Nancy W.
Drupal Cookbook (for New Drupallers)
Adding Hidden Design or How To notes in your database
"People" spam with Google referrer
Okay Nancy, I will. Perhaps you can explain to me why the referrer for this people spam is Google.
Sorry for being so ignorant!
---
Libres-Ailé(e)s (Association for Linux and libre software) (France, Cévennes)
He's spoofing the
He's spoofing the referrer.
If it's not getting past the filters, then it's best to learn to laugh about that rather than getting worked-up 'cos it'll drive you mad otherwise.
Mike
------------------------------------------------------------------------------------------
A simple thanks to those that help, a price worth paying for future wealth.
Thank you for the
Thank you for the explanation
I don't care much only I get email notices from Askimet and that's a bore. I haven't found out how to prevent these mail notices...
--
Libres-Ailé(e)s (Association for Linux and libre software) (France, Cévennes)
Spoof
As Whippinpost said, he's spoofing the address. It's just like all those emails you get that never really tell you who sent them.
Nancy W.
Drupal Cookbook (for New Drupallers)
Adding Hidden Design or How To notes in your database
spammer
What's particularly frustrating about this spammer is the size of the botnet being used and the frequency they are hitting the pages. For smaller sites on shared hosts who might not be caching/throttling this could easily cause issues.
Akismet does catch most of it but it's still taking up resources, filling up your access_log and artificially inflating web stats.
I've blocked this bugger using .htaccess
RewriteCond %{HTTP_REFERER} ^http://www\.google\.com/$RewriteRule .* - [F]
Note that's an exact match on the google.com homepage, obviously I don't want to block google as a referrer of traffic so this still allows genuine referrals through. The [F] returns a 403 forbidden which seems to stop the bots after 5 minutes or so, for now at least anyway..
thanks
Many thanks _chris for your RewriteCond rule. It's been working fine. Only got one"people" spam, very recently -- perhaps the "people" spam is changing its strategy, still one spam is nothing to worry about.
---
Libres-Ailé(e)s (Association for Linux and libre software) (France, Cévennes)