Blocking evil spammer scum

Lately my site has been repeatedly attacked by some scumbag(s) looking for mail scripts that they can use to send out spam.

Naturally my site doesn’t have such a vulnerability but every one of their requests triggers a 404 which sends me an email.

As a typical attack involves 30 or 40 requests in the space of a minute the email bombardment right narks me.

So, I’d like to be able to block them at the Apache level so I don’t get a 404 email.

However, it’s a distributed attack and they use a MSIE user agent so I can’t block them that easily.

The requests do however have the following in common;

They are all POSTS and they all set the referrer to my home page.

I don’t have any forms that use a POST from my home page so I can block those requests and not affect anyone but these lousy spammers.

A quick scan of the Apache docs and I came up with this:

RewriteCond %{REQUEST_METHOD} POST

RewriteCond %{HTTP_REFERER} boncey.org/$

RewriteRule ^.* – [F]

The $ at the end of the second line is vital, it means only match on URLs that end in boncey.org/.

Without the $ I’d block all POSTs on my entire site and I don’t want that. 🙂

Man, I hate spammers.

Leave a Reply

Your email address will not be published. Required fields are marked *