Block Referral Traffic

ASG

• October 20, 2016 01:11

I apologize if this thread is in the wrong forum, however, couldn't see a more relevant one for this thread. One of my sites has witnessed 8x increase in bandwidth utilization this month itself, all of which is referral spam, coming from - Removed -. We have tried blocking the referral http(s) traffic from the site's IP 43.224.xxx.xx by adding the following to .htaccess about a week back, however it hasn't seem to have any effect: deny from 43.224.xxx.xx Thankfully, our site is on a dedicated server with no bandwidth constraints, on a normal VPS it would have exceeded the bandwidth by month-end. Is there any other way to block traffic originating from above site?

• 

  SysSachin

  • October 20, 2016 10:18

  Hello, You can use the following code to deny access all traffic that originate from a particular domain (referrers) add this code in .htaccess file. ______________ RewriteEngine on # Options +FollowSymlinks RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR] RewriteCond %{HTTP_REFERER} anotherbadsite\.com RewriteRule .* - [F] ______________

  0
• 

  cPLevey

  • October 20, 2016 13:12

  Hey @ASG, cPanel's IP Blocker should help with what you're trying to do. Check out our documentation:

  0
• 

  ASG

  • October 22, 2016 04:56

  Hello, You can use the following code to deny access all traffic that originate from a particular domain (referrers) add this code in .htaccess file. ______________ RewriteEngine on # Options +FollowSymlinks RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR] RewriteCond %{HTTP_REFERER} anotherbadsite\.com RewriteRule .* - [F] ______________

  
  This seems to have worked, however the refferal traffic has come down by 2/3rds after modifying the .htaccess and not completely. I doubt IP blocking would work, since traffic could be coming from different IPs reffered by the specific links(probably the reason why IP blocking mentioned in the first post didn't work). Any ideas how to get rid of the traffic completely?

  0
• 

  cPanelMichael

  • October 24, 2016 22:23

  Hello, You may also find this thread helpful: Able to block spam bots and other unwanted traffic to a site Thank you.

  0
• 

  ASG

  • October 26, 2016 06:08

  Hi Michael, we already have CSF installed on the server. Also, this has gotten worse in the last 2 days - with over 30 gigs in bandwidth getting consumed. However the problem with CSF is, it is largely an IP based solution. Please look at the attachment(which is from last 4-5 minutes), the traffic is coming from all sorts of IPs, and I've spent last 20 minutes, banning at least 50 different IPs in CSF. Managing CSF is not humanly possible in such a scenario. This "spam attack" is happening as I write this, and neither CSF nor .htaccess method has been able to offer 100% security from such a distributed attack. There are lot of denials happening due to .htaccess method, however, an equal number is managing to get through. This is very similar to a DDOS attack, only through referral spam. Is there no other way except to shut down the server?

  0
• 

  cPanelMichael

  • November 01, 2016 20:50

  Hello, You may want to consult with your upstream provider to see if they have any solutions for this type of attack. There's a third-party URL here as well that you may find helpful: Apache getting DDoS Thank you.

  0
• 

  danielpmc

  • November 04, 2016 14:11

  Hello, I use a htaccess whitelist to allow only what traffic I want to visit my domain. By doing this, it will block anything that does not match the rules. It will significantly reduce your bandwidth from bots and hackers using python requests, lib/ and other codes. As far as Configserver is concerned you can change the Firewall Profles to block_all_perm. This will block all IPs that hit your Apache server in a malicious manner. WARNING: You must check your Firewall Deny IPs DAILY and review the IPs that have ben automatically added by Configserver. Keep in mind that once a certain amount of IPs have been added to Firewall Deny the oldest IP will be removed to make room for more. Hope this helps you out.
  Order Deny,Allow Deny from all #Allows cPanelAutossl/Softaculous SetEnvIfNoCase User-Agent .*hec.* good_bot SetEnvIfNoCase User-Agent .*oftaculou.* good_bot SetEnvIfNoCase User-Agent .*omod.* good_bot SetEnvIfNoCase User-Agent .*pane.* good_bot SetEnvIfNoCase User-Agent .*utoss.* good_bot #Allows Safari SetEnvIfNoCase User-Agent .*afar.* good_bot #Allows Bing SetEnvIfNoCase User-Agent bing good_bot SetEnvIfNoCase User-Agent bing.* good_bot SetEnvIfNoCase User-Agent .*bing.* good_bot #Allows Microsoft Edge Browser SetEnvIfNoCase User-Agent edge good_bot SetEnvIfNoCase User-Agent edg.* good_bot SetEnvIfNoCase User-Agent .*edge.* good_bot #Allows Linux based browsers Konqueror, Seamonkey, Ubuntu SetEnvIfNoCase User-Agent .*inu.* good_bot #Allows Firefox SetEnvIfNoCase User-Agent .*ire.* good_bot #Allows Chrome SetEnvIfNoCase User-Agent .*hrom.* good_bot #Allows MSIE (Internet Explorer) SetEnvIfNoCase User-Agent msie good_bot SetEnvIfNoCase User-Agent msie.* good_bot SetEnvIfNoCase User-Agent .*msie.* good_bot #Allows Googlebot SetEnvIfNoCase User-Agent .*ooglebo.* good_bot #Allows Opera SetEnvIfNoCase User-Agent .*per.* good_bot Allow from env=good_bot
  Extra ules can be added according to each individuals needs such as: #Allows Facebook SetEnvIfNoCase User-Agent .*aceboo.* good_bot #Allows Pinterest SetEnvIfNoCase User-Agent .*interes.* good_bot #Allows Linkedin SetEnvIfNoCase User-Agent .*inkedi.* good_bot SetEnvIfNoCase User-Agent .*inked-i.* good_bot #Allows MySpace SetEnvIfNoCase User-Agent .*yspac.* good_bot You can add as many rules as you choose.

  0
• 

  myilraj

  • August 04, 2019 00:43

  Hi Team, I am writing this thread to get support from you people for the below question. 1.) Block domains from accessing my site. There are more than hundreds of domain's ending with .tk, .gq, .ml, .cf etc pointing to my site thus creating a huge number of backlinks. I want to find a solution to block all these domains. Action Taken: I tried to find the IP address of those domains but they were behind Cloudflare and hence the origin domain name is hidden. Note: Cannot use .htaccess method (spam bot referrer) because adding a few hundred domain names in that file will load the server and cause the site to load slower. Seeking for an alternate solution... Reference: I have attached the screenshot of the domains for your reference. Regards, Myilraj .G

  Hello, You can use the following code to deny access all traffic that originate from a particular domain (referrers) add this code in .htaccess file. ______________ RewriteEngine on # Options +FollowSymlinks RewriteCond %{HTTP_REFERER} badsite\.com [NC,OR] RewriteCond %{HTTP_REFERER} anotherbadsite\.com RewriteRule .* - [F] ______________

  
  I am using this method and it's working. But adding more than 500+ domains will cause a heavy load on the htaccess file. It will cause our site to load slowly. Is there any alternate solution?

  0

Please sign in to leave a comment.