Fun with htaccess

Added a few new things to th’ old htaccess file today, to deal with old broken Moveable Type archive links and comment and referer spammers.

  1. To convert the old MT monthly archive URLs to the shiny new WordPress versions:

    RedirectMatch 301 /archives/200([0-9])_([0-1])([0-9])\.php /200$1/$2$3/

  2. To redirect a subset of referer spammers (anyone with more than 1 dash in the referring domain; I have yet to see a legitimate URL with 2 or more dashes, but do let me know if you’re bothered by this) and hopefully stick the spammed URLs with a little extra bandwidth:

    RewriteCond %{HTTP_REFERER} ^(http://www.)[a-z]+-[a-z]+- [NC]
    RewriteRule ^(.*) http://%{REMOTE_ADDR}/ [R=301,L]

  3. I’m still getting a few hundred hits per month on mt-comments.cgi. A 410 error uses somewhat less bandwidth than my custom 404 page:

    Redirect gone /scgi-bin/mt-comments.cgi

    I was thinking about doing this as:

    Redirect 301 /scgi-bin/mt-comments.cgi

    … or similar, but it’s not like a bot would appreciate the witty tie-in to trollish meta-narratives. If anyone has a clever idea as to how I could gum up the spambots’ operations without wreaking undue havoc on my own server, though… do tell!


  1. Astarte wrote:

    You know, I set up referer rules in my htaccess, too, to try and combat them, but they’re still showing up in my logs, and that annoys the heck out of me.
    Know how to get them out of your logs?

  2. yami wrote:

    Since they’re issuing a sensibly formed request to which your server is responding, I don’t think there’s any way to keep them from appearing in your raw logs. Maybe you could run a cron job to clear them out every so often… or just use filters when you’re viewing ‘em.
    What stats package(s) do you use?
    I’m thinking of installing referer karma, I’ll let everyone know how it goes.

  3. denisdekat wrote:

    rats, I was thinking of changing my domain to…

  4. yami wrote:

    Yeah, that’s probably a bad idea. I’ll change the rules just for you if you do, of course, but I’m not the only one to have come up with this double-dash thing.

  5. Isaac Z. Schlueter wrote:

    Referer Karma is great.
    I have been a huge spam magnet for a while, since I had a lot of links to my site from b2evolution blogs when I was the support person listed in the default blogroll. I had come up with a few hacks and mods to combat them, but it was a constant uphill battle.
    Since installing referer karma, I’ve been checking my logs every day, and I haven’t seen a single spammer get through the 403 shield.
    I love the look of your site, btw. Very elegant and classy.

  6. yami wrote:


  7. Jacob wrote:

    Here is a legitimate domain with more than one dash. It is a site for a Boy Scout / OA group. There are many sites like this in the OA, the names are Native American names.

Post a Comment

Your email is never published nor shared. Required fields are marked *