Apache

ID #303

How do I protect my website from comment spam?

Applies to: Grid System

Website forms are often exploited by spammers. People with weblogs, in particular, endure this problem more than necessary.

SPAM bots attempting to exploit forms are poorly designed, making them easy to outsmart. If the SPAM bots do not fake a referrer, you can stop the bot with this code in an .htaccess file:

RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{REQUEST_METHOD} ^POST$
RewriteRule ^/POSTprocessing.cgi - [F]

The referrer should always be your site, so you are not stopping any legitimite traffic with this rule. Keeping that in mind, you can block all referrals that aren't from you, instead of blocking blank referrers:

RewriteCond %{HTTP_REFERER} yourdomain.com [NC]
RewriteCond %{REQUEST_METHOD} ^POST$
RewriteRule ^/POSTprocessing.cgi - [F]

where POSTporcessing.cgi is the script that processes your form's POST data.


Last update: 2010-10-04 14:48
Author: FAQ Admin
Revision: 1.2

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 5 (1 Vote)

completely useless 1 2 3 4 5 most valuable

You can comment this FAQ