Blocking spammers with mod_rewrite

[NewEraCracker]

If you don't have APIs installed in your site that require POST method you can add this to .htaccess

Code: 

# Mitigate the spammers
<IfModule rewrite_module>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP:Accept-Language} ^$
RewriteCond %{REQUEST_METHOD} ^(POST)
RewriteRule .* - [R=406]
RewriteCond %{SERVER_PROTOCOL} ^(HTTP/1.0)
RewriteCond %{REQUEST_METHOD} ^(POST)
RewriteRule .* - [R=406]
</IfModule>

It blocks POST requests from all clients without referer header and without Accept-Language header (automated form submission) and blocks POST requests from any HTTP/1.0 client (bots don't need POST)

-------

If you use nginx as apache reverse proxy. It downgrades requests to HTTP/1.0 and you lose the original HTTP version so just use:

Code: 

# Mitigate the spammers
<IfModule rewrite_module>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP:Accept-Language} ^$
RewriteCond %{REQUEST_METHOD} ^(POST)
RewriteRule .* - [R=406]
</IfModule>

Regards,
NewEraCracker

NewEraCracker Reviewed by NewEraCracker on 20th May 2011. Blocking spammers with mod_rewrite If you don't have APIs installed in your site that require POST method you can add this to .htaccess # Mitigate the spammers <IfModule rewrite_module> RewriteEngine On RewriteCond %{HTTP_REFERER} ^$ RewriteCond %{HTTP:Accept-Language} ^$ RewriteCond %{REQUEST_METHOD} ^(POST) RewriteRule .* - RewriteCond %{SERVER_PROTOCOL} ^(HTTP/1.0) Rating: 5

[Ash]

Thanks for this NEC

[XSLTel]

Thank you very much NEC

[bmoeller]

Try using this site . HERE
Comes in handy when you need to quail spammers from certain countries

[NewEraCracker]

I have improved the checking. Shoudn't block legit requests without Referer Header

[EnCiPh3r]

LOL Most of site owners wont add it because only multiposters post on their site

[NewEraCracker]

You can allow multiposters by excluding the first set of rules and leaving this in .htaccess.

Code: 

<IfModule rewrite_module>
RewriteEngine On
RewriteCond %{SERVER_PROTOCOL} ^(HTTP/1.0)
RewriteCond %{REQUEST_METHOD} ^(POST)
RewriteRule .* - [R=406]
</IfModule>

This will still block spambots that rely in old libs that still use HTTP/1.0

DON'T USE THIS, IF YOU USE NGINX!

[GoPantheoN]

Just a doubt, will this ban all the auto posters or some of them ?

Edit : Learnt that it ll block most of the old ones.

[Perl]

Hey i used this but when i try to use any Ajax related work and try to move / prune any posts or even try to make new posts manually

Its says

406 Not Acceptable

An appropriate representation of the requested resource /index.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Any help ?? FYI I use IPB 3.1.4

Tested few things it only occurs when you put last 3 lines

<IfModule rewrite_module>
RewriteEngine On
RewriteCond %{SERVER_PROTOCOL} ^(HTTP/1.0)
RewriteCond %{REQUEST_METHOD} ^(POST)
RewriteRule .* - [R=406]
</IfModule>

Any solution ?

[Ruriko]

what if I use nginx?