You are not currently logged in. If you do not have a user account then please consider creating one and logging in before you post your comment. This will allow you to track replies to your comment, and take part in the site much more freely.

To add your comment, fill in all the boxes below and then preview it to make sure you're happy with the way that it looks.

This is the comment you were replying to, attached to the article Question: Preventing Apache referer spam?:

#5 Re: Question: Preventing Apache referer spam? Posted by Steve (82.41.xx.xx) on Mon 29 Aug 2005 at 19:12 (Anonymous comments are not moderated currently; if abuse becomes a problem this might change, but I have no immediate plans to break the current status quo). Thanks for the list pointer, I see a few more offered as well. I guess I have the idea that once I start using a blacklist I'm going to have to keep adding to it - and that strikes me as fighting a losing battle. As for empty User-Agent headers I've honestly not noticed that. Most of the bogus referers I've seen have spoofed Mozilla, or IE. One big giveaway is that they will typically request only the index page - repeatedly - and never fetch the favicon.ico / stylesheets / etc. I did wonder if I could auto-blocklist clients which request only a single page (more than a given number of times) without requesting any of the referenced content - although I guess this would drop things like googlebot... Steve -- Steve.org.uk

Inappropriate comments will be removed.

Username:

Password:

[ Advanced Login ]

Register Account