How to block Russians spammers from your Apache hosted website
December 5, 2012
I am posting this article for other Webmasters who are having problems with Russian based access log, blog, forum, contact form, or guestbook spammers. Any website that allows the public to post anything to its pages, or to contact the owner or Webmaster, is eventually going to attract the attention of Russian speaking spammers.
I know this from my own experiences running several domains as both the owner and as a Webmaster for other people. If you have any forms that allow others to post to them, the spammers will come. They sometimes just spam the "Referer" field in our website access logs, by posting links to shady websites promoting illicit drugs, counterfeit goods, phony product reviews, etc. They do this just in case your server is configured to publish your raw access logs to the public (a really bad idea!). This is known as "Referer Spam" and it is meant to post links to these often bad websites inside access logs that anybody might be reviewing.
Referrer spam has little chance of success, so website spammers prefer to post spam links and comments on blogs, forums, guestbooks and feedback forms. Since many websites provide some or all of these contact options, it's no surprise that they are often overrun by comment spammers. My access logs reveal that most of the comment spam sources are Russian speaking persons or bots, often emanating from IP addresses in the former Soviet Union.
I have nothing to sell to anybody in the former Soviet Union and have no use for Russian spammers, so I block access to traffic coming from there. Here are some of the ways I do this.
Blocking Russian Spammers from Apache hosted Websites
Note: Before applying the following tactics, please check with your web host's support, or administrator, or your Webmaster, to ensure that you are allowed to use Mod_AuthZ_Host and Mod_Rewrite directives in a custom .htaccess file.
My first line of defense against Russian based spammers and hackers is my Russian Blocklist. This is an IP address based access restriction compilation of CIDRs that are added to the .htaccess file in the public web root of a website that is hosted on an Apache web server. Instructions for adding my blocklist or other blocklists I publish are found on the blocklist page. You'll have to copy and paste the portions starting with "<Files *>" and ending at "# End of file" into your .htaccess file, preferably near the top, before any more server intensive Mod-Rewrite rules.
Note to server administrators. If you have root access to your server and its operating system, you can deny access to Russian traffic to the entire server and all running services, not just the http portion, by employing my Russian iptables blocklist to your server's Linux firewall.
When placed in the web root .htaccess file, the Russian Blocklist denies access to IP addresses covered by the CIDRs in that blocklist, to all publicly viewable pages in your Apache hosted websites. This includes subdomains, forums, folders and forms. I add new CIDRs to the blocklist as I discover them.
My next line of defense against Russian website spammers is by the use of special Mod_Rewrite rules in my .htaccess file that deny access to particular user agent strings used by default by these folks. The following are three of the most effective Russian user agent blocking rules I currently use:
RewriteEngine On
RewriteOptions inherit
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} \ \[?(pl|ru)\]?\ |\ (pl|ru);\ |.+\.ru\)|\ ru\)|Ukraine\ Local; [NC,OR]
RewriteCond %{HTTP_USER_AGENT} MRA|MRSPUTNIK [OR]
RewriteCond %{HTTP_USER_AGENT} \ Y[EI]$
RewriteRule .* - [F]
If you want to use these directives, be my guest. If you have a custom 403 page in use, you will need to modify the RewriteRule to allow that file to be served, as in this example:
RewriteRule !^403\.shtml$ - [F]
The example uses a file in the web root, named 403.shtml to issue a Server 403 Forbidden response. If you have a differently named file or path, substitute it for the one in my example. Contact your Webmaster or hosting support desk if in doubt!
Always backup your previous .htaccess before uploading any alterations. Sometimes a misplaced, incorrect, or missing character can cause a Server 500 Error, which locks everybody out of http access to the website! Test after each change and revert to the last known good copy until you debug what caused a 500 error. The Apache Web Server section of Webmaster World is a good place to learn about these things.
These solutions are not the only ones I employ, but they are the best ones I have for the general public. Adding my Russian Blocklist and the three listed Mod_Rewrite directives can block access to the majority of typical Russian based spam attempts on your website blog, forum, guestbook or contact form. By reviewing your raw access logs, or blog activity reports for apparent spam attempts, you can create your own personal set of rules that will block them from posting anything to your website.
I am available to personally assist you with applying my .htaccess blocklists to your .htaccess file, and/or to create additional custom rules based upon what software you have running on your website. I have reasonable hourly rates for my services. Contact me via my Webmaster contact form.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.