spam referers bypass htaccess rules

Question

Here is a sample code I'm using in .htaccess to block spam referers:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://.*buttons-for-your-website\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*free-social-buttons\.com/ [NC]
RewriteRule ^(.*)$ – [F,L]

Also, I have the following code in nginx configuration because I have nginx stands as a reverse proxy in front of apache:

if ($http_referer ~ "buttons-for-your-website\.com|free-social-buttons\.com")  
{ 
  return 403;
}

I'm still getting hits from buttons-for-your-website.com, by some way this bot can bypass all previous rules and I have no clue how. I've verified both htaccess rules and nginx configuration on a domain of mine and they blocked access to my website from that domain. So, how these bots are still able to visit my website? Appreicate your answers.

You will want to see this answer: http://webmasters.stackexchange.com/questions/75909/how-to-fight-off-referrer-spammers/75914#75914 — closetnoc, May 29 '15 at 21:11
Are these "hits" in your server access logs? Or in Google Analytics? If the later then see closetnoc's comment above. Possibly academic, but your .htaccess RewriteCond pattern is too specific, you only need a regex like: buttons-for-your-website\.com (like you have for nginx) or even just buttons-for-your-website. — MrWhite, Jun 01 '15 at 18:53

spam referers bypass htaccess rules

0 Answers0