20i Reseller Hosting

trying to stop 100dollars-seo.com/try.php?u=

Discussion in 'Scripts and Coding' started by SecNam, Jun 7, 2015.

Thread Status:
Not open for further replies.
  1. SecNam

    SecNam Moderator Staff Member

    Joined:
    Jul 2004
    Posts:
    5,231
    Likes Received:
    48
    Hi,

    Its back again i am being bombarded with 100dollars-seo.com/try.php?u= in my logs. I have put the following in nt htaccess:

    # block visitors referred from 100dollars-seo
    RewriteCond %{HTTP_REFERER} 100dollars-seo.com\.com [NC]
    RewriteRule (.*) http://www.100dollars-seo.com [R=403,L]

    but it isn't stopping it? So can anyone help in how to block these idiots.

    Thanks in advance.
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    articles.co.uk
     
  3. Admin

    Admin Administrator Staff Member

    Joined:
    Jun 2004
    Posts:
    10,869
    Likes Received:
    331
    can't you block them by IP?

    Admin
     
  4. SecNam

    SecNam Moderator Staff Member

    Joined:
    Jul 2004
    Posts:
    5,231
    Likes Received:
    48
    No as it is url spam and not ip so they come from different ips


    Sent from my iPhone using Tapatalk
     
  5. Systreg Portugal

    Systreg Well-Known Member

    Joined:
    Oct 2008
    Posts:
    7,403
    Likes Received:
    214
    I've also noticed visits from these 100dollar referrers in the last couple of days, I add each IP to the IP deny manager in Cpanel as xx.xx.0.0-xx.xx.255.255 to block their IP range.
     
  6. dazc United Kingdom

    dazc Active Member

    Joined:
    Dec 2008
    Posts:
    272
    Likes Received:
    13
    Check previous posts for 'semalt.com'

    They use a botnet to spam the web so you'll never win by blocking ip addresses.

    This works although there are other methods. Don't bother sending anything back though - you may as well bark at the moon.

    Code:
    # BLOCK Spammers
    <Files 403.shtml>
    order allow,deny
    allow from all
    </Files>
    
    SetEnvIfNoCase Referer 100dollars-seo.com spammer=yes
    SetEnvIfNoCase Referer semalt.com spammer=yes
    
    Order allow,deny
    Allow from all
    Deny from env=spammer
    
    # END Spammers
    A few more you might want to add are:
    see-your-website-here.com
    buttons-for-website.com
    buttons-for-your-website.com
    best-seo-solution.com
    best-seo-offer.com
     
  7. SecNam

    SecNam Moderator Staff Member

    Joined:
    Jul 2004
    Posts:
    5,231
    Likes Received:
    48
    thanks for the above i will add that in know and monitor it today.
    Forum search is a wonderful thing :) thanks again for re-posting.
     
  8. SecNam

    SecNam Moderator Staff Member

    Joined:
    Jul 2004
    Posts:
    5,231
    Likes Received:
    48
    Out of interest is there any way of adding the above server wide for example in WHM.
     
  9. mally United Kingdom

    mally Well-Known Member

    Joined:
    Mar 2006
    Posts:
    2,270
    Likes Received:
    22
    Would like to know this too, would be a pain to add it to individual websites every time a new dodgy link comes along
     
  10. Edwin

    Edwin Well-Known Member Exclusive Member

    Joined:
    Apr 2005
    Posts:
    9,891
    Likes Received:
    566
    What is the benefit is of blocking them at the .htaccess level? Is it simply that you're not wasting bandwidth serving web pages to bots? Or do they have the potential to do something more harmful?
     
  11. Systreg Portugal

    Systreg Well-Known Member

    Joined:
    Oct 2008
    Posts:
    7,403
    Likes Received:
    214
    @ Edwin, the spam doesn't do anything harmful but, apart from saving bandwidth, webmasters like to get rid of them because they mess up analytics, the fake visit leaves immediately, which make the bounce rate in analytics go up.
     
  12. dazc United Kingdom

    dazc Active Member

    Joined:
    Dec 2008
    Posts:
    272
    Likes Received:
    13
    I don't think so. You could add a rule to mod_security if you have that but you'd still need to keep adding hostnames as they come along.

    In my experience over the past 2 years the list above covers 99% of the problem.
     
  13. Edwin

    Edwin Well-Known Member Exclusive Member

    Joined:
    Apr 2005
    Posts:
    9,891
    Likes Received:
    566
    Ok, thanks for the added info!
     
  14. SecNam

    SecNam Moderator Staff Member

    Joined:
    Jul 2004
    Posts:
    5,231
    Likes Received:
    48
    Ok that worked thanks guys just need to roll it out across all sites now.
     
  15. devilsrefugee

    devilsrefugee Active Member

    Joined:
    May 2012
    Posts:
    245
    Likes Received:
    3
    • Like Like x 1
  16. Adem United Kingdom

    Adem Active Member

    Joined:
    Mar 2012
    Posts:
    141
    Likes Received:
    3
    Thanks for that. Just installing now and will see if it does the job.
     
  17. Adam H

    Adam H Well-Known Member Exclusive Member

    Joined:
    May 2014
    Posts:
    1,614
    Likes Received:
    223
    If you put a .htaccess in /home directory it should impact on all user accounts across cpanel which will give you a global backout for bad bots, blocking them at server level/htaccess is a million times better than blocking them with some plugin which only blocks at PHP level which means there is still requests using resources.

    To add to systreg answer to Edwin the main issue with all these botnets, vulnerability scanners and small brute force attempts on wordpress sites alike is that the resources consumed are not only bandwidth, they effect server loads, server response times and first byte time.

    In many cases for wordpress id highly recommend signing up to cloudflares free services, great DNS control of all your sites in one place, instant mitigation of "bad bots" , faster response times and fast page loads as a whole.
     
  18. spiderspider

    spiderspider Active Member

    Joined:
    Feb 2013
    Posts:
    676
    Likes Received:
    48
    Just spotted a new one coming from:

    Ironic
     
  19. SecNam

    SecNam Moderator Staff Member

    Joined:
    Jul 2004
    Posts:
    5,231
    Likes Received:
    48
    Concerning cloudfare do you use it and/or anyone esle use it and is it reliable


    Sent from my iPhone using Tapatalk
     
  20. dazc United Kingdom

    dazc Active Member

    Joined:
    Dec 2008
    Posts:
    272
    Likes Received:
    13
    If you're happy for your site to go offline for the odd half hour here and there it's great.
     
  21. Adam H

    Adam H Well-Known Member Exclusive Member

    Joined:
    May 2014
    Posts:
    1,614
    Likes Received:
    223
    Ive started using it on a couple of small sites recently to see the results and like what i see, I havent tried them with a high or reasonably traffic site yet.

    Its free for HTTP requests and only takes a nameserver change to switch it back, ive seen alot of people complaining about it but like wise many singing their praises.
     
Thread Status:
Not open for further replies.