All in the <head> – Ponderings and code by Drew McLellan –

Referrer Log Spam

In the quest to someone, anyone to click through to their advertising-laden (and often pr0n-laden) sites, filthy spammers have taken to spamming referrer logs. I check through my log files periodically (in fact, Textpattern stores this data for me too) to see if anyone else has posted something in response to my posts. It’s like trackback, but retro. Of course spamming referrer logs is nothing new, but it seems to be getting to the point now where it’s really becoming a nuisance.

The process is simple. The spammer writes a script to trawl through a list of URLs (something like the home page of is ideal) and performs an HTTP GET on each site, setting the address of their own site in the referrer header. This results in an entry in the site’s access logs showing that, apparently, the spammer’s site is linking to you. Of course, when the owner of a site goes through and clicks to see who’s linking to them, they’re driven directly to the spammer’s site. Often, they’ll register interesting sounding domain names to throw you off the scent – but of course they all point to the same place.

This weekend my site was hit will a pretty intensive campaign of referrer log spamming – I was getting several an hour on various domain names all pointing to the same site. Fortunately for me (and stupidly on the part of the spammer) all the hits were originating from the same host name – a collocated server with an ISP called Jupiter Hosting. The answer was simple:

deny from

Adding this to my .htaccess file results in my site not being served to any requests originating from Jupiter Hosting. So that blocks the spammer, but also every other Jupiter Hosting customer, right? Well, I could be more specific in my rule but I’m not feeling that charitable. If ISPs like Jupiter Hosting don’t take responsibility for malicious activity originating directly from their networks, then I’m more than happy to block them. (Yeah, I know I’m evil).