Stopping HTTP Referer Spam with ColdFusion
I get a lot of hits from HTTP Referer spammers in my logs these days. If your not familiar with this type of spam, its pretty simple. Someone has a url that they want you to visit, so they write a spider to visit your site, but they put in their url as the HTTP referer. So then when I check my web site logs I see 50 hits from their site, curious as to why they linked to me I visit their site. Many blogs, or web sites show the recent http referers for an article, if a spammer shows up here, then they also get a page rank boost.
HTTP referer spam is really hard to stop or prevent, sure many of them have keywords in their urls, those are easy to block, and that's what this entry will show you how to do, but long term this is a big problem.
My Simple solution in CFML
Before we get into the code I should point out that its probably better to block these guys on your web server or firewall because the CFML solution will only help if they are going for a CFML page, and its probably a bit more efficient on those layers.
At any rate here goes my solution, it simply looks for keywords in the referrer and returns a 403 Forbidden HTTP status code. This works for the stats package that I use (awstats) because it only logs referers for status code 200. Here's the code, I just stick it in my Application.cfm:
<cfif Len(CGI.HTTP_REFERER)> <cfset spam.badwords = "highprofitclub,holdem,poker"> <cfloop list="#spam.badwords#" index="spam.word"> <cfif FindNoCase(spam.word, CGI.HTTP_REFERER)> <cfheader statuscode="403" statustext="Forbidden http referer"> <html><head><title>403</title></head><body> <h1>403 Forbidden Referer</h1> <a href="/">Please Continue to the home page</a> </body></html> <cfabort> </cfif> </cfloop> </cfif>
Note that if your running on a version prior to CFMX 6 you might want to add a check to see if CGI.HTTP_REFERER is defined as well.
Here's a good article on stopping referer spam with apache, and some generally good info about the topic.
This combination does not work, only first word.
Here it "highprofitclub". Other words like holdem and poker not filtered.
- Why is my cron.daily script not running?
- Announcing FuseGuard Version 3
- CFSummit 2017
- Java Unlimited Strength Crypto Policy for Java 9 or 1.8.0_151
- Java 9 Security Enhancements
- Upcoming CFML Conferences in April 2017
- CFSummit 2016 Slides
- Securing Legacy CFML - dev.Objective() 2016 Slides