David Russell

Lately, I’ve been researching a couple of different options for battling referrer spam. It’s bloating my stats and wasting my bandwidth and I’m tired of it. The real problem is that I’m the only one who has access to my server logs, so the spam has no function other than waste.

The solution I’m trying to find defeats referrer spam at its core nature, referrer headers (often spoofed) by an automated machine. Certainly any authentic referrer information needs to shine through. The .htaccess solutions I’ve found have either not done enough or broken my site entirely at places like Google. And I’m not into a purposeless or over-zealous response to this. I just need something that works and, preferably, something that stays out of my way. I really don’t want to have to maintain anything if I don’t have to. I will, but as a last resort.

Over the past six months, I’ve seen a rise in four-letter domain names coming into my logs. I don’t necessarily mean four-letter as in profane, I mean literally four-letter domains that are seemingly just random combinations of letters and occasionally numbers. If I blocked referrers from four-letter domains it would probably solve 60-70% of my problem. But that’s the type of compromise I don’t want to do. I’d give up information about referred visitors from authentic sites, like digg.com and cnet.com. (Not that I have much of either of those, but you get the point.)

Has anyone found a decent solution to referrer spam? My personal research hasn’t turned up anything that really works. Shoot me an email if you’d rather stay off-record.

[tags]referrer, spam, web, security, htaccess[/tags]