I have implemented the following code to htaccess but are still seeing referrers from semalt, such as:
74.semalt.com
89.semalt.com
The code:
# Block visits from semalt.com
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://([^.]+\.)*semalt\.com [NC]
RewriteRule .* - [F]
Any idea how these referrers are bypassing this rule (which I found online) and how I can fully prevent them?
Your code looks good, syntax checks out ok! I used these mod_rewrite methods:
RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?semalt\.com.*$ [NC]
RewriteCond %{HTTP_REFERER} ^http(s)?://(.*\.)?semalt\.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*semalt\.com\ [NC,OR]
or with the .htaccess module mod_setenvif
SetEnvIfNoCase Referer semalt.com spambot=yes
SetEnvIfNoCase REMOTE_ADDR "217\.23\.11\.15" spambot=yes
SetEnvIfNoCase REMOTE_ADDR "217\.23\.7\.144" spambot=yes
Order allow,deny
Allow from all
Deny from env=spambot
I even created an Apache, Nginx & Varnish blacklist plus Google Analytics segment to prevent referrer spam traffic, you can find it here:
https://github.com/Stevie-Ray/referrer-spam-blocker/
Here is an updated code for many of spam referral sites using regular expressions
<IfModule mod_rewrite.c>
RewriteEngine On
Options +FollowSymLinks
RewriteCond %{HTTP_REFERER} (?:o-o-6-o-o|bestwebsitesawards|s.click.aliexpress|simple-share-buttons|see-your-website-here|forum.topic55198628.darodar|hulfingtonpost|ilovevitaly|priceg|blackhatworth|semalt.semalt|kambasoft|buttons-for-website|BlackHatWorth|7makemoneyonline)\.com [NC,OR]
RewriteCond %{HTTP_REFERER} (?:lomb|lombia|econom|lumb)\.co [NC,OR]
RewriteCond %{HTTP_REFERER} (?:cenoval|Iskalko)\.ru [NC,OR]
RewriteCond %{HTTP_REFERER} (?:smailik|humanorightswatch)\.org [NC,OR]
RewriteCond %{HTTP_REFERER} (?:ranksonic|savetubevideo)\.info [NC]
RewriteRule ^ – [F]
</IfModule>
Hope someone find this usefull
Ok, this is how I got it to work:
# Block visits from semalt.com
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://([^.]+\.)*semalt\.com [NC]
RewriteRule (.*) http://www.semalt.com [R=301,L]
I tried all manner of these sample snippets from all over the web. None of them worked, and Semalt kept changing their domains and paths.
I suggest this which works great for me and has sane syntax. It will apply to any referrer path that contains the semalt.com string. Note you need Apache 2.4 for this to work. It can go in your .htaccess no problem, or in theory in your main Apache config.
<If "%{HTTP_REFERER} =~ /semalt.com/">
Deny from all
</If>
Good luck!
Update: if this causes a 500 error you need to empower your .htaccess, in your main Apache config, in this example, I have my .htaccess in my web server root of /var/www/wordpress, so I have in my .conf:
<Directory /var/www/wordpress>
Options +FollowSymLinks
AllowOverride all
Require all granted
</Directory>
Here's another approach for blocking the ever growing list of botnet hosts:
# Block Common Botnets
SetEnvIfNoCase Referer fbdownloader.com spambot=yes
SetEnvIfNoCase Referer descargar-musicas-gratis.com spambot=yes
SetEnvIfNoCase Referer baixar-musicas-gratis.com spambot=yes
SetEnvIfNoCase Referer savetubevideo.com spambot=yes
SetEnvIfNoCase Referer srecorder.com spambot=yes
SetEnvIfNoCase Referer kambasoft.com spambot=yes
SetEnvIfNoCase Referer semalt.com spambot=yes
SetEnvIfNoCase Referer ilovevitaly.com spambot=yes
SetEnvIfNoCase Referer 7makemoneyonline.com spambot=yes
SetEnvIfNoCase Referer buttons-for-website.com spambot=yes
SetEnvIfNoCase Referer econom.co spambot=yes
SetEnvIfNoCase Referer acunetix-referrer.com spambot=yes
SetEnvIfNoCase Referer yougetsignal.com spambot=yes
SetEnvIfNoCase Referer darodar.com spambot=yes
Order allow,deny
Allow from all
Deny from env=spambot