How to corectly block referrer spam IPs?

Question

I am having some trouble with referrer spam on several sites, and I am trying to block the IP of those sites. I used domaintools to check the IP address and use that to block incoming traffic. However, according to Google Analytics, they are still getting through. What am I doing wrong? How can I stop referrer spam?

nginx - in the /etc/nginx/sites-available/example.com file

server {
    ...
    location / {
        deny 12.345.67.890;
    }
    ...
}

Apache - in the .htaccess file at the root directory

Order Deny,Allow
Deny from 12.345.67.890

Answer 1

the deny directive, just block the request if the origin ip match.

So if your problem is with the referrers, check the $http_referer.

In NGINX you can do something like:

# Deny Referers

if ($http_referer ~* (bannedreferrer1|bannedreferrer2.net|somekeyword|anypattern)) {

    return 403;  
    #or any other action
}

In APACHE:

# Deny Referers using mod_rewrite 

RewriteEngine on
 RewriteCond %{HTTP_REFERER} example\.com [NC,OR]
 RewriteCond %{HTTP_REFERER} www2\.example\.com [NC]
RewriteRule .* - [F]

It should do the trick.

Answer 2

Best way is to stop them by contains clause, e.g. spam priceg.com check for priceg in referrer url.

Because many of these sites are creating sub domains and re hitting and when they tweak the url, hard coded conditions fail

RewriteCond %{HTTP_REFERER} (priceg) [NC,OR]
RewriteCond %{HTTP_REFERER} (darodar) [NC,OR]

It is explained in detail here