WordPress 2.0 / 1.5.x Plugin: Referrer Bouncer - A Plugin to bounce referrer spammer bots (and humans)

Hmmm… It would be wonderful if we could work out a central update service. I found myself adding 2-3 new referals to my .htaccess every week.
Either way, I’ve added a lot of the ones I received to the list. Anyone can grab it at http://www.pirate-king.com/wp-content/referer.txt

[...] Danger, And More WP Goodness Before we continue, as usual here’s another new plugin for WordPress that’s too good to pass up. What [...]

[...] i tiene le statistiche ed averlo subissato di spam, sappiate che ora esiste una soluzione: referrer bouncer, un plugin per wordpress che usa una blacklist [...]

Thanks a bunch for writing this plugin. I’ve been looking for one of these.

[...] trackback spam as well… and huge piles of referrer spam, which I’m hoping the Referrer Bouncer 1.1 plugin by Angsuman Chakraborty will reduce [...]

Angusman, thanks for creating this plugin. I’m looking forward to benefitting from it. I have a question about disabling the links though. I manually created the referer.txt file, chmod it to 666. However, after clicking on the disable link it give me a few warning messages like “Warning: touch(): Unable to create file /hsphere/local/home/galen5/familywebwatch.com/blog_test/wp-content/plugins/../nrsetup.txt because Permission denied in /hsphere/local/home/galen5/familywebwatch.com/blog_test/wp-content/plugins/noreferer.php on line 48″.

What am I doing wrong? Thanks for any help you can offer.

Hello again, Angsuman. My earlier post is missing. Did you get it? If not, I’d be happy to explain again the help I need with your plugin. I look forward to hearing from you.

@Ken You do not need to delete the referer.txt file for security.
Deleting it doesn’t enhance security in any way. In fact I encourage that you maintain your own file and update it as necessary.

All I do is prevent the file from being deleted/created by outsiders using the disabling feature. Thus outsiders cannot modify your referer list even if they guess that you are using this plugin. Editing the file is controlled by wordpress admin authentication mechanism. So after disabling you need not have any concerns wrt. security.

The wp-content directory should be writable by the process running php, which normally has the same permissions as your webserver (like Apache). Is your web server running under your login id?

I strongly suspect that it doesn’t have write permission to wp-content directory. It is probably running as “nobody”. You can do a ps -ef to find out this. Look for a process called httpd if you are running on Apache.

Another way is to temporarily chmod wp-content to 777 and see if it solves your problem.

The simplest solution for you is to create an empty file called nrsetup.txt under wp-content directory manually. You are done. You don’t need to worry about anything else. The setup is now fully secure.

If you are not concerned about manually configuring it with referrer’s then you can also delete the referer.txt file. You can always change your mind later.

By “touch” I meant the unix command I used to create the file.

Yes, I think you are done.

The diasbling of links means anyone with access to the url’s to create and delete your referer.txt will not be able to. After you “disable” the links, such operations will be prohibited, till you re-enable again.

It doesn’t affect the working of the plugin in any way.

The way it works is this. It checks to see if referer.txt is present. If so, it then uses it and sees if the current referrer matches anyone in your list. If the referer.txt file is not present then it uses its own internal list.

When I say that referer.txt can be deleted, I mean that by doing so you would be using the default set of referrer’s. If you want to customize the list then you need to have the referer.txt file present with your own entries.

Hope that clarifies…

@Christian
I am assuming you are using the link specified in the plugin description. Is that correct?
Try changing wp-content permission to 777. Run it. Then change wp-content permission to your old value.
Let me know how it goes.

Hello,

I’d install this plugin and it’s activated, also I add referers url into referers.txt. But I still
seeing the same spam referers in my stats!

For example, in referers.txt I’ve “p(0)ker” but in my referers I see “http://www.p(0)ker.blabla.com. (note: (0)=o).

What’s wrong?

Thanks!!!

[...] spambots. It goes far beyond User-Agent and Referer, however. 3. Recent Comments plugin 4. WordPress 1.5 Plugin: Referrer Bouncer - A Plugin to bounce ref [...]

hey man,

not sure what I am doing wrong but i just installed a new wp 1.5 blog

and when I add the noreferrer plugin to my plugin folder, and then on my site i try to click the
‘edit’ link so that i go into my Wordpress user interface, it hangs and does not let me get in there..

but when i remove the noreferrer plugin from my plugin folder through ftp, then i can access my blog and admin fine..

the noreferrer plugin is hanging something up, not sure why.

i am assuming to install I only have to drop the file into my plugins directory? and thats it?

tom

@Thomas Is your wp-content directory writable?

There isn’t anything which can cause this behavior. I am as surprised as you are. Never had any other reports before even remotely like this.

Just a hunch. Can you re-download the file please (from my site) and try again. Let me know what happens.

[...] event comment spammers from taking advantage of your pagerank. A basic, necessary plugin. Referrer Bouncer: The other half of the blog/spa [...]

I’ll give it a go being rather fed-up with parasitic spamming. I’m glad i don’t have to work through code beyond my grasp to do your solution.

[...] [EDIT] Back on again, please report any problems. Suggestions that I have found useful include: Apache mod_security, Spam Valve, Bad behavior, WP Hashcash and Referer Bouncer I have already implemented a couple of these and am in the process of rewriting a couple more to suit my needs. The first three are very promising. Bad Behavio(u)r has some clever code and when used without the logging feature, is very swift. I might tweak the code a bit to make it even more transparent and engage it *before* the Wordpress process using Addhandler. Using JS verification is an option that I would consider but would rather stay away from.   (Visited 121 times) [...]

[...] This took care of it. Installation is easy (though I had a little trouble with permissions), and the list of banned referrers easy to edit. Best of all: The messages bounce back to the referring URL. Heh. (I don’t have any way to prove it’s happening, but the images in my head are enough.) [...]

[...] See the above image? This is what happens when you somehow get blank lines in certain files of your Wordpress installation or plug-ins. In my case, it was the plug-in I use to bounce referrer spam, called Referrer-Bouncer. Referrer bouncer uses one php file that checks incoming referrers against a text file, and if it finds a match then it will bounce the referral back into the abyss. Well, if you accidentally insert a blank line in this text file, like I somehow did today, then you will find that you cannot access your admin panel, it will infinitely loop constantly bouncing itself. Firefox returns the above error. Internet Explorer just sat there all confused. [...]

After using this for a while, I started to get error messages that my redirect url limit was exceeded. I couldn’t even log in to my admin panel. When I deleted the plugin, the problem went away. When I reinstalled, the problem came back. What am I doing wrong?

[...] [...]

@Krystal
You are welcome.
BTW: You don’t even need the vending-machine.narod.ru line as your .ru line before will match any ru domains.

I have a use in mind for this plugin a little different fr. the main one Angsuman conceived it for & I just want to be sure that it’ll accomplish what I need.

Periodically, I get visitors who are referred to my site by various online forums. They come to my site referred fr. the forum sites and leave pretty nasty comments. And sometimes they leave them in droves.

My question is: once I discover that a particular domain is referring these people to me & they’re leaving these unwanted messages, if I add that particular referring domain to my referer.txt file will it bounce the unwanted commenter back to the domain/URL fr. which they came?

If so, this is something I very much need. I’ve just installed it & no problems so far. Proof of the pudding will come when my next “attack” happens.

Hey, if Thomas is still reading this (see his May 16th comment) I think I discovered what might’ve been the problem with his WP installation hanging after installing the plugin. He says in his comment that he set his wp-content folder to 755. I had mine set to 755 as well & got the same hang behavior. But when I set it to 777, then everything went back to working fine.

So be sure your folder is set to 777.

Angsuman: if Thomas doesn’t see this maybe you have his e mail & can send him this comment in case it’ll fix his problem?

Thanks Richard for the solution. I have emailed Thomas about your solution (cc’ed you).

I will update the post with this.

[...] By the way, the solution of Dawzz I chose to solve my problem was Angsuman’s Referrer Bouncer plugin. Works like a dream. blog, censorship, comments, plugin, abuse, wordpress [...]

[...] So after weighing my options, I decided to ban spam referrers from ever hitting my site, at least on my WordPress-based J Spotter, the WP referrer bouncer plugin being readily available. [...]

[...] Anyway, how did I do it? Simple! I used the Referrer Bouncer plugin and in the referer.txt file, I cuntpastded (lulz) all of the search terms that I deemed sick and disturbing. Here’s an example of some stuff in my .txt file: hot+cat+sex+ass YUGIOHhentai Yautja+cock+sex+ass hot+silicon+girl silicon+girl pissing-girl.ws 8m.com yu-gi-ohhentai Yautja+sex+cock+ass illegal+porn+galleries princess+peach+hentai princess+peach+porn Super+Mario+Porn i-no+hentai yugioh+hentai [...]

UPDATE to my last comment. When I view the referer.txt file using Notepad through my ftp client, I see no returns separating the entries. But when I use WP’s own interface to view the file I do see returns separating them. So I recommend only adding domains to referer.txt using the WP interface (or else adding returns to the file when viewed in Notepad or via yr. ftp client).

[...] Been getting a lot of spam lately — in the hundreds, daily. I’ve already installed the Wordpress Hascash and Referrer Bouncer for quite some time now. [...]

Angsuman: I was wondering whether you might have any ideas why I’m seeing this behavior regarding a bounced domain.

I added it to my referer.txt file. When I visit the bounced domain myself & attempt to click on a link there to my site I AM bounced back to the original site (& not allowed access to my own). This is the behavior I want to see. However, I’m still seeing in my site stats visits to my site referred fr. that domain.

How could that be happening?

@Richard
Can you provide me the url to the site which you intend to bounce? - I will take a look.

[edit]22.000 not wanted referer hits every day[/edit]

Should the plugin (noreferer.php / Angsuman’s Referrer Bouncer plugin) still be / remain activated after the referer.txt and nrsetup.txt files have been created? Or is activation only nessecary to adjust the referer.txt file (and create the nrsetup.txt file)? The nrsetup.txt file is a blanco file, right?
I cannot describe the earlier problems in details, so I just want to know before I () try again. This plugin does / wants to do more then I’m ‘used’ to. Thanks.

Wonderful!
Looking forward to hear about your 22, 000 not wanted hits

@Marjan
I have a different version which will work on any php enabled website including but not limited to wordpress. So yes it will neatly solve your problem.

I will post it by tommorrow.

Your referer bouncer wordks just fine in WP

For my ‘other’ problem:
With help ‘we’ found another solution…, to fix this problem instantly.
Replace the last line with:

RewriteRule \.*$ http://127.0.0.1 [R,L]

and you give them a peace of their own cake!

Regards, M.

Would you please, please be so kind to clue me in how to change the referer.txt dynamicly / help me otherwise?

Because sofar I’m not doing so well I quess: “Traffic limits are exceeded in this domain…”

[...] Guardando meglio scopro che ne arriva approssimativamente uno al secondo, comincio a preoccuparmi e cerco di capire che cos’è . . . Spam nei trackback/referrer !!? Googlando un poco ho trovato a parte i soliti Trencaspammers e HashCash questo che mi sembra interessante, si chiama ReferrerBouncer. Questo risolve il problema nei referrer anche se i buoi sono già scappati tant’ è che ora nei log mi ritrovo : [...]

[...] Angsuman’s Feed Copyrighter Plugin for WordPress 1.5 and above is of the class of upload-activate-and-forget Plugins (like WordPress 1.5 Plugin to disable nofollow from comments or WordPress Referrer Bouncer Plugin to bounce referrer spammer bots), Plugins that simply work. [...]

The sites may still show up on log analysers as Apache passes on the request to WordPress which bounces them. However they are getting bounced and spamming themselves

You can manually test to ensure it is working properly:
How to Ensure your Site is Protected by Referrer Bouncer Plugin

[...] 1:18 pm - Activated “Angsuman’s Referrer Bouncer” plugin and verified that it was functioning correctly. Filed under: general by Shane | [...]

thanks so much! really helpful!

The url simply translates a page to non-English language. If you click on the flags in the top right corner of this page then you get a translated version of this page in your language of choice.

It seems someone is misusing the service and using it to hide their nefarious activities.

Give me a day or two. I will fix it.

That is definitely not an error with Referrer Bouncer plugin.
Have you checked (in WordPress options) the options to blacklist open proxies?
That might be causing this error. Your office IP has been blacklisted by powers that be.

Referrer bouncer doesn’t selectively ban based on IP addresses.

[...] WordPress 2.x (and above) plugin to create multi-paged article. I have been asked several times how I create articles with multiple pages (like this or this). WordPress in recent versions (1.5 and above) does not provide any visible buttons to support multiple pages even though it supports the functionality internally. This plugins enables you to easily break your WordPress article into multiple pages. It works for both WYSIWYG as well as text mode. Compatibility Works on 2.x codebase. It hasn’t been tested on 1.5.x codebase and not supported. [...]

[...] You can easily and effectively use your .htaccess file to easily and effectively block comment and referrer spammers targeting your blog(s). If you are using WordPress you can also use my Referrer Bouncer plugin, which is much simpler, to block referrer spammers. For the rest here is a sample .htaccess file you can start with. [...]

[...] Angsuman’s Referrer Bouncer, Trackback Validator, Spam Karma 2, Bad Behavior: It’s hard to tell which of these is doing the lion’s share of the work, but I rarely ever have to see any comment or trackback spam on my blog. Obvious honorable mention to Akismet. I don’t know how this stuff works, but it gets the job done. [...]

[...] Niente da fare la soluzione che postato qualche giorno fà non sono riuscito a loccare niente, ho trovato la soluzione installando un paio di plugin’s per WP, questi: 1) Angsuman’s Referrer Bouncer [...]

hi there, just would like you to know that your plugin appears on my “most-wanted” list

cheers,
michael

thanks a lot for this plugin. i saw that you made a lot of useful plugins:) thank you!

[...] Referrer Bouncer Eklentiyi buradan indirebilirsiniz. [...]

Is thsi plugin compatible with WP v2.6.1 and v 2.6.2?

Will it be compatible with WP v2.7? or incorporated in v2.7?

Great plugin. Can the design be modified to fit the look of the blog?
Thanks.