Fighting spam backlinks to a CMS

How to block bad referrers

I have been fighting hacking attempts and bad backlink bot nets a few times this year on different jobs. This time I have been cleaning one that effects Joomla and Wordpress. Adding links and uploading form pages to upload more code.

Not being a security expert but a web developer who has seen this plenty of times before dealing with the clean up is ok as long as you have a couple of things:

  • All the logins
  • Recent Backups
  • SSH access helps a lot
  • Log access
  • The power to change passwords
  • Following these things then often a new server to rebuild on or at least clean up on with restricted by * IP access to just you.
  • hack-green2

After the on side clean up of code hacking on pages to the site, the latest set of bots seems to pass a great number of backlinks to new targets from already hacked sites.

These are hard to get rid of from google which believes if a thousand pages link to you then that page exists. Even when that page throws a 404 error.

So I have added this to the site for some extra prevention:

In the virtual site config or the .htaccess file


RewriteCond %{HTTP_REFERER} (poker) [NC,OR]
RewriteCond %{HTTP_REFERER} (drug) [NC,OR]
RewriteCond %{HTTP_REFERER} (casino) [NC]
RewriteRule .* - [F]

RewriteCond %{REQUEST_URI} (poker) [NC,OR]
RewriteCond %{REQUEST_URI} (drug) [NC,OR]
RewriteCond %{REQUEST_URI} (casino) [NC]
RewriteRule .* - [F]

First three block links coming in from urls that are "bad" and the second from hitting the urls.

It gives a nice server 403 error:

Forbidden You don't have permission to access /drug on this server.

Lets see what this does to the 4240 pages google currently thinks exist as the 404 page on one site.

Have you been struggling with bad URLs, or do you know where to check?

Send me your suggestion, We can advise you on the best action.

Contributor

Tristan Bailey

Founder, Head of Development & Podcast Host, Holdingbay Full Bio

An Consultant Web Developer and Web Analyst, with over 16 years online developer experience, in ecommerce, engineering, travel, publishing, and education. Planning and infrastructure work as well as mentoring and managing a team. Working to open web standards to help forward planning and reduce the cost and time working with a team.

Contact Tristan at holdingbay.co.uk
Tweet at @tristanbailey