Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.In some content management systems, you can configure a block that shows what links people clicked to come to your site. This is called a referrer sting. Drupal doesn't display this referrer, which is a good thing.
Many porno and online poker sites have robots that are sending "fake" referrer strings, claiming they entered your site via their own site. When you would have a block displaying these referrers, they would get more hits from people clicking these displayed referrer URL's. So it is a good thing that Drupal doesn't display these referrers, apart from the referrer logs admin page.
Often, the robots sending these referrers do this via a so-called zombienetwork, thousands and thousands of misconfigured or hacked PC's which are "open proxys". You can't really block this referrer spam, the robots are sending real user-agents, are using many URL's and there are so many zombie IP addresses that are changing fast, that you can't block these.
There is some work underway to block bad behaving robots and users from within Drupal. Until that time, the only way to block the referrer spam it by looking at your referrer log and look for often used word in the fake referrer URL's, like "online-poker".
Now you can block these words in your .htaccess file. Say you want to block the referrers "internet-poker" and "viagra" as well as all user-agents that contain "looksmart"
First locate your .htaccess. This file is most likely in your Drupal document root. You can use vi, pico, notepad or another editor. Now go to the end of the file and just before the last line add:
# Block referrer spam
RewriteCond %{HTTP_REFERER} (viagra) [NC,OR]
RewriteCond %{HTTP_REFERER} (internet-casino) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (Looksmart) [NC]
RewriteRule .* - [F]
You don't have to restart your webserver, these settings take place immediately. When you look at your logs, you will still see the spamming robots with the fake referrer URL's. But you will see that these clients now get a 404 error, this means that they are not allowed to access that (or any other) page.
If the robot that is sending this referrer spam is a "smart" robot, it will know sending the fake URL didn't work. Now it wont stop all the bad guys, they will probably try to send another URL. Or the will go to another site to spam there. But there is a chance you will make it a better world. Try it.
