Keeping the spammers at bay with a hardened .htaccess should be your first line of defense with any web site.

So let’s get started!

Restricting Where Comments Originate From

Everyone likes comments, but no-one wants comment spam. The simple snippet below will restrict access to the page that is responsible for submitting comments unless the submission originates from your web site:

RewriteCond %{HTTP_REFERER} !^http://www.yourdomain.com/.*$ [NC]
RewriteCond %{REQUEST_URI} ^.*comment_post\.php$
RewriteRule .* - [F]

Limiting Common Referrer Spam

Not all domains are created equally. Some domains just seem to have more referrer spammers than others. The next snippet blocks some top level domains (TLDs) from being a referrer and points them right back to where they came from.

RewriteCond %{HTTP_REFERER} \.kr [NC,OR]
RewriteCond %{HTTP_REFERER} \.by [NC,OR]
RewriteCond %{HTTP_REFERER} \.su [NC,OR]
RewriteCond %{HTTP_REFERER} \.to [NC,OR]
RewriteCond %{HTTP_REFERER} \.ru [NC,OR]
RewriteCond %{HTTP_REFERER} \.us [NC,OR]
RewriteCond %{HTTP_REFERER} \.tf [NC,OR]
RewriteCond %{HTTP_REFERER} \.info [NC]
RewriteRule ^(.*) %{HTTP_REFERER} [R=301,L]

These rules would block sites like: http://www.iamaspammer.to, http://i.will.spam.you.ru, http://buylandinflorida.info etc.

This is a work in progress, stay tuned for more or check in here: http://forums.b2evolution.net/topic-3764