Hello
My website is getting hits from hitleap because someone tried to ban my adsense account because of fake traffic.
I would like to block this traffic and show a blank page to each one who comes from hitleap.
in my analytics, I can see “hitleap” source and “/traffic-exchange”
I know about $_SERVER[‘HTTP_REFER’] but how I can check with it if the user comes from hitleap? what I should equal it to?
I use .htaccess for this as it works on every page of your site without having to put the code on each page with php.
RewriteEngine on
RewriteCond %{HTTP_REFERER} hitleap.com [NC]
RewriteRule .* - [F]
If you have access to the server (i.e. not a shared web hosting account), do not block it through the .htaccess layer. Instead use the firewall to block these requests, since that will drop them before it even reach apache and start using resources.
Instead use the firewall to block these requests, since that will drop them before it even reach apache and start using resources.
That is interesting; I have access to my server firewall but I can only deny IP’s and not referrers. I suppose I need to get the IP for the referrer which may be a problem as I have quite a few referrers in my .htaccess file!
I see there is a “csf.blocklists” section and they are all commented out. I suppose I had better find a tutorial on how to configure the CSF firewall as from memory I tried to modify one of the lists a few years ago and it had no effect.
Sorry, my bad. Should have explained a little more.
On Linux I am not sure there is firewalls that allow you to block by referrer directly, so you need to do it through a process.
Easiest is by using mod_security and CSF firewall. Then just add a custom rule for the referrer’s you want to block, together with a threshold (how many times they need to hit within X time before they are ip blocked). Then if the threshold is reached, the user will automatically get IP banned.
You could also do this through .htaccess, but I would avoid using .htaccess as much as possible since it is loaded on each request.
If your running Nginx there is also a own module for this ngx_http_referer_module, but just as with .htaccess it’s a little more tricky to use if you want to ban the IP’s so they don’t hit the web server on continuing requests.
Edit:
Please note, that when you block by referrers you can end up blocking valid visitors as well, so you should have a routine where affected IP’s are flushed from the IP tables after a period of time, unless they are repetitive offenders.