How to Stop Referrer Spam and Block Hackers Using Your htaccess File

1 Comment

Protect Your Analytics and Ranking By Blocking Harmful Traffic

You need to pay close attention to securing your hosting and website from referrer spam and hackers. This article discusses why you should take action, and how to use your htaccess file to block IP addresses. Blocking hackers and spammers is a key part of a website security plan.

Why You Should Block Certain IP Adresses

Referrer spam and hackers are enemies of internet marketing and most often go unnoticed. The typical website receives a lot of traffic that has no value, and often this traffic is a red flag to potential trouble. If your business gets customers from a specific area (city, state, country, etc.) traffic from areas beyond your target market is generally worthless.

Important exceptions you need to know. Before you start an aggressive initiative to block countries you need to consider the overall impact. If you use services which are based in other areas (Google Ads, analytics, etc.) you may inadvertently block the services you need. An example: Google is based in California but has offices around the world. The Google Ads group in India, if blocked, may test the destination link for your ads and find it does not work. They then disapprove your ad because of the destination link failure. In reality, the link does work just not for people in India. Honest mistake but your ads stop showing.

Hackers Harm Ranking and Domain Trust

Website hackers can make money when they hack into your website. Sometimes they have very malicious intent such as taking down your site or holding it hostage for ransom. Explaining the how and why of hacking is too involved for this article. This article addresses how to block them using an htaccess file.

How Do You Know if Hackers Are Attacking Your Website?

If you have a WordPress website you should install the WordFence plugin, and buy the premium license key. This is a fantastic plugin for notifying you of attempted hacking and providing you with the IP address. With the settings configured properly, it provides the first line of defense against hacking attempts. You can permanently block the IP using the plugin, or use the information provided to manually update your htaccess file. If you need assistance our website security experts can do this for you.

For older sites including HTML websites you need to have quality hosting. Many older websites are still hosted on old “legacy systems” that are a hackers dream. We clean a lot of websites every year that are riddled with malicious code. In a recent website cleanup, we found and removed 22 active scripts using 1,888 embedded porn links. This problem had devastated the rankings for the client company. Some companies, such as GoDaddy, scan servers and alert you to problems. Relying on this is a very passive approach to website security. Your best option is to migrate your website to better hosting.

Spammers Harm Your Ranking Potential

Website spammers will pollute your blog with comment spam. The spam comments almost always contain a link to affiliate marketing, porn sites, black-market pharmaceutical or shopping sites. You should remove the comments from your blog, and block the IP address of the spammer. Do not allow their comments (links) to be published on your blog. This will be viewed by search engines as spammy/ low-value outbound links on your website. It will cause your site to have a lower domain authority and page authority.

How to Block Comment Spammers Using IP Address

WordPress comments show the IP address of people who leave comments. To block comment spammers from your website, simply use this format, copy and paste their IP address into a new line on your htaccess file.

#Block Comment Spammers
Order Deny,Allow
Deny from
Deny from
Deny from
#End Block Comment Spammers

If you have a WordPress website another good way to block comment spammers is to use a strong custom comment blacklist. This is a list of words or terms that automatically block comments that use anything in your blacklist. We offer a FREE Download Custom Comment Backlist and can consult with you on how to implement this on your website.

Referrer Spam (Referral Spam) Fouls Analytics

What is referrer spam? Referrer spam is a form of spamdexing search engines. Per Wikipedia, “The technique involves making repeated web site requests using a fake referrer URL to the site the spammer wishes to advertise. Sites that publish their access logs, including referrer statistics, will then inadvertently link back to the spammer’s site. These links will be indexed by search engines as they crawl the access logs, improving the spammer’s search engine ranking. Except for polluting their statistics, the technique does not harm the affected sites.”

How to Filter and Block Referral Spam

Referrer Spam is a nuisance with negative effects that most website managers never consider.

1. Corrupting Analytics Data. Business people too often get hung up on “the amount of website traffic” without giving any thought to traffic sources. Referrer spam spikes overall traffic numbers which in-turn distorts percentages such as bounce-rates. There are ways to filter referral spam from your analytics but it does not solve the problem. A filter simply removes it from being reflected in the metrics.

2. Server Load. Every visit to your site consumes resources. Time on your site adds a “load” to your hosting server. As server resources are consumed there are slower load times, sometimes crippling a website. Slow load times contribute to higher bounce rates, lower conversions and harm rankings.

What Are Spam Referral Sites You Should Block?

You may encounter any number of referrer spam sites. Below we’ve listed some of the most common referrer spam sites to block. Add the following to your htaccess file to block them, and use the same format to add any others.

# Block Russian Referrer Spam
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*ilovevitaly\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*ilovevitaly.\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*ilovevitaly\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*ilovevitaly\.info/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*iloveitaly\.ru/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*econom\.co/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*savetubevideo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*kambasoft\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*buttons\-for\-website\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*semalt\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*darodar\.com/ [NC]
RewriteCond %{HTTP_REFERER} ^http://.*amazonaws\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*100dollars\-seo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*best\-seo\-solution\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*buttons\-for\-website\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*top1\-seo\-service\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*free\-share\-buttons\.com/ [NC]
RewriteCond %{HTTP_REFERER} ^http://.*site\-evaluation\.org/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*success\-seo\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*kambasoft\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*buttons\-for\-your\-website\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*uptime\.com/ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*rankings\-analytics\.com/ [NC,OR]
RewriteRule ^(.*)$ – [F,L]
#END Referrer Spam

Block Internet Registries

What are internet registries? Regional Internet Registries (RIRs) are nonprofit organizations that administer Internet Protocol (IP) address space in a specific region. You may often see them in your analytics, and their visits are of no commercial value. Add the following to your htaccess file to block them:

Deny from
Deny from
Deny from
Deny from
Deny from
#End RIR Block

Other Resources for Blocking

DISCLAIMER: Information provided here may need to be modified for your particular hosting platform. Modifying your htaccess file can cause problems with your website. Do not attempt to modify your htaccess file unless you understand what you are doing. If you modify your htaccess file and experience problems, you should remove any code you added and re-save your htaccess file to restore its previous format.

About us and this blog

We are a digital marketing company with a focus on helping our customers achieve great results across several key areas.

We offer professional SEO services that help websites increase their organic search score drastically in order to compete for the highest rankings even when it comes to highly competitive keywords.

More from our blog

See all posts