Website not blocked

  • Resolved nicolasdaudin

    (@nicolasdaudin)


    10 years, 9 months ago

    Hi

    I used the Advanced Blocking in Wordfence to block all people coming from referrer
    clictune.com/id=510819
    These are fake users probably used for referer spam.

    I blocked like this (I copied and paste from the WP screen)

    Current list of ranges and patterns you’ve blocked

    IP Range: Allow all IP addresses
    Browser Pattern: Allow all browsers
    Source website: Block visitors from websites that match the pattern: *510819

    IP Range: Allow all IP addresses
    Browser Pattern: Allow all browsers
    Source website: Block visitors from websites that match the pattern: 510819

    IP Range: Allow all IP addresses
    Browser Pattern: Allow all browsers
    Source website: Block visitors from websites that match the pattern: clictune.com/id=510819

    IP Range: Allow all IP addresses
    Browser Pattern: Allow all browsers
    Source website: Block visitors from websites that match the pattern: *clictune*

    But I still see the traffic (same pace than before, this means the plugin is not having any effect):

    16:20 Republic Of Korea Korea Telecom 1 action 10s clictune.com/id=510819
    16:15 Denizli, Turkey Turksat Uydu-net Internet 2 actions 11s clictune.com/id=510819
    16:12 Russian Federation Marosnet Telecommunication Company Llc 1 action 10s clictune.com/id=510819
    16:08 Krokstadelva, Norway Altibox As 1 action 10s clictune.com/id=510819
    16:00 Romania M247 Ltd 2 actions 25s clictune.com/id=510819
    15:59 Santiago, Chile Banda Ancha Gtd Manquehue 3 actions 26s clictune.com/id=510819

    Thanks in advance.

    Nicolas.

    https://ww.wp.xz.cn/plugins/wordfence/

Viewing 7 replies - 1 through 7 (of 7 total)
  • henryattg

    (@henryattg)

    10 years, 9 months ago

    Hi Nicolas,

    As you rightly identified, clictune is a spam referrer. I haven’t tried the plugin you suggested, but it’s possible to block it via htaccess.

    Copy and paste the below code in .htaccess

    RewriteEngine on
    #Options +FollowSymlinks
    RewriteCond %{HTTP_REFERER} clictune\.com [NC]
    RewriteRule .* – [F]

    Once done, go to clictune referral URL and try clicking your website link. Your website will throw 403 Forbidden error.

    Few resources related to this issue:
    http://www.htaccess-guide.com/deny-visitors-by-referrer/
    http://techglimpse.com/stop-deny-access-visitors-spam-referrel-website/
    http://blog.raventools.com/stop-referrer-spam/

    Hope it helps..

    henryattg

    (@henryattg)

    10 years, 9 months ago

    Hi Nicolas,

    As you rightly identified, clictune is a spam referrer. I haven’t tried the plugin you suggested, but it’s possible to block it via htaccess.

    Copy and paste the below code in .htaccess

    RewriteEngine on
    #Options +FollowSymlinks
    RewriteCond %{HTTP_REFERER} clictune\.com [NC]
    RewriteRule .* – [F]

    Once done, go to clictune referral URL and try clicking your website link. Your website will throw 403 Forbidden error.

    Few resources related to this issue:
    http://www.htaccess-guide.com/deny-visitors-by-referrer/
    http://techglimpse.com/stop-deny-access-visitors-spam-referrel-website/
    http://blog.raventools.com/stop-referrer-spam/

    Hope it helps..

    WFSupport

    (@wfsupport)

    10 years, 9 months ago

    The pattern you need to block should be expressed as
    *clictune.com*

    Try that and let me know.

    tim

    Thread Starter nicolasdaudin

    (@nicolasdaudin)

    10 years, 9 months ago

    Hi

    Thanks for your help

    Unfortunately this doesn’t work.

    I still see some traffic in my analytics coming from this url.

    Nicolas.

    Plugin Author WFMattR

    (@wfmattr)

    10 years, 9 months ago

    If you have Wordfence’s Live Traffic enabled on your site, do you see these visits on the Live Traffic page? It not, they may be hitting your analytics provider directly.

    There is a way that some bots are abusing Google Analytics (and possibly other analytics providres), to make referral spam show up in your analytics reports, and they can do it without even visiting your site. Some may take the Google Analytics ID from your site, while others may just be trying every possible number.

    There is a detailed explanation here, and some steps you can take within Google Analytics to prevent it:
    Google Analytics Referrer Spam

    Thread Starter nicolasdaudin

    (@nicolasdaudin)

    10 years, 9 months ago

    Hi

    Thanks a lot, i have read the link. It all makes sense and im gonna try.

    Im just curious about one thing. Most of those spammy hits actually have 2 visits per session, like if they were normal users. Is this possible with that kind of fake JS script?

    I use Clicky and GA so ill exclude these referrer from my data asap anyway.

    Tjanks again

    Plugin Author WFMattR

    (@wfmattr)

    10 years, 9 months ago

    Yes, it’s technically possible to have two visits shown — I’ve seen a few of these myself, but didn’t dig too much into the details of their pageviews since I had already read about how they work, and recognized one of the domains. I have seen at least 7 or 8 of them, so there may be a few different ways that they work.

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Website not blocked’ is closed to new replies.