I hate getting referrer spam. While I know that referrer spam is a fact of life for anybody hosting a website, I hate seeing my logs filled with crap. Being proactive about this log-jacking is hard, but I like doing something about it anyway.
Apache
The great firewall against China
Just as I finished writing about a new age of comment and trackback openness I checked my IPTables logs and am greeted by a nice surprise from an IP address from ChinaNet. My system received about a thousand connection attempts to ports between 1024 and 2048. Mind you, these are ports no external system has any business accessing. Nevermind that nobody in China is authorized to access my system.
Since ChinaNet seems to be more amenable to allowing anyone to use their network for mischief I don't see why they deserve access to my site.
Here are the relevant IPTables directives:
# CHINANET #
-A INPUT -m iprange --src-range 218.13.0.0-218.18.255.255 -i eth0 -p tcp -m tcp -j DROP
-A INPUT -m iprange --src-range 220.181.0.0-220.181.255.255 -i eth0 -p tcp -m tcp -j DROP
