Block Domains & Subdomains Using .htaccess
A large focus of my redesign was improving site speed, and in doing so, I took a look at my site's error_log for the first time in a long time. I was shocked when I found out that 90% of my site errors were either hacking attempts or hot-linked files from hundreds of different tumblr.com subdomains. Thousands upon thousands of PHP fatal errors due to lack of memory saw me seeing red pretty quick -- no wonder I was having periodical speed issues! Luckily this bit of .htaccess code allows me block all of those sites:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*tumblr\.com [NC]
RewriteRule .* - [F]
</IfModule>
These days I only see PHP notices in my error_log, and that makes me a very happy man. I've also noticed less SPAM commenting, so maybe Tumblr is used a SPAM hub too? Either way, blocking domains and subdomains did the trick for me!
![Create a CSS Flipping Animation]()
CSS animations are a lot of fun; the beauty of them is that through many simple properties, you can create anything from an elegant fade in to a WTF-Pixar-would-be-proud effect. One CSS effect somewhere in between is the CSS flip effect, whereby there's...
![CSS vs. JS Animation: Which is Faster?]()
How is it possible that JavaScript-based animation has secretly always been as fast — or faster — than CSS transitions? And, how is it possible that Adobe and Google consistently release media-rich mobile sites that rival the performance of native apps?
This article serves as a point-by-point...
![MooTools Gone Wild: Element Flashing]()
If you're like me and lay awake in bed at night, you've flipped on the TV and seen the commercials: misguided, attention-starved college girls fueled by alcohol ruining their futures by flashing lame camera-men on Spring Break. Why do they do it? Attention...
![Create Spinning Rays with CSS3 Animations & JavaScript]()
Thomas Fuchs, creator of script2 (scriptaculous' second iteration) and Zepto.js (mobile JavaScript framework), creates outstanding animated elements with JavaScript. He's a legend in his own right, and for good reason: his work has helped to inspire developers everywhere to drop Flash and opt...
There are 2 issues with your solution:
1) If a legit person linked to your blog from their Tumblr blog, people would see a Forbidden message. This is because you have your images under the same domain as the blog. Keeping them on the sub-domain would save your visitors from this.
2) Security – probably a minor issue, but when you get a Forbidden message from Apache, you also get a path to the content you were forbidden to access. And since you are using WordPress with caching, the message looks as follows:
Forbidden
You don't have permission to access /wp-content/w3tc/pgcache//block-domain/_index_search_engines.html_gzip on this server.
Apache/2.2.3 (CentOS) Server at davidwalsh.name Port 80
Thanks for sharing Shimon. Per your points:
1. If it’s only specific subdomains hurting you, listing them one by one would be best, I agree. In my case, I don’t care if legit Tumblr sites are linking to me. :)
2. I’ll look into the Forbidden issue — thanks!
Wow. blocking anyone comming from tumblr seems pretty extreme to me, you could at least add a RewriteCond to block only static content.
Seems like a lot of work, when this doesn’t even require mod_rewrite:
deny from .tumbler.com