Is there any way to do what you suggested (removing the referer) via configuration? The only way I was able to do it was to literally comment out the
<s:backLinks snip="${snip}" count="15"/ />
tag in /snip.jsp.
I too was having my server pounded by a bot who manipulated the referer header to point to what presumably are random porn links (all on xtgp.org).
I would see this as a huge security issue. Any chance this could become a bug/issue in jira?
Note: I was able to squelch this particular spammer two ways:
- I use Apache as a proxy to Tomcat5 (running snipsnap-war) and used mod_rewrite to redirect this stupid spammer's traffic back at himself. I followed the instructions on
this tutorial. So far, so good.
- I modified /snip.jsp to replace the
<s:backLinks snip="${snip}" count="15"//><%--<s:backLinks .../>--%>referer disabled
So annoying! What's worse is, right now this spammer doesn't really crawl ths site for sub-snips… he just hits /space/start. It will get particularly nasty when he updates his script to recursively hit all snips.
Hope my meager solution helps. I don't know what to suggest if you're not using Apache as a proxy.
-Scott
Spam
Powered by SnipSnap 1.0b3-uttoxeter 
