PHPackages dzeta/blacklist-alpha - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. dzeta/blacklist-alpha ActiveLibrary[Security](/categories/security) dzeta/blacklist-alpha ===================== List of referrer malicious sites ( spammers/malwares domains ), Blacklist emails and Blacklist IP 38VCL Since Feb 8Pushed 8y ago1 watchersCompare [ Source](https://github.com/DZetaDev/Blacklist-Alpha)[ Packagist](https://packagist.org/packages/dzeta/blacklist-alpha)[ RSS](/packages/dzeta-blacklist-alpha/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) [![Under Development](https://camo.githubusercontent.com/a23be762fb9412f7cd4aa77bdfee362fd9a46aad1485fe2f9d2f760af94fcb02/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f756e6465722d646576656c6f706d656e742d6f72616e67652e737667)](https://github.com/DZetaDev/Blacklist-Alpha) ![license](https://camo.githubusercontent.com/ee061e6c1798bd95fa104c910010a3119850b186c323a1c848b3abcb029dc764/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f6d6173686170652f6170697374617475732e7376673f6d61784167653d32353932303030) This is a community-contributed list of [referrer spammers](http://en.wikipedia.org/wiki/Referer_spam), Bad IPs and Bad e-mails maintained by [DZeta](https://dzeta.biz/) - WordPress Web Developer and Designer. - [Usage](#usage) - [PHP](#php) - [Apache](#apache) - [Nginx](#nginx) - [Varnish](#varnish) - [Contributing](#contributing) - [Subdomains](#subdomains) - [Sorting](#sorting) - [Disclaimer](#disclaimer) - [License](#license) Usage ----- [](#usage) The list is stored in this repository in: - Spammers Domains: `spammers_domains.txt` - Blacklist IPs: `blacklist_ips.txt` - Blacklist e-mails `blacklist_emails.txt` This texts files contains one host per line. You can download the [whole folder as zip](https://github.com/DZetaDev/Blacklist-Alpha/archive/master.zip) or clone the repository using git: ``` git clone https://github.com/DZetaDev/Blacklist-Alpha.git blacklist-alpha ``` ### PHP [](#php) If you are using PHP, you can also install the list through Composer: ``` composer require dzeta/blacklist-alpha "dev-master" ``` Parsing the file should be pretty easy using your favorite language. Beware that the file can contain empty lines. Here is an example using PHP: ``` $list_txt = file('spammers_domains.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); // Another alternative. $list_json = 'spammers_domains.json'; $file = file_get_contents($list_json); $spammers_domains = json_decode($file); // OR $domainsFile = 'spammers_domains.txt'; $fileList = fopen($domainsFile, 'r'); ``` ### Apache [](#apache) .htaccess is a configuration file for use on web servers running Apache. This file is usually found in the root "public\_html" folder of your website. The .htaccess file uses two modules to prevent referral spam, mod\_rewrite and mod\_setenvif. Decide which method is most suitable with your Apache server configuration. This file is **Apache 2.4** ready, where mod\_authz\_host got deprecated. ``` RewriteEngine On RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*0akley\.cc.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*1pamm\.ru.*$ [NC] ## [NC] On last domain. RewriteRule ^(.*)$ – [F,L] SetEnvIfNoCase Referer 0akley\.cc spambot=yes SetEnvIfNoCase Referer 1pamm\.ru spambot=yes # Apache 2.2 Order allow,deny Allow from all Deny from env=spambot # Apache 2.4 Require all granted Require not env spambot ``` ### Nginx [](#nginx) Nginx's `server` block can be configured to check the referer and return an error: ``` if ($http_referer ~ '0akley.cc') {return 403;} if ($http_referer ~ '1pamm.ru') {return 403;} ``` When combined, list exceeds the max length for a single regex expression, so hosts must be broken up as shown above. Here is a bash script to create an nginx conf file: ``` sort spammers_domains.txt | uniq | sed 's/\./\\\\./g' | while read host; do echo "if (\$http_referer ~ '$host') {return 403;}" >> /etc/nginx/referer_spam.conf done; ``` you would then `include /etc/nginx/referer_spam.conf;` inside your `server` block Now as a daily cron job so the list stays up to date: ``` 0 0 * * * cd /etc/nginx/blacklist-alpha/ && git pull > /dev/null && echo "" > /etc/nginx/referer_spam.conf && sort spammers_domains.txt | uniq | sed 's/\./\\\\\\\\./g' | while read host; do echo "if (\$http_referer ~ '$host') {return 403;}" >> /etc/nginx/referer_spam.conf; done; service nginx reload > /dev/null ``` Otherwise, you can use `referral_spam.conf` in `/etc/nginx`, include it globally from within `/etc/nginx/nginx.conf`: ``` http { include referral-spam.conf; } ``` Add the following to each `/etc/nginx/site-available/your-site.conf` that needs protection: ``` server { if ($bad_referer) { return 403; } } ``` ### Varnish [](#varnish) Add `referral_spam.vcl` to **Varnish 4** default file: `default.vcl` by adding the following code right underneath your default backend definitions ``` include "referral_spam.vcl"; sub vcl_recv { call block_referral_spam; } ``` Contributing ------------ [](#contributing) To add a new referrer spammer to the list, [click here to edit the spammers\_domains\_ext.txt file](https://github.com/DZetaDev/Blacklist-Alpha/edit/master/spammers_domains.txt) and create a pull request. Alternatively you can create a [new issue](https://github.com/DZetaDev/Blacklist-Alpha/issues/new). In your issue or pull request please **explain where the referrer domain appeared and why you think it is a spammer**. You are highly encouraged to open **one pull request per new domain**. To add a new referrer bad IP (Malware/Botnet/Spammer) to the list, [click here to edit the blacklist\_ips.txt file](https://github.com/DZetaDev/Blacklist-Alpha/edit/master/blacklist_ips.txt) and create a pull request. Alternatively you can create a [new issue](https://github.com/DZetaDev/Blacklist-Alpha/issues/new). In your issue or pull request please **explain where the referrer IP appeared and why you think it is a bad IP**. You are highly encouraged to open **one pull request per new IP**. To add a new referrer e-mail to the list, [click here to edit blacklist\_emails.txt file](https://github.com/DZetaDev/Blacklist-Alpha/edit/master/blacklist_emails.txt) and create a pull request. Alternatively you can create a [new issue](https://github.com/DZetaDev/Blacklist-Alpha/issues/new). In your issue or pull request please **explain where the referrer IP appeared and why you think it is a bad e-mail**. You are highly encouraged to open **one pull request per new e-mail**. If you open a pull request, it is appreciated if you keep one hostname per line, keep the list ordered alphabetically, and use [Linux line endings](http://en.wikipedia.org/wiki/Newline). Please [search](https://github.com/DZetaDev/Blacklist-Alpha/issues) if somebody already reported the host before opening a new one. Please read [CONTRIBUTING.md](CONTRIBUTING.md) for more details. ### Subdomains [](#subdomains) DZeta does sub-string matching on domain names from this list, so adding `semalt.com` is enough to block all subdomain referrers too, such as `semalt.semalt.com`. However, there are cases where you'd only want to add a subdomain but not the root domain. For example, add `referrerspammer.tumblr.com` but not `tumblr.com`, otherwise all `*.tumblr.com` sites would be affected. ### Sorting [](#sorting) To keep the list sorted the same way across forks it is recommended to let the computer do the sorting. The list follows the merge sort algorithm as implemented in [sort](https://en.wikipedia.org/wiki/Sort_(Unix)). You can use sort to both sort the list and filter out doubles: ``` sort -uf -o spammers_domains.txt spammers_domains.txt ``` Disclaimer ---------- [](#disclaimer) This list of Referrer spammers is contributed by the community and is provided as is. Use at your own discretion: it may be incomplete (although we aim to keep it up to date) and it may contain outdated entries. License ------- [](#license) Under the MIT license. > The MIT License (MIT) > Copyright (c) 2015 DZeta and other contributors. > Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: > The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. > THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ### Health Score 21 — LowBetter than 19% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity8 Limited adoption so far Community7 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/bd3aec1e90f4095d27a4dd7179f3a66c339cdc1ddc4e230abe7e14e3c627a513?d=identicon)[DZeta](/maintainers/DZeta) --- Top Contributors [![DZetaDev](https://avatars.githubusercontent.com/u/12938427?v=4)](https://github.com/DZetaDev "DZetaDev (34 commits)") --- Tags blacklistblacklist-ipsreferrerreferrer-spammersspammersspammers-domains ### Embed Badge ![Health badge](/badges/dzeta-blacklist-alpha/health.svg) ``` [![Health](https://phpackages.com/badges/dzeta-blacklist-alpha/health.svg)](https://phpackages.com/packages/dzeta-blacklist-alpha) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M212](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M112](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)