Using mod rewrite to stop attempted spam on the emailpage module

An article from ComputerMinds - Building with Drupal in the UK since 2005
28th Feb 2007

Mike Dixon

Senior Mind
Hey, you seem to look at this article a lot! Why not Bookmark this article so you can find it easily in the future?

We inherited a site that was running a very old (probably un patched) version of Drupal 4.6. The site was getting a massive number of hits to the URL /emailpage - at least 20 a minute, even when there was no other traffic on the site.

This looked suspiciously like a mail header injection problem. Even though the server was not currently sending out any spam we figured that at some point in the past the emailpage module was running un secure, and the site got itself onto someone's spambot list :(.

So what to do. Well first things first, we rapidly upgraded the site to a shiny new Drupal 5 installation. This 'solved' one problem in that there is no emailpage module available yet so no worries about potential spam! But the site is still on the spambot lists, and we are still getting a bunch of hits to the URL /emailpage ... not only does this clutter the logs, but it is also making the server work much harder than it needs to, for each one of those page not found errors in the watchdog Drupal has to be bootstrapped and DB queries made.

To get round the problem we wrote a simple little modrewrite rule and placed it in the .htaccess file - you can see the rule below


# Rewrite the nasty hits to the emailpage
RewriteRule ^emailpage / [F]

Published in

Hi, thanks for reading

ComputerMinds are the UK’s Drupal specialists with offices in Bristol and Coventry. We offer a range of Drupal services including Consultancy, Development, Training and Support. Whatever your Drupal problem, we can help.