So a few weeks ago I wrote up my solution to my persistent referer spam. I adapted a script I had that would parse out the loads of my web page that include a banned referer URL and add them to hosts.deny. The only problem with that – Apache doesn’t use hosts.deny. Doh! So while my idea was sound, it didn’t work. I had a false positive where I thought it did, but that turns out to just have been a breather on the part of the scumbags. So, with a very small bit of further adaptation, I now have that script writing out “Deny from” lines into my .htaccess file. This one will do the trick. I also set that on the cron job so that it will parse out whichever scumbags made it through in the last day right before the logs rotate. Man am I getting tired of this arms race.