This is my first time posting but I do lurk in the background, listening in on all of your valuable wisdom! :-)
I am having troubles with thousands of spam requests (possible hack attempts) to my server. My question is; How can I block all requests, with the only exception being that a referrer may request any resource, just-as-long as they first request my login page? Basically I would like to block all inbound requests, but allow unfettered requests from any IP which 1st accesses my login page. Furthermore, is this a good approach towards keeping spam bots away? My logic comes from looking at my access logs, and noticing that the "perps" are unwittingly, not attempting to access my login page. The site is personal and will not see a lot of traffic besides myself, and those I personally share the link with; So I think my logic makes sense!
