Loading ...
Sorry, an error occurred while loading the content.

Referral spam: blond-milk-toys-schoolgirls-bondage-voyeurs.analbondageplay.com

Expand Messages
  • Steve Hooker
    Referral spam getting you down ? It was me
    Message 1 of 13 , Oct 7, 2004
    View Source
    • 0 Attachment
      Referral spam getting you down
      <http://scobleizer.manilasites.com/stats/referers>? It was me
      <http://www.google.com/search?num=100&hl=ru&q=%22rape.yytyt.%2Bcom%22&lr=>.
      Here's my fix, which seems to be working
      <http://www.blogfootball.com/service/stats/referers>. (It'll take 24
      hours before a change is noticeable.)
      It's placed at config.mainresponder.callbacks.controlAccess.pornSpam
      Download it here
      <http://www.cyberSaps.org/gems/controlAccess.pornSpam.ftsc>.
      If anybody can help with this idea, e.g. making a shared root/resource
      amongst Manila server dudes? Or any other optimisations?

      It's still a bit rough, for example, I was blocking out google searches
      for "simpsons porn."
      No, I don't know either, but I wanted to start a dialogue with others on
      this icky subject.


      [Non-text portions of this message have been removed]
    • Patrick Ritchie
      Hmmm... Thia is one way to block referrer Spam. But you could end up blocking a lot of legitimate referres. For example your code would match: grape and
      Message 2 of 13 , Oct 7, 2004
      View Source
      • 0 Attachment
        Hmmm... Thia is one way to block referrer Spam. But you could end up
        blocking a lot of legitimate referres.

        For example your code would match: "grape" and "sussex"... now there
        may very well be nefarious individuals who like grapes or live on
        sussex street but I don't think we want to block their IPs from
        sending referrers.

        Even if once you apply better pattern matching against this problem it
        is a never ending battle of you against them, and I hate to say it but
        the spammers have way more resources.

        A better solution may be to place your referrer page on a private
        site, that way the spammers probably won't even pick up it's
        existence. And if they spam it anyway at least it's hidden away from
        the spiders AND the public...

        Block lists will inevitably block legal referrers, not as bad as
        blocking legal email but still not the desired solution.

        If you must maintain a block list another way to do it would be to
        have a checkbox next to each referrer and a button at the bottom
        saying 'block ip'. You'll have to check it daily, but at least you
        know you are blocking the bad guys.

        --- In manila-dev@yahoogroups.com, Steve Hooker <steve@c...> wrote:
        > Referral spam getting you down
        > <http://scobleizer.manilasites.com/stats/referers>? It was me
        >
        <http://www.google.com/search?num=100&hl=ru&q=%22rape.yytyt.%2Bcom%22&lr=>.

        > Here's my fix, which seems to be working
        > <http://www.blogfootball.com/service/stats/referers>. (It'll take 24
        > hours before a change is noticeable.)
        > It's placed at config.mainresponder.callbacks.controlAccess.pornSpam
        > Download it here
        > <http://www.cyberSaps.org/gems/controlAccess.pornSpam.ftsc>.
        > If anybody can help with this idea, e.g. making a shared root/resource
        > amongst Manila server dudes? Or any other optimisations?
        >
        > It's still a bit rough, for example, I was blocking out google searches
        > for "simpsons porn."
        > No, I don't know either, but I wanted to start a dialogue with
        others on
        > this icky subject.
        >
        >
        > [Non-text portions of this message have been removed]
      • Steve Hooker
        Nice one about the Sussex. I ll do .sex. Pretty sure that will get all of them. I m looking at the number I ve caught this last 24 hours = 37. I ve cut my
        Message 3 of 13 , Oct 7, 2004
        View Source
        • 0 Attachment
          Nice one about the Sussex. I'll do ".sex." Pretty sure that will get all
          of them. I'm looking at the number I've caught this last 24 hours = 37.
          I've cut my bad referral crap right out of all sites on my servers. 7
          domains are responsible for 100% of the dumb stuff. I've caught 30 "sort
          of innocent" web searches, out of 40,000 hits in the last 24 hours. I'll
          keep my eye on it :-)

          No where to hide, they hit all of your site, if you look in the logs. I
          don't want to hide the referers from M.E.s nor any one else. So, my
          people are happy, once more the referers are useful, presentable.

          I'll get less good guys, as I make the script better, and checking the
          flies caught in my pot. Releasing some and learning. Several of the 30
          casualties were for "Simpson porn" in any case.
          I really don't mind taking out a few civilians, in this referral war.
          Especially, if I can put them back later.
          Just wondered if anybody was interested in doing the same?

          Or, should I shut my mouth, lest the cat gets out of the bag, and they
          catch up with me. Better to duck and cover and be a low common
          denominator? :-)


          Patrick Ritchie wrote:

          >Hmmm... Thia is one way to block referrer Spam. But you could end up
          >blocking a lot of legitimate referres.
          >
          >For example your code would match: "grape" and "sussex"... now there
          >may very well be nefarious individuals who like grapes or live on
          >sussex street but I don't think we want to block their IPs from
          >sending referrers.
          >
          >Even if once you apply better pattern matching against this problem it
          >is a never ending battle of you against them, and I hate to say it but
          >the spammers have way more resources.
          >
          >A better solution may be to place your referrer page on a private
          >site, that way the spammers probably won't even pick up it's
          >existence. And if they spam it anyway at least it's hidden away from
          >the spiders AND the public...
          >
          >Block lists will inevitably block legal referrers, not as bad as
          >blocking legal email but still not the desired solution.
          >
          >If you must maintain a block list another way to do it would be to
          >have a checkbox next to each referrer and a button at the bottom
          >saying 'block ip'. You'll have to check it daily, but at least you
          >know you are blocking the bad guys.
          >
          >--- In manila-dev@yahoogroups.com, Steve Hooker <steve@c...> wrote:
          >
          >
          >>Referral spam getting you down
          >><http://scobleizer.manilasites.com/stats/referers>? It was me
          >>
          >>
          >>
          ><http://www.google.com/search?num=100&hl=ru&q=%22rape.yytyt.%2Bcom%22&lr=>.
          >
          >
          >
          >>Here's my fix, which seems to be working
          >><http://www.blogfootball.com/service/stats/referers>. (It'll take 24
          >>hours before a change is noticeable.)
          >>It's placed at config.mainresponder.callbacks.controlAccess.pornSpam
          >>Download it here
          >><http://www.cyberSaps.org/gems/controlAccess.pornSpam.ftsc>.
          >>If anybody can help with this idea, e.g. making a shared root/resource
          >>amongst Manila server dudes? Or any other optimisations?
          >>
          >>It's still a bit rough, for example, I was blocking out google searches
          >>for "simpsons porn."
          >>No, I don't know either, but I wanted to start a dialogue with
          >>
          >>
          >others on
          >
          >
          >>this icky subject.
          >>



          [Non-text portions of this message have been removed]
        • Steve Hooker
          303 flies in my pot this morning. 15 not so innocent bystanders. And some that made it through to my referers. Thing like:
          Message 4 of 13 , Oct 8, 2004
          View Source
          • 0 Attachment
            303 flies in my pot this morning. 15 "not so innocent" bystanders. And
            some that made it through to my referers. Thing like:
            animals-shirts-cat-dog-t-shirts-hawaiian-shirt.us and capitalraiser.com
            have broken through.

            Looking at the nearly 300 bad IPs, my guess is that, though they use
            many different IPs, there's only a handful of companies doing this.
            Isn't anybody else working on solutions for this?

            Steve Hooker wrote:

            >Nice one about the Sussex. I'll do ".sex." Pretty sure that will get all
            >of them. I'm looking at the number I've caught this last 24 hours = 37.
            >I've cut my bad referral crap right out of all sites on my servers. 7
            >domains are responsible for 100% of the dumb stuff. I've caught 30 "sort
            >of innocent" web searches, out of 40,000 hits in the last 24 hours. I'll
            >keep my eye on it :-)
            >
            >No where to hide, they hit all of your site, if you look in the logs. I
            >don't want to hide the referers from M.E.s nor any one else. So, my
            >people are happy, once more the referers are useful, presentable.
            >
            >I'll get less good guys, as I make the script better, and checking the
            >flies caught in my pot. Releasing some and learning. Several of the 30
            >casualties were for "Simpson porn" in any case.
            >I really don't mind taking out a few civilians, in this referral war.
            >Especially, if I can put them back later.
            >Just wondered if anybody was interested in doing the same?
            >
            >Or, should I shut my mouth, lest the cat gets out of the bag, and they
            >catch up with me. Better to duck and cover and be a low common
            >denominator? :-)
            >
            >
            >Patrick Ritchie wrote:
            >
            >
            >
            >>Hmmm... Thia is one way to block referrer Spam. But you could end up
            >>blocking a lot of legitimate referres.
            >>
            >>For example your code would match: "grape" and "sussex"... now there
            >>may very well be nefarious individuals who like grapes or live on
            >>sussex street but I don't think we want to block their IPs from
            >>sending referrers.
            >>
            >>Even if once you apply better pattern matching against this problem it
            >>is a never ending battle of you against them, and I hate to say it but
            >>the spammers have way more resources.
            >>
            >>A better solution may be to place your referrer page on a private
            >>site, that way the spammers probably won't even pick up it's
            >>existence. And if they spam it anyway at least it's hidden away from
            >>the spiders AND the public...
            >>
            >>Block lists will inevitably block legal referrers, not as bad as
            >>blocking legal email but still not the desired solution.
            >>
            >>If you must maintain a block list another way to do it would be to
            >>have a checkbox next to each referrer and a button at the bottom
            >>saying 'block ip'. You'll have to check it daily, but at least you
            >>know you are blocking the bad guys.
            >>
            >>--- In manila-dev@yahoogroups.com, Steve Hooker <steve@c...> wrote:
            >>
            >>
            >>
            >>
            >>>Referral spam getting you down
            >>><http://scobleizer.manilasites.com/stats/referers>? It was me
            >>>
            >>>
            >>>
            >>>
            >>>
            >><http://www.google.com/search?num=100&hl=ru&q=%22rape.yytyt.%2Bcom%22&lr=>.
            >>
            >>
            >>
            >>
            >>
            >>>Here's my fix, which seems to be working
            >>><http://www.blogfootball.com/service/stats/referers>. (It'll take 24
            >>>hours before a change is noticeable.)
            >>>It's placed at config.mainresponder.callbacks.controlAccess.pornSpam
            >>>Download it here
            >>><http://www.cyberSaps.org/gems/controlAccess.pornSpam.ftsc>.
            >>>If anybody can help with this idea, e.g. making a shared root/resource
            >>>amongst Manila server dudes? Or any other optimisations?
            >>>
            >>>It's still a bit rough, for example, I was blocking out google searches
            >>>for "simpsons porn."
            >>>No, I don't know either, but I wanted to start a dialogue with
            >>>
            >>>
            >>>
            >>>
            >>others on
            >>
            >>
            >>
            >>
            >>>this icky subject.
            >>>
            >>>
            >>>
            >
            >
            >
            >[Non-text portions of this message have been removed]
            >
            >
            >
            >
            >
            >Yahoo! Groups Links
            >
            >
            >
            >
            >
            >
            >
            >
            >
            >


            --
            Steve Hooker
            http://www.cybersaps.org
            In UK: 0800 849 6413
            Out UK: +44 (0) 952 271 671
            Mobile: +44 (0) 7903 940 427



            [Non-text portions of this message have been removed]
          • Patrick Ritchie
            I think you will have the most success if you investigate email spam filtering. You could probably apply some of the same filtering methods directly to your
            Message 5 of 13 , Oct 8, 2004
            View Source
            • 0 Attachment
              I think you will have the most success if you investigate email spam
              filtering. You could probably apply some of the same filtering methods
              directly to your referrer list. I expect a combination of manual
              flagging and bayesian filtering would be reasonably successful.

              Cheers!
              Pat

              --- In manila-dev@yahoogroups.com, Steve Hooker <steve@c...> wrote:
              > 303 flies in my pot this morning. 15 "not so innocent" bystanders. And
              > some that made it through to my referers. Thing like:
              > animals-shirts-cat-dog-t-shirts-hawaiian-shirt.us and capitalraiser.com
              > have broken through.
              >
              > Looking at the nearly 300 bad IPs, my guess is that, though they use
              > many different IPs, there's only a handful of companies doing this.
              > Isn't anybody else working on solutions for this?
              >
              > Steve Hooker wrote:
              >
              > >Nice one about the Sussex. I'll do ".sex." Pretty sure that will
              get all
              > >of them. I'm looking at the number I've caught this last 24 hours =
              37.
              > >I've cut my bad referral crap right out of all sites on my servers. 7
              > >domains are responsible for 100% of the dumb stuff. I've caught 30
              "sort
              > >of innocent" web searches, out of 40,000 hits in the last 24 hours.
              I'll
              > >keep my eye on it :-)
              > >
              > >No where to hide, they hit all of your site, if you look in the
              logs. I
              > >don't want to hide the referers from M.E.s nor any one else. So, my
              > >people are happy, once more the referers are useful, presentable.
              > >
              > >I'll get less good guys, as I make the script better, and checking the
              > >flies caught in my pot. Releasing some and learning. Several of the 30
              > >casualties were for "Simpson porn" in any case.
              > >I really don't mind taking out a few civilians, in this referral war.
              > >Especially, if I can put them back later.
              > >Just wondered if anybody was interested in doing the same?
              > >
              > >Or, should I shut my mouth, lest the cat gets out of the bag, and they
              > >catch up with me. Better to duck and cover and be a low common
              > >denominator? :-)
              > >
              > >
              > >Patrick Ritchie wrote:
              > >
              > >
              > >
              > >>Hmmm... Thia is one way to block referrer Spam. But you could end up
              > >>blocking a lot of legitimate referres.
              > >>
              > >>For example your code would match: "grape" and "sussex"... now there
              > >>may very well be nefarious individuals who like grapes or live on
              > >>sussex street but I don't think we want to block their IPs from
              > >>sending referrers.
              > >>
              > >>Even if once you apply better pattern matching against this problem it
              > >>is a never ending battle of you against them, and I hate to say it but
              > >>the spammers have way more resources.
              > >>
              > >>A better solution may be to place your referrer page on a private
              > >>site, that way the spammers probably won't even pick up it's
              > >>existence. And if they spam it anyway at least it's hidden away from
              > >>the spiders AND the public...
              > >>
              > >>Block lists will inevitably block legal referrers, not as bad as
              > >>blocking legal email but still not the desired solution.
              > >>
              > >>If you must maintain a block list another way to do it would be to
              > >>have a checkbox next to each referrer and a button at the bottom
              > >>saying 'block ip'. You'll have to check it daily, but at least you
              > >>know you are blocking the bad guys.
              > >>
              > >>--- In manila-dev@yahoogroups.com, Steve Hooker <steve@c...> wrote:
              > >>
              > >>
              > >>
              > >>
              > >>>Referral spam getting you down
              > >>><http://scobleizer.manilasites.com/stats/referers>? It was me
              > >>>
              > >>>
              > >>>
              > >>>
              > >>>
              >
              >><http://www.google.com/search?num=100&hl=ru&q=%22rape.yytyt.%2Bcom%22&lr=>.
              > >>
              > >>
              > >>
              > >>
              > >>
              > >>>Here's my fix, which seems to be working
              > >>><http://www.blogfootball.com/service/stats/referers>. (It'll take 24
              > >>>hours before a change is noticeable.)
              > >>>It's placed at config.mainresponder.callbacks.controlAccess.pornSpam
              > >>>Download it here
              > >>><http://www.cyberSaps.org/gems/controlAccess.pornSpam.ftsc>.
              > >>>If anybody can help with this idea, e.g. making a shared
              root/resource
              > >>>amongst Manila server dudes? Or any other optimisations?
              > >>>
              > >>>It's still a bit rough, for example, I was blocking out google
              searches
              > >>>for "simpsons porn."
              > >>>No, I don't know either, but I wanted to start a dialogue with
              > >>>
              > >>>
              > >>>
              > >>>
              > >>others on
              > >>
              > >>
              > >>
              > >>
              > >>>this icky subject.
              > >>>
              > >>>
              > >>>
              > >
              > >
              > >
              > >[Non-text portions of this message have been removed]
              > >
              > >
              > >
              > >
              > >
              > >Yahoo! Groups Links
              > >
              > >
              > >
              > >
              > >
              > >
              > >
              > >
              > >
              > >
              >
              >
              > --
              > Steve Hooker
              > http://www.cybersaps.org
              > In UK: 0800 849 6413
              > Out UK: +44 (0) 952 271 671
              > Mobile: +44 (0) 7903 940 427
              >
              >
              >
              > [Non-text portions of this message have been removed]
            • Thomas A. Creedon
              ... I ve been tinkering with a dns black list, called Manila Referrer Spam Black List. Please see This is experimental.
              Message 6 of 13 , Oct 9, 2004
              View Source
              • 0 Attachment
                --- In manila-dev@yahoogroups.com, Steve Hooker <steve@c...> wrote:

                > Isn't anybody else working on solutions for this?

                I've been tinkering with a dns black list, called Manila Referrer Spam
                Black List. Please see < http://mrsbl.edithere.com/ > This is
                experimental. Anyone who is interested is welcome to try and use the
                MRSBL and contribute
                IP addresses.

                Toodle-loooooooo..........
                Thomas

                editHere.com < http://www.editHere.com/ > website hosting service.
                Websites as easy as see it, edit it, save it! (sm)
              • Steve Hooker
                Nice Thomas, I ll look into what you have, hopefully, it ll help, and I can contribute. I ve 550 IPs now in my honey pot. Some less rude ones are slipping
                Message 7 of 13 , Oct 10, 2004
                View Source
                • 0 Attachment
                  Nice Thomas, I'll look into what you have, hopefully, it'll help, and I
                  can contribute. I've 550 IPs now in my honey pot. Some less rude ones
                  are slipping through. Bet these less rude ones are from one referral
                  spammer, who only referral spams for 'nice' companies ;-)

                  >>Isn't anybody else working on solutions for this?
                  >>
                  >>
                  >
                  >I've been tinkering with a dns black list, called Manila Referrer Spam
                  >Black List. Please see < http://mrsbl.edithere.com/ > This is
                  >experimental. Anyone who is interested is welcome to try and use the
                  >MRSBL and contribute
                  >IP addresses.
                  >



                  [Non-text portions of this message have been removed]
                • Thomas A. Creedon
                  ... and I ... Hey Steve and others, If you need to add more than one IP at a time check the URL . At the end of
                  Message 8 of 13 , Oct 10, 2004
                  View Source
                  • 0 Attachment
                    --- In manila-dev@yahoogroups.com, Steve Hooker <steve@c...> wrote:

                    > Nice Thomas, I'll look into what you have, hopefully, it'll help,
                    and I
                    > can contribute. I've 550 IPs now in my honey pot.

                    Hey Steve and others,

                    If you need to add more than one IP at a time check the URL <
                    http://mrsbl.editHere.com/#addIpAddress >. At the end of that section
                    is some code you can use in a script. Note: there is a built-in delay
                    in the addIp2 code so as to not hammer my systems. This delay may
                    change as I gauge performance of the sytems involved.

                    Toodle-loooooooo..........
                    Thomas

                    editHere.com < http://www.editHere.com/ > website hosting service.
                    Websites as easy as see it, edit it, save it! (sm)
                  • Thomas A. Creedon
                    I am taking a slightly different tack. Instead of trying to track the IP addresses of the machine depositing the referrer SPAM I m tracking the machines the
                    Message 9 of 13 , Oct 30, 2004
                    View Source
                    • 0 Attachment
                      I am taking a slightly different tack. Instead of trying to track the
                      IP addresses of the machine depositing the referrer SPAM I'm tracking
                      the machines the referrers point to.

                      Toodle-loooooooo..........
                      Thomas

                      editHere.com < http://www.editHere.com/ > website hosting service.
                      Websites as easy as see it, edit it, save it! (sm)
                    Your message has been successfully submitted and would be delivered to recipients shortly.