Loading ...
Sorry, an error occurred while loading the content.

referrer spamming

Expand Messages
  • Landon Noll
    Are your referrer logs being spammed? Ours were. We have experienced an attempt by 69.50.191.130 to spam our webalizer referrer list. They were doing a GET
    Message 1 of 2 , Jul 31, 2004
    View Source
    • 0 Attachment
      Are your referrer logs being spammed? Ours were.

      We have experienced an attempt by 69.50.191.130 to spam
      our webalizer referrer list. They were doing a GET of
      an HTML file on a semi-periodic basis with a collection
      of URL referrers that were related to pron and other
      stuff they were promoting on the Internet.

      None of these referrer sites had any links to our web page.
      When 69.50.191.130 accessed our web page, they only did
      a GET of that URL. They never downloaded any of the icons
      or images referenced by it. The URL was a static page that
      has not changed in nearly a year. The only activity that
      69.50.191.130 was to just GET this one URL with various
      referrer values at various semi-regular times of the day
      and night. It was most certainly not a user's web browser,
      but rather some referrer spamming robot.

      We complained to the ISP. The referrer spammers kept it
      up even after the ISP asked them to top. The ISP eventually
      blocked their IP addresses from accessing our IP range.

      Discussions with the ISP (and indirectly with the referrer
      spammers) seemed to suggest that the spammers wanted to
      create links to their porn site. Perhaps the spammers
      thought that this would improve traffic and/or search
      engine placement? Whatever the reason, we decided to deny
      them the joy of seeing their spamed referrers inside
      A tags on our site in our webalizer logs.

      The 0.basic.patch patch changes referrer A record tags into
      plain text (and removes the leading http://) to prevent the
      referrer spamm A tag links back to their sites.

      This patch was mentioned in a previous posting:

      http://groups.yahoo.com/group/webalizer/message/2850

      and is found, another with some other recommended patches under:

      http://www.isthe.com/chongo/src/webalizer-patch/

      chongo (Landon Curt Noll) /\oo/\
    • waldo kitty
      ... i ve seen many referrer spams in my logs, yes... [discussion trimmed] ... seems to me that the easiest thing to do is to /NOT/ allow your log analysis to
      Message 2 of 2 , Aug 1, 2004
      View Source
      • 0 Attachment
        Landon Noll wrote:
        > Are your referrer logs being spammed? Ours were.

        i've seen many referrer spams in my logs, yes...

        [discussion trimmed]

        > Discussions with the ISP (and indirectly with the referrer
        > spammers) seemed to suggest that the spammers wanted to
        > create links to their porn site. Perhaps the spammers
        > thought that this would improve traffic and/or search
        > engine placement? Whatever the reason, we decided to deny
        > them the joy of seeing their spamed referrers inside
        > A tags on our site in our webalizer logs.
        >
        > The 0.basic.patch patch changes referrer A record tags into
        > plain text (and removes the leading http://) to prevent the
        > referrer spamm A tag links back to their sites.

        seems to me that the easiest thing to do is to /NOT/ allow your log analysis to be viewed over the internet... there are several
        ways of accomplishing that... the main one being to use the web servers authentication capabilities... that'll keep the bots,
        spiders and rogues out unless they crack the access names and passwords ;)

        works for me and has for many years O;-)

        --
        _\/
        (@@) Waldo Kitty, Waldo's Place USA
        __ooO_( )_Ooo_____________________ telnet://bbs.wpusa.dynip.com
        _|_____|_____|_____|_____|_____|_____ http://www.wpusa.dynip.com
        ____|_____|_____|_____|_____|_____|_____ ftp://ftp.wpusa.dynip.com
        _|_Eat_SPAM_to_email_me!_YUM!__|_____|_____ wkitty42 -at- alltel.net
      Your message has been successfully submitted and would be delivered to recipients shortly.