Archives for: February 2004, 29

Sun, 29 February 2004

Permalink 09:25:59 pm

Referer Spam By Proxy - A New Type of Spam

I have to give it to the spammers, they're getting cleverer. Referer Spam started off nice and simple - the spam site spoofed the http referer when visiting your site so it would appear as a link in the 'recent refers' section of your site. Lots of links to a site = a high Google page rank and a higher placing in Google searches. Site owners soon got wise to this though, and after a quick check of the page the referer would be banned using a .htaccess file on the server, and the link deleted.

The spammers are now trying to make it harder to spot, by spoofing an http referer of an interim site which in turn links to the sites that the spammers are trying to raise the page rank of. Theoretically, if enough sites are linking to the interim site, it's page rank increases, which in turn raises the page rank of the target (links from highly ranked sites count for more).

Have a look at this site - *http://www.synapseiowa.com/ (* added to prevent a hyperlink). At first glance this isn't the type of site you would wish to block refering traffic from, a genuine site from a legitimate business. A genuine site apart from the 'Site Hosted' section in the bottom left corner which are links to porn sites. Now refresh your browser - the links are gone!! The first time you visit it writes a cookie, and on subsequent visits the links are not shown, so if you miss the links the first time you won't see them again. Googlebot doesn't store cookies so will always see the links.

Synapseiowa is by far the most sophisticated, but there are a number of others that have hit my logs in the last couple of weeks:

*http://www.skipme.com
*http://www.evesmith.com
*http://www.skipme.com
*http://www.jennyknicks.com
*http://www.princessnina.com
*http://www.tawnygirl.com
*http://www.veronicabee.com

all of these contain similar links to porn sites.

The question is, how have the spammers managed to hijack these interim sites? What seems to be happening is that the spammers are making of copies of sites on domains that are about to expire. As soon as they do, they register the domain themselves, and upload the copy. That way they have real looking sites that don't look like normal spam.

The moral of this is two-fold. Firstly, if you have a domain expiring soon and you don't intend to renew it, make sure you remove any old, out of date content. That way your site and name won't be associated with spam. Secondly, if you run a weblog, check your referers carefully so you aren't unwittingly helping the spammers.

<  February 2004  >
Mon Tue Wed Thu Fri Sat Sun
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29

UK Cloud Hosting
UK Cloud Hosting

Archives

Search

 

My Stuff

Other People's Stuff

Humour

Daily Reads

Politics

Technology

Other

Last Refering Searches

Syndicate XML

Contact

Please send your comments, complaints, legal threats or praise to this address

Privacy Policy

powered by
b2evolution