July 15, 2010
These days, when I see referer spam, three times out of four it's coming from the former east bloc. I don't think it's bots. I think it's people in the former Soviet bloc who are falling for some sort of get-rich-quick scheme where they think they'll make lots of money by helping with SEO for paying customers.
After a couple of cases where I blocked obnoxious IP's only to have them change to another IP in the same license, I've gotten in the habit of looking up the license and banning the whole damned thing, if it's Russia, Ukraine, and Poland. So here are a few that I have killed off:
83.4.0.0 - 83.11.255.255 Poland
79.191.0.0 - 79.191.255.255 Poland
95.79.64.0 - 95.79.95.255 Russia
94.255.112.0 - 94.255.127.255 Russia
91.135.144.0 - 91.135.159.255 Russia
109.111.184.0 - 109.111.191.255 Russia
77.244.212.0 - 77.244.213.255 Russia
213.155.28.240 - 213.155.28.247 Ukraine
And just today I banned 91.213.163.0 - 91.213.163.255 in Russia.
The reason I think these are all of a piece is that they have the same MO. They find one, just one, thing on my server, usually an old blog post, and send lots of obviously-bogus refers while accessing that single same file, over and over. Usually there's a burst of 5-10 of them, then a pause of maybe an hour, then another burst of 5-10 -- and none of them repeat. Every time it's a different referer.
Now it's true that if I kill off an entire block of IPs, then no one in that block can use my server even if they are legitimate. But how many legitimate readers do I have in Sevastapol, anyway? Or other places like that? Hard to believe there are many.
What's stupid about it all is that there are only a couple of web pages on my server where these refers can even be seen, and search bots don't know where they are. No one sees those refers except me.
Posted by: Steven Den Beste in Site Stuff at
04:59 PM
| Comments (3)
| Add Comment
Post contains 323 words, total size 2 kb.
Posted by: Siergen at July 15, 2010 05:43 PM (jMQcx)
In the extreme case, it uses (and from my point of view, wastes) bandwidth and server resources. An out-of-control referer spam bot can approach the level of a DOS attack.
It's also annoying. I look at my refers because I want to know when people link to me. If a significant percentage of the refers are bogus, it makes it harder to find the legitimate interesting ones.
And there's the principle of the thing. What they're doing is advertising. And they're making me pay for it by abusing my hospitality.
Posted by: Steven Den Beste at July 15, 2010 06:21 PM (+rSRq)
I have, on occasion, followed a couple of those links just to find out what they are. As often as not they're link farms, but nearly always they're very seedy. Sometimes they sell pharmaceuticals. Sometimes they peddle get rich quick schemes.
The guy today, I didn't follow any of his links. But I could tell they were seedy simply because so many of them are in bizarre nation codes, most of which I haven't seen before: ma ki tc ht
I know that ma is Moldova. The others I had to look up. Ki is Kiribati. I was wrong about ma; it's Morocco. tc is Turks and Caicos Islands. ht is Haiti.
So why, then, are they advertising car detailing services in Toronto and real estate agencies in Boston? Yeah, right.
Posted by: Steven Den Beste at July 15, 2010 06:39 PM (+rSRq)
Enclose all spoilers in spoiler tags:
[spoiler]your spoiler here[/spoiler]
Spoilers which are not properly tagged will be ruthlessly deleted on sight.
Also, I hate unsolicited suggestions and advice. (Even when you think you're being funny.)
At Chizumatic, we take pride in being incomplete, incorrect, inconsistent, and unfair. We do all of them deliberately.
How to put links in your comment
Comments are disabled. Post is locked.21 queries taking 0.0277 seconds, 20 records returned.
Powered by Minx 1.1.6c-pink.