January 13, 2011

spam spem spom spam

I saw a news post somewhere that talked about the fact that th quantity of email spam going around right now is waaaay down from its peak of a few years ago. They speculated that part of the reason was that some of the worst botnets used by spammers had been taken down.

I think the reason is that the spammers have switched to doing referer spam. Last couple of weeks I've been getting a hell of a lot of it on my server. Ordinarily when I get referer spam I add the IP (or its entire licensed block, if it's Ukraine or Russia) to my firewall block list.

But the recent ones use IPs from all over the world, and they never seem to use the same IP twice. I can only conclude that it's a botnet, likely one that just changed its business from email spam to SEO. Grumble.

"SEO" is the most godforsaken and contemptible TLA in the Internet language, if you ask me.

Posted by: Steven Den Beste in Site Stuff at 04:01 PM | Comments (5) | Add Comment
Post contains 171 words, total size 1 kb.

1 What's referer spam, if you don't mind me asking?

Posted by: Jaked at January 13, 2011 04:08 PM (zVv/5)

2 I've noticed that message board spam has gone up quite a bit - and that block lists indended for email filtering tend to protect message boards fairly well. So I suspect that the spammers are branching out to many different kinds of evil.

Posted by: renpytom at January 13, 2011 04:16 PM (SKrs1)

3

When a browser makes a request to an HTTP server for a page or file, it sends a string saying where it came from, which is called the "referer". Sometimes the string is empty, but when it isn't what it's supposed to say is what page the person was looking at when they clicked a link to do the HTTP "get".

There are ways in which that string can be spoofed. It isn't all that hard. Some people use those ways to make it so that the string is always empty, for a number of reasons I won't go into. Some tools make it so that the referer string is the same as the "get" string, again I won't talk about why.

And sometimes spammers put in the URL they're trying to pimp. That's because some sites have their referer logs publicly available, raw or processed, in one of several ways, and they hope that the Googlebot will pick it up from there. That's called "referer spam", and it's really obnoxious. (Well, all spam is obnoxious.)

Posted by: Steven Den Beste at January 13, 2011 04:25 PM (+rSRq)

4 I started getting a lot of referrer spam about a month ago, so I installed one of the plugins for wordpress that lets you ban IP addresses and subnets.
Any comment spam that when I go through the list with the same IP more than once I'll add to the ban list.
Since then, I've gotten over 4500 hits from banned IP addresses.  So it's definitely bot spam, since it just keeps trying.

Posted by: ChadAmberg at January 14, 2011 08:19 AM (xcgZX)

5 I started getting massive amounts of referrer spam about two months ago, but it was really strange.  It was some sort of search engine that was sending all the spam... and it seems to have cleared up in the past few weeks without any real action on my part.  Comment spam, on the other hand, has been driving me nuts lately (which is silly, since most blogging software uses the  'nofollow' attribute by default, meaning that spammers get no gain from comment spam - though I guess it doesn't cost anything for them either).

Posted by: Mark at January 14, 2011 08:51 AM (aUPJJ)

Hide Comments | Add Comment

Enclose all spoilers in spoiler tags:
      [spoiler]your spoiler here[/spoiler]
Spoilers which are not properly tagged will be ruthlessly deleted on sight.
Also, I hate unsolicited suggestions and advice. (Even when you think you're being funny.)

At Chizumatic, we take pride in being incomplete, incorrect, inconsistent, and unfair. We do all of them deliberately.

How to put links in your comment

Comments are disabled. Post is locked.
8kb generated in CPU 0.0321, elapsed 0.0371 seconds.
20 queries taking 0.0236 seconds, 22 records returned.
Powered by Minx 1.1.6c-pink.