October 13, 2002
Spamming through referrer logs

I'm sure I'm not alone in the practice of checking my referrer logs to see where most of my visitors come from.

This morning, I found an odd one..


216.123.202.196 - - [13/Oct/2002:03:58:47 -0700] "GET http://www.unix-girl.com/blog/ HTTP/1.1" 200 114362
"http://avs.raverpussies.com/members/absolutesex/d114d45d/Jack-Lisa0083.html" "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)"

There were eight of these entries all referring back to what looks like randomly generated string within the 'raverpussies.com' site and all requesting just my /blog/ directory (the most popular page on my site).

Being the paranoid conspiracy theorist that I am, I thought this odd at the very least.. so armed with my trusted lynx (very carefully and wearing rubber gloves) I opened the said website.. As suspected, it's just another porno site with zero relevance to my page (other than I'm a female and am equipped with the same type of body parts that are apparently splayed all over the pages there). I would strongly suggest nobody visit them unless they want endless pop-ups and a high-jacked browser..

The obvious conclusion.. I've been spammed through my referrer log! A google search unearthed this kuro5hin article from May 2001 on this very topic.

It certainly looks like this slimy practice isn't new at all.. just new to me. With the relatively new custom of displaying the recent referrers on the front page of many blogs I can see this quickly growing in popularity.. After all.. it's an easy way to get yourself linked from pages that are guaranteed to have multiple daily visitors.

Excuse me, I now have to go sanitize my logs. Pass the lysol.

Posted October 13, 2002 09:49 AM in Spam sucks
TrackBack URL for this entry: http://www.unix-girl.com/mt/mt-tb.cgi/223
Comments
On October 13, 2002 11:45 AM l.m.orchard added:

Yeah, I started getting spam via my referrers awhile back. Seemed pretty simple to block for now though: My scripts check the referring page to be sure it contains the link to which my log claims it refers. I would think that spammers would have to embed links to every site they spam in order to get past this quick check.

Otherwise my site would be overwhelmed by searches for those nekkid Tiffany pics from awhile back, because I think many moons ago I may have said something about them. I now get at least 100 hits a day looking for them.

#
On October 13, 2002 10:25 PM Gavin added:

I've been spammed twice by:
http://fantomaster.com/faregister.html

I also have (since August):
15 requests for formmail.(pl|cgi)
75 requests for default.ida
150 requests for cmd.exe

It's always interesting poking though access logs :)

The thing that more interests me however is the two or three people a day who find out that 'anonymous' can't log in to my ftp server...

#
On October 15, 2002 03:05 AM Stewart Vardaman added:

I've been seeing fake google searches lately. That's just plain weird...

#
Trackbacks
inluminent/weblog:Spamming the referrer logs
Kasia wrote about her recent awareness of someone spamming her referrer logs. I've seen the same thing here on inluminent,
(read more)
October 13, 2002 04:41 PM
kasia in a nutshell:Referrer spamming service
Not going to link to the page, I refuse to provide them more traffic.. I hate advertising enough as it
(read more)
October 25, 2002 11:27 AM
gessaman.com:Sounds like a Monty Python Sketch
It seems to be spam-day on the internet. Phil Ringnalda was hit by comment spam Two of the most eggregious
(read more)
October 28, 2002 08:28 PM
Highway4.org:Webalizer Stats Back Up
Tristan Louis has demonstrated that some judicious editing of the Webalizer configuration file can make a great tool even better.
(read more)
January 19, 2004 05:42 PM