referrer spam, 2006 style

Posted by joy


I’ve been seeing this piece of work in my log files recently…

1)Spammer is working around the fact that is “buy-cheap” site could be blocked, so that’s why he’s using the legitimate wizards.com site for the redirect.

2)Spammer is taking advantage of the fact that Wizards.com is allowing outside visitors to the leaving.asp page. In a perfect, logical world, the only visitors going to the leaving.asp page should be visitors who are originating from the wizards.com domain.

3)Check out the “Widows NT” user agent.

4)I thought that I have seen something not too long ago about this phenomena, but I can’t seem to find anything related to this tonight…

IP: 82.146.41.57
[a page on this blog]
Http Code: 200 Date: Apr 23 21:43:14 Http Version: HTTP/1.1 Size in Bytes: 0
Referer: http://www.wizards.com/leaving.asp?url=http://BUY-CHEAP-ADIPEX-ONLINE-order.info
Agent: User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Widows NT)

[tags]site logs, referrer, spamming [/tags]


3 Responses to “referrer spam, 2006 style”

  1. me Says:

    Right.

  2. me Says:

    Some good advice, which you may or may not heed:
    If you’re not hosting your web pages yourself, forget about fighting referer spamming. And don’t mention anything about it when you pay for your bandwidth: You will probably get hit. Viciously. See Mark Pilgrim’s excellent entry.
    However, if you have CPU cycles to burn, a care-free pipe to your provider…

  3. joy Says:

    Apparently, there are some services which allow you to blacklist the referrer spammers

Leave a Reply