Using visitors to spam
The spammer I wrote about below is quite sneaky.
I noticed that I had an obscene amount of referrers from a domain referrer spammed by the German. Most of them from the IP address of the German (see below).
But when I checked out that site, I noticed that another address was loading something, and it took a long time before it finished loading. I got suspicious, so I checked out the code.
And what I found, was a section at the bottom with lots of addresses for blogs. That was visible when I viewed source.
But when you view the page, you can’t see it. The page calls site addresses as images, in this size:
ALT=1 WIDTH=2 HEIGHT=2 border=0
Interspersed with those, there are links to blogs with javascript inside the links, like this:
onclick=”parent.location=’http://spamhuntress.com’; return false
The font size is -4, and the links are say one or two random letters at a time.
The end result is that the page will send out calls to lots of sites, and the links that are there will show only to the site they’re called FROM, not the actual addresses. But if you CLICK on one of those links at the bottom, you’ll go to the actual addresses inside the link, not the one displayed.
Very tricky.
Update
This is like two part spamming. The first part is the initial spam run. It’s done by the spammer himself on a dialup line. Hammering a lot of sites, and leaving an incredible number of referrers. Enough to make the spammed site owners check out the sites.
Second part, is when the site owners unwittingly spam the pages he’s hidden on the spamvertized pages. That way the site owners will unwittingly spam those pages. AND, those hidden pages probably all have referrers indexed by Google in some form. So those site owners will get confused and possibly send abuse messages to totally innocent third parties.
What do we call that? Spamming by innocent human proxy? Are there any laws against this?
BTW, most of the domains spamvertized this way are already bannned by Google, and the rest will probably follow any time now.
——–
Please include an .htaccess file a bit like this in your referrer script directory so you hide it from Google. You can still let human visitors view them:
—————–
SetEnvIf User-Agent “Googlebot” bots
SetEnvIf User-Agent “msnbot” bots
SetEnvIf User-Agent “Yahoo! Slurp” bots
SetEnvIf User-Agent “jeeves/teoma” bots
<limit GET POST>
Order Allow,Deny
Allow from all
Deny from env=bots
</limit>
—————-
Heh, lots of old Dave Winer projects are targeted! You need to clean up some stuff, Dave!
Report this to Google, and I’m pretty sure they will drop the sites in question from their index.
Incidentally, getting blackhat SEOs dropped from Google is the most effective way to hurt these people.
I report new spammers every day, so yes, they will get reported.
What’s the trickery here? I don’t get what’s happening, but I’m seeing these hits in my logs (notice the go/g545789 for each different domain):
http://gradfinder.com/go/g545789
http://outpersonals.com/go/g545789
http://passions.com/go/g545789
http://alt.com/go/g545789
Is there some way to block referrers with /go/g545789 without necessarily blocking the main domains? I get the feeling these domains aren’t doing the spamming. Or are they?
I left the domains as is, but edit that out if you think it should.
The links you’re complaining about here are from a different spammer. That particular spammer is spamvertizing affiliate URL’s directly. So no, it isn’t Andrew Conru who’s spamming. But if he doesn’t cut that affiliate off, then we may need to escalate the matter.
Thanks for the info, I did send an abuse report to gradfinder. Sorry about the live links (oops). I just assumed these domains were being cloaked somehow so it’s them showing up in the logs, not the real spammer. I clearly don’t know much about this stuff! lol