Revenge referrer run?
I’ve gotten quite a few referrers lately from sites I know I don’t link to. Mainly referrer scripts. One of them had a referrer from http://www.spamhuntress.com/.
Try it yourself, and you can see that it must be fake. I’ve got a 301 (that’s permanent redirect) in effect, because I don’t use the www on this site. So that leads me to believe there’s some hanky panky going on. And considering the threat I referenced in my previous post, I just wonder if maybe the hits with my referrer has the same IP number as the spammer in this post - 65.50.141.2 ?
Update
I’ve confirmed that the IP number used on two sites was:
148.223.216.169
Mexican IP number, used for spamming before.
I am nearly certain that what occurs is that the spamming is quite “personal” in the sense that certain sites wherein these discussions occur are used to access related sites/URLs when they’re included in signon and/or identified per comments.
I only began receiving my current high volume of referral spam via this same process you identify here after commenting on (1.) a conservative, political blog site and (2.) this site and (3.) another spam investigative site.
The IPA you mention is among the “Mexico proxies,” alestra.net.mx.
Everyone should ban the entire range (I have) but it won’t at all solve the referral spam problem once a domain is targeted. The same spammers use the Naperville, IL “backbone” to proliferate (64.4.195.62).
And any available zombie PC, of which there appear to be many.
Very few linkspammers use zombies. Since I’ve been doing this, I’ve only seen two linkspammers using zombies. One was Alexander Morozov/Dyakon, who used it for some trackspam runs. He normally uses proxies. Then there’s Mike Tison, who so far seems to use only zombies. I’ve never seen the Zaharievs using zombies, for instance.
So Suzy, can you please give us more background on this?
hi: i’m new to all this stuff, and I am not a techie — just have a very basic understanding of this stuff (still learning) so i hope this isn’t too much of a stupid newbie question, but …. what are the best tools online for de-obfuscating URLS/DNS settings, email headers, etc and ultimately finding out who really owns a website or domain name, server, site, etc? How do you get to the root of these things? I just came across this great blog by accident and I would really like to know better how to track these creeps down who run a lot of these fly-by-night sites and operations, not just the spam, but that too, so they can be reported, identified, shared with anti-spam sites, etc.
I noticed that there are sites that host sites that host sites like leap-frog or hop-scotch or something. They start at one place and end at an entirely different but are linked somehow, but I don’t know if I’m checking the right information or using the right tools. I would really appreciate feedback on the best tools and places to use (and where / how to understand all the terms and the tricks I’m missing). I have been using Whois.sc and DNSstuff.com to look up these jerks. Where else do I need to look and to learn?
Thank you so much.
dora
Moderator: URL removed. Too commercial…
Forgive me for stepping in without having necessarily full knowledge of the situation, but from reading this entry and a few other related: wouldn’t it be about time that you install a decent referrer spam filter on your site???
Something that preferably blocks them silently, and at the very least throw them away with an HTTP error without using up your bandwidth?
I won’t give you any name, since there would likely be a conflict of interest, but I’m sure you’d find something by yourself…
Now why would I be using spam filters, except for making sure spam isn’t visible? I report on spam. I need access to spammed blogs.
Ever heard of honeytraps?
Very much so. But:
1) Hardly any need to use your main blog as honeytrap. It works all the same with any random test blog, properly publicized.
2) Any decent spam filter will keep logs of what it does and let you dissect spams all the same.
3) It may be me, but it sounded like, in certain parts of your blog, you were complaining of the damages caused to your bandwidth or the time it’d take you to deal with such or such attack.
4) Doing the “block this IP”, “ban this domain” etc. on a case by case basis, is quite a waste of time.
My bandwidth isn’t a concern right now. But when I issue warnings, I put myself in other people’s place, and think about how other people may get in trouble because of particularly insistent spammers.
I guess what I’m trying to say is: Buzz off.
Spam combat software is a good idea. That I choose not to run any is my decision. It’s not something my readers should copy from me, of course. It’s a personal decision on my part.
I casually found, for now 100% successful anti-spammer solution for wordpress.
As benefit I keep track of all “sodomized” spamers in bbclone.
This is my code at the beginning of wp-comments-post.php:
if (strstr($_SERVER['HTTP_REFERER'],’www.urlto.site:80/’) != FALSE)
{
echo “Please sodomize yourself!\n”;
define(”_BBC_PAGE_NAME”, ‘Sodomized by ref’);
define(”_BBCLONE_DIR”, “/full/path/to/bbclone/”);
define(”COUNTER”, _BBCLONE_DIR.”mark_page.php”);
if (is_readable(COUNTER)) include_once(COUNTER);
exit();
}
I keep for later reference all headers and post vars also in text file.