Heh, seems the Zahariev twins are using the old invisible text trick.
Check their site at twins-bg.com, and hit ctrl-a to highlight everything…
There’s just no doubt they’re into poker!
Hat tip to Jani who found the hidden text.
Krin has been referrer spamming annelisabeth.com all August. Dozens of domains. He’s got some referrer software that’s misconfigured. It includes a bit more in the user agent than is normally there. You’ll recognize it if you see it.
And just so we’re clear on this:
Referrer spamming will get you banned in Google if you get caught.
Krin/Romzes - consider yourself caught…
Here’s a guy who says he’s a SEO. Yet he referrer spams his main domain.
Shakes head…
Update September 18:
I’ve removed the name, since he’s REALLY sorry he spammed, and wovs never to do it again.
BTW, he used PRstorm, without being aware of the riks.
Nobody told him Google could (and did) ban his domains.
He used referrer spamming on his MAIN domains!
He wishes other people would NOT use PRstorm, because it really isn’t worth the agony!
Most of you have seen me say over and over that linkspam isn’t personal. That the spammers don’t target people specifically to receive their spam.
I still hold to that standpoint.
But it becomes personal when they do linkspam joejobs to people they “know”. Such as when Eugene Blagodarny used my other domain as the e-mail address when he spammed hundreds of guestbooks with his filthy dyndns subdomains. Filthy enough the guestbook owners justifiably got angry with me, because they thought I was the spammer.
That’s when it’s personal.
He misused my identity with the intention of getting third parties angry with me.
I enabled that non-existent e-mail address to see what would happen. So far I’ve gotten quite a few from non-humans:
1 phishing (PayPal)
2 spam
6 who are you messages
The “who are you” messages are the most interesting. All of them have an embedded image in the message, going to various ports on 220.163.176.206. They’re coming from various IP addresses. Most of them from Asia - China, Taiwan.
Syntax (minus the brackets):
IMG SRC=”http://220.163.176.206:7382/AD.png?eid=my@e-mailaddress&pid=banban” HEIGHT=”0″ WEIGHT=”0″ BORDER=”0″
There are lots of mentions on NANAS of these, but no editorializing. So far I’ve only seen one blog post about the phenomenon.
I’m guessing it’s a way to figure out if an e-mail address is live, and if so, will it get read. I’ve got that address sent to somewhere that blocks web bugs, so hopefully I’m good. But even if not, it’s the server that’s going to have the problem. That address will get failed again after this spam campaign (hopefully) is over.
Eugene Blagodarny has been spamming guestbooks as me at least since August 4th.
I first got a few angry guestbook entries, but couldn’t figure it out. I knew I hadn’t spammed anyone, and I couldn’t find anything in Google to indicate someone had spamvertized my site (revenge spam).
Turns out it’s worse. I finally found a sample, and used the wording to find other samples.
The wording is like this:
AnnElisabeth
Great site! Keep it alive!
And then there are some really vile URL’s entered in the website field. Disgusting deviate porn.
He’s targeted xtremguestbook in particular, and he’s really been laying it on thick. There are LOTS of entries in the spammed guestbooks. All of them have an e-mail address from my domain under the e-mail button. That e-mail address doesn’t work. The spammed webmasters probably think I’m the spammer, and since the e-mail address doesn’t work, they sign my guestbook instead.
I should probably enable the address for a while, to catch any e-mail regarding this.
Any ideas on what I should do? This is obviously hurting my reputation…
Updates:
I traced one of the dyndns sites to one of his domains. The whois is very sketchy (by design, of course), but the e-mail address is his. It’s one he’s used many times.
Admin Organization: NA
Admin Name: NA
Admin Address: NA
Admin City: NA
Admin Country: AFGHANISTAN
Admin Postal Code: 11111
Admin Phone Number: +91.226370256
Admin Email: domains@gals4all.com
He’s doing his usual PHPnuke spam runs as well, under his usual “optimized” names. The guestbook spam run is in addition to his usual spamming.
Pete found an auction for PRstorm, one of the Reffy incarnations.
For anyone who finds this and is thinking about buying it:
It’s spam software. They’ve had every domain associated with this software banned by Google.
Use the software on your valuable domain, and you stand the chance of a spamhunter catching up to you and having your domain banned on Google.
And, remember what Matt Cutts says: If the number of new links look unnatural, you may easily be penalized in Google. That’s what happen to a lot of new sites. Backlinks happening too fast, and a filter kicks in.
Matt Cutts is one of us now. Bloggers I mean. This is Google’s face towards webmasters. He’s got a LOT of mentions on various blogs. On the whole people like him. Except for some SEO’s. Considering what some SEO’s do, I guess I could live with that if I were him.
Anyway, he’s been blogging for a while, and I didn’t discover it until today. I guess I’m the one sleeping in class. Either that, or he picked the summer because there’s less traffic and he could experiment a bit until the unwashed masses found out?
Come on Matt, blog more about search engine spam!
I’ve been on the trail of some spammers lately, that I’ve dubbed
Hinter Inc
They’ve probably got many names. Some CWS hijackers in the mix here too. I got a new batch of trackbacks from them todayl, so I did some more digging. Nothing earth shattering here. If you’ve got more, please contribute.
We’ve seen multiple edits of the same wiki page by the same spammer, and have been wondering why on earth. What’s the point of removing your own edits?
Well, turns out there IS a good point.
My wiki runs Mediawiki, and it has a cool feature called rollback. An administrator can rollback edits he/she doesn’t like by clicking one easily accessible link.
By doing double edits on the same file, the spammer makes sure that feature can’t be used reliably, thereby necessitating a more complex operation to remove the spam. An operation any half assed administrator should be able to do. But as you know, that’s the theory, not the reality. A more complicated operation may be left for another day by an overworked administrator.
Guys, if you run a wiki, keep an eye on it, and learn how to rescue it should spammers get really obsessive. Chances are you’ll experience “obsessive” spammers. They’re just trying to up the chances of their spam sticking…