ColdFusion Muse

Targeting Web Masters: Spamming's New Low

Mark Kruger December 31, 2007 12:29 PM Hosting and Networking Comments (2)

Fighting spam is a lot like those movies where blood sucking zombies just keep coming at you in a never ending supply of non-descript humanoids who want to eat your brain or take out your daughter. I can live with having to keep filters up to date. I know how to use SPF, Spam Assassin and client side filters like spambayes (check it out if you are an outlook user). I can even live with the bots constantly attacking my web forms and trying to hack them to send their own mail. But I think I have stumbled onto a technique that smacks of desperation.

Occasionally I view a stats report for my blog. I use Smarter Stats from "Smarter Tools". It's quite good and it gives me some excellent reporting options (I also love their "Smarter Mail" server). One of the reports I like to view is "referring sites". Mostly I'm just snooping to see if any CF big wigs like Ben Forta, Sean Corfield or Ray Camden have linked to my blog (we keep a bottle of champaigne on ice for those occasions). It is interesting to see all of the sites that are listed. All of our CF Webtools blogs are cross linked so I see them listed as I would expect. Google, MSN and Yahoo are all represented as are blog aggregators like fullasagoog and the old Macromedia weblog aggregator. Interestingly I see some international sites like soso.com and orkut.com.

All of these I can explain and understand how they arrived in my log files. But here's a couple I can't explain. There is a link to a site called "blogdim.com" - which I took to be another blog portal. When I went to the site it is actually a personal loan information site. A closer look discovered sites like "topsecuredloan","onlineapoker", "insurede" and others less benign. How are these particular referring sites getting into my log files? I have a couple of guesses.

My first guess has to do with email. If you are using a web based email client like Yahoo, and someone sends you an email with a link in it, when you click on the link the "referring site" is actually something like "mail.yahoo.com". So perhaps these sites are showing up because someone is clicking on a link in a web based email client that uses that domain. I kind of find this explanation unlikely. Would anyone really be checkign their mail at a domain like onlinepoker.com? I suppose if they were using a web host where it was set up that way it could happen.

My second guess is that someone clicked on a Google ad for Coldfusion Muse. I quickly went to my ad words account and verified that I am not set up to serve Google ads for my blog. We only serve ads for our main web site, CF Webtools.

There may be other explanations, but at least one that I can think of is that it is a new form of spam. It would be trivial to create a bot that issues web requests with a specific referrer. After all, adding your site as a referring site causes your link to show up in reports and sometimes someone (like myself) will click on it. Of course it would only target folks who are looking at web log reports. Can any muse readers provide any alternate theories? It certainly seems like an act of desperation - or perhaps just too easy to pass up. In any case, I'm off to apply for a 22% loan. Tata.

  • Share:

2 Comments

  • James Moberg's Gravatar
    Posted By
    James Moberg | 12/31/07 11:10 AM
    Another possibility would be automated software performing pings to your website and falsifying the referrer in hopes that you click on it to see where the new traffic is coming from. This can result in either a commissioned click-thru or potential spyware installation. I've reported some activity in the past that revealed that similar traffic was coming from headless servers that were compromised and running multiple scheduled scripts to do exactly this.
  • James Moberg's Gravatar
    Posted By
    James Moberg | 12/31/07 11:29 AM
    Off topic, but you recommended Smarter Stats... Have you used Urchin? If so, do you have any comparison recommendations? (Google still hasn't released the promised upgrade for Urchin yet since buying them out and turning it into Google Analytics.)

    Also, we're generating our own logfiles since IIS is incapable of logging the PATH_INFO value and doesn't have any optional filtering. This allows us to maintain smaller logfiles and retain extra SEO data that IIS normally ignores. Do you need to use IIS's log files in order to get on-demand reports or can it process a logfile multiple times during the day? (I like the idea of distributed log file analysis.)

    Thanks.
Google Search
Google
Subscribe
Enter your email address to subscribe to this blog.
Recent Comments
  • Remembering Wil Genovese
    Mary Jo said: Wil's presence here will be sorely missed. We became good friends over the years and I will miss our... [More]
  • Remembering Wil Genovese
    charlie arehart said: Very sad news, and a real loss for the CF community which was blessed with so much of his knowledge ... [More]
  • Remembering Wil Genovese
    Mark A Kruger said: @Mike, Ha - yes! He was always a hoot at staff meetings. :) To be clear to the rest of the world ... [More]
  • Remembering Wil Genovese
    Mike Letson said: On several occasions, Will led me through deep technical waters that enabled me to serve my clients ... [More]
  • Remembering Wil Genovese
    Russ said: Rest in Peace man, my condolences to the family. Cancer seems to kill so many people now. :-( Both ... [More]
Archives By Subject
Twitter
    Facebook
    Aggregators


    Subscribe in NewsGator Online

    Add to Google
    RSS