[vox] Spammers target referring URL, steal bandwidth,
increases cost of support
ME
vox@lists.lugod.org
Fri, 21 May 2004 17:59:55 -0700 (PDT)
<rant>
Ok. I don't like spam. Most of you (probably all of you) do not like spam.
This is getting really bad. If spam in e-mail is not bad enough, sites now
are running Web-aware apps to span networks following links (or creating
URl which may or may not be valid) and visiting the "pages" which house
the data.
What could be the possible reason?
Gee. The most obvious is to target sites which provide feedback per
host/domain/site on referring URL in a web page. These kinds of reports
may be visited by google or other search engines, and as they do, thier
score in google goes up because there are "more links to their sites."
This becomes a feedback loop in the spammer's favor as "reputable" sites
which are well liked seem to offer content which links to spammers.
This was not much of a problem for me, as I have my server colocated, and
the number of hits were small enough to not count for much. Now, however,
things have changed. Some of these referring URL spamming services are
really targetting many of the domains I service.
To make things worse, some will visit URL to nonexistant files, and
generate 404 errors in my log files. As a result, a review of my web data
with webalyzer shows many false positives for 404, and if I actually
viewed these pages, a nifty little session/tracking ID is often included
to help the spammers know what sites to attack more often!
I DO NOT NEED TO SEE FALSE 404 REPORTS! Annoying spammers!
STEALERS OF BANDWIDTH!
>:-|
Anyway, I thought I would share one "solution" I have: add iptables rules
to DROP connections from their IP address.
Search through your web log files for the entries with referring URL that
include the following:
(Spaces added to try to nix effect of search engines finding them on this
page when it is archived.)
w e b b u f f e t . c o m
p h o e n i x % 2 0 a r i z o n a % 2 0 n e t w o r k
h i g h l a n d s o f s c o t l a n d . n e t
m e g a e a s t . c o m
h n - e c o m m e r c e . p h
See if you are also subsidizing the commercialization of company names
through referring URL.
</rant>