“Referrer Spam”

Volume 7, Issue 24; 22 Mar 2004; last modified 08 Oct 2010

I’ve noticed several hundred hits in the last few days with very odd referrers. [Update: 22 Mar 2004: The villains won. I don’t have the cycles to put up a fight right now, so I had to take down the popular referrers page.]

I can't talk about Hollywood. It was a horror to me when I was there and it's a horror to look back on. I can't imagine how I did it. When I got away from it I couldn't even refer to the place by name. ''Out there,'' I called it.

Dorothy Parker

I don’t know if it’s a virus or some new form of spam, or both. I’ve noticed several hundred hits in the last few days with very odd referrers: they’re all from porn sites. Yes, in case you’re wondering, I did check: there are no references to this site from any of the several referrers that I checked.

There haven’t been enough hits yet to give them a place on the popular referrers page. I’ll have to filter them out if they ever get there.

They should be easy to filter, they’re all coming from a user agent named “Microsoft URL Control - 6.00.8169”. Some bit of SDK kit, I presume. <aside role="snarky">Is it an operating system or a virus distribution platform?</aside>

Oh, and if you connect from some DHCP provided address on the “no.shawcable.net” network, you might want to run a virus checker. One of you is generating all these bogus hits.

[Update: 15 Feb 2004] To my dismay, the number of bogus referrers passed the threshold required to show up on the referrers page. I’ve added some more filters and rebuilt the page. And the IP address causing the vast majority of the spam is now denied. 403 to you, pal.

[Update: 09 Mar 2004] Fixed markup error.

[Update: 22 Mar 2004] The villains won. I don’t have the cycles to put up a fight right now, so I had to take down the popular referrers page.

Comments

MovableType now:

- throttles comments from the same IP address

- automatically bans an IP address based on an abnormal number of comments in a short period of time

- uses redirects when linking to URLs given in comments to defeat the PageRank boost given to spammers

might be worth implementing something similar?

—Posted by Paul Downey on 11 Feb 2004 @ 02:23 UTC #

It's been known to the blogosphere a while now, see Wired:

http://www.wired.com/news/culture/0,1284,56017,00.html

—Posted by Danny Ayers on 11 Feb 2004 @ 02:50 UTC #