“Referrer Spam”
I’ve noticed several hundred hits in the last few days with very odd referrers. [Update: 22 Mar 2004: The villains won. I don’t have the cycles to put up a fight right now, so I had to take down the popular referrers page.]
I can't talk about Hollywood. It was a horror to me when I was there and it's a horror to look back on. I can't imagine how I did it. When I got away from it I couldn't even refer to the place by name. ''Out there,'' I called it.
I don’t know if it’s a virus or some new form of spam, or both. I’ve noticed several hundred hits in the last few days with very odd referrers: they’re all from porn sites. Yes, in case you’re wondering, I did check: there are no references to this site from any of the several referrers that I checked.
There haven’t been enough hits yet to give them a place on the popular referrers page. I’ll have to filter them out if they ever get there.
They should be easy to filter, they’re all coming from a user
agent named “Microsoft URL Control - 6.00.8169”. Some bit of SDK kit,
I presume.
<aside role="snarky">
Is it an
operating system or a virus distribution
platform?</aside>
Oh, and if you connect from some DHCP provided address on the
“no.shawcable.net
” network,
you might want to run a virus checker. One of you is generating all
these bogus hits.
[Update: 15 Feb 2004] To my dismay, the number of bogus referrers passed the threshold required to show up on the referrers page. I’ve added some more filters and rebuilt the page. And the IP address causing the vast majority of the spam is now denied. 403 to you, pal.
[Update: 09 Mar 2004] Fixed markup error.
[Update: 22 Mar 2004] The villains won. I don’t have the cycles to put up a fight right now, so I had to take down the popular referrers page.
Comments
MovableType now:
- throttles comments from the same IP address
- automatically bans an IP address based on an abnormal number of comments in a short period of time
- uses redirects when linking to URLs given in comments to defeat the PageRank boost given to spammers
might be worth implementing something similar?
It's been known to the blogosphere a while now, see Wired:
http://www.wired.com/news/culture/0,1284,56017,00.html