a weblog by dave walker
daddy needs a new pair of shoes
search
what I'm up to
14255 Eureka Rd, Southgate, MI 48195-2064
stalker-enable yr. blog @ eaglefeed
edumacation
what I'm playing
style
greatest hits
- Little. Orange. Stupid.
- Escaping The Madness
- Escaping The Madness, Part Two
- An Ode To The Single
- The Flinstones Smoke Winston
- Living In The Future
- Dollar DVDs
- Observations on the ‘nofollow’ tag
- The Clash: Hitsville, U.K.
the important stuff
bloghome
ffg station page
freeke.org
my flickr photos
@ffg
more links
amazon wish list (xml)
pgp (0x0212C246)
your host
b-links
via del.icio.us
(feed)
hover for obnoxious commentary
- html5media - Project Hosting on Google Code
- Microsoft Courier: the third weak link in a miserable mobile strategy
- Please Give Sarah Palin Her Own Show
- USPS to propose 5-day mail schedule, major cuts - Mar. 2, 2010
- 808 State set to reunite
- George Jefferson: World’s Biggest Gong Fan?
- » CONVERGE™ | Convergent Science - The final answer in CFD
- Stryde Hax: The Spy at Harriton High
- TiVo: Cable is strangling our business with SDV
- jQuery plugin: Tablesorter 2.0
stormy weather
Friday, February 20, 2004
Persistent Refer(r)er Spammer
A couple of months ago I noticed this link in my refer(r)er logs. I later noticed links to my blog from various quickie garbage Blogspot blogs which were nothing more than a bunch of spammy keywords and links to various porn sites, often links to alleged P*r*s H*lt*n and (more recently J*n*t J*cks*n) pics and videos. Someone’s written a bot that simply loads my front page (and the front pages of other sites that display refer(r)ers) in order to jack up their pagerank. This is obnoxious because I use dynamically generated pages here, so it wastes both server CPU and bandwidth. At first I simply filtered these links from my refer(r)er display, but, as I mentioned, since it was costing me highly in processor overhead, I’ve taken to guillotining these idiots (this idiot, really — I’m convinced it’s only one guy doing this) at the firewall so that I’m not wasting CPU simply to stroke this yutz’s, er, ego.
The thing that amazes me is the sheer number of hosts he’s using the launch this garbage. His bot has the user-agent string “Microsoft URL Control - 6.00.8169”, and every time I block one IP, he’s back within a day or two from a different host. So far I’ve blocked hosts in Canada, the Czech Republic, France, and the USA, among other places so it’s pretty obvious he’s using zombied/0wned machines to do his dirty work. He usually hits me manually from a web browser once, then launches the bots with a series of different spam refer(r)ers all presumably controlled by him. I imagine I could contact Blogger’s abuse desk, but he shifts URLs so quickly I doubt it would make much of a difference. As it stands, I already filter all of the likely keywords from my refer(r)er display, so he never gets his links displayed (which I presume he’s noticed by now), so at the moment I figure he’s only doing it for the annoyance value (ah, the easily entertained spam kiddie.) I imagine we’ll keep up our little arms race going until one or the other of us gets bored. So from me to you, my little URL Control buddy — to put this in language a porn spammer’ll understand, here’s a big facial, from me to you, right in yr. eye.
:: Dave Walker 04:19 (EST/EDT) [+] ::
:: [/administrivia/weblog]
:: tags: weblog
:: Comments (1)
Comments:
Title:
Date:
He's probably just using open web proxies to do it, easier than pwning systems. As for the solution, have you tried checking the referring page to see if it links to your site?
New York is real. The rest is done with mirrors.