![[Avatar]](/images/avatar26.png){kind=avatar}
PooterGeek
1p1 comments posted · 0 followers · following 0
16 years ago @ wongaBlog - 18 months of spam figh... · 0 replies · +1 points
It was targeted, but it wasn't personal.
Brace yourself for a jump into the strange world of referer spam... [It's an historical accident that this how the word "referer" is spelt when people talk about the Web, just as style sheets use "alternate" instead of "alternative".]
Many sites---perhaps, once upon a time, wongaBlog---use Web stats analysis programs to process logs of visits recorded by their Webservers, and, in turn, publish the results as new Webpages, at wongablog.co.uk/webstats/ say. A site proprietor like Andrew can then browse to that location and see real-time graphs and tables of the activity on his site when it suits him, without having to grep through lots of log files on the server itself.
One of the kinds of data that Web stats analysis programs almost always collect is on referers. Referers are the URLs of the pages whence people came to visit the site under analysis. Analysis programs almost always present lists of such referers as links to the actual referring pages.
Google responds to links. Pages that Google's bots record as having inward links climb up its search results.
[Perhaps you can see where this is going now.]
So, one way of improving a spam site's search ranking is to make it appear that lots of people are visiting a site that publishes its own Web stats analyses *after* they have visited the spam site. In this case, the attackers had recruited thousands of zombie PCs to (amongst many other dubious things, I suspect) hit wongaBlog with HTTP requests containing fake referer data that cited origins like "online-car-insurance-bargains.com" [though obviously not that particular URL] in the hope of having links to online-car-insurance-bargains.com pop up in Andrew's Webstats.
Co-ordinated and concentrated mass HTTP requests from machines scattered across the globe (possibly spoofing their IP addresses)---machines that changed anyway as old subpopulations were cleaned up by their owners or new subpopulations were recruited---is, effectively, a Distributed Denial Of Service attack.
Weirder still, I doubt the spammers made their money from online-car-insurance-bargains.com itself, but from the publishers of the Webpages that online-car-inurance-bargains.com pointed at.
Now, let's see if this comment makes it through Andrew's spam filters...
Brace yourself for a jump into the strange world of referer spam... [It's an historical accident that this how the word "referer" is spelt when people talk about the Web, just as style sheets use "alternate" instead of "alternative".]
Many sites---perhaps, once upon a time, wongaBlog---use Web stats analysis programs to process logs of visits recorded by their Webservers, and, in turn, publish the results as new Webpages, at wongablog.co.uk/webstats/ say. A site proprietor like Andrew can then browse to that location and see real-time graphs and tables of the activity on his site when it suits him, without having to grep through lots of log files on the server itself.
One of the kinds of data that Web stats analysis programs almost always collect is on referers. Referers are the URLs of the pages whence people came to visit the site under analysis. Analysis programs almost always present lists of such referers as links to the actual referring pages.
Google responds to links. Pages that Google's bots record as having inward links climb up its search results.
[Perhaps you can see where this is going now.]
So, one way of improving a spam site's search ranking is to make it appear that lots of people are visiting a site that publishes its own Web stats analyses *after* they have visited the spam site. In this case, the attackers had recruited thousands of zombie PCs to (amongst many other dubious things, I suspect) hit wongaBlog with HTTP requests containing fake referer data that cited origins like "online-car-insurance-bargains.com" [though obviously not that particular URL] in the hope of having links to online-car-insurance-bargains.com pop up in Andrew's Webstats.
Co-ordinated and concentrated mass HTTP requests from machines scattered across the globe (possibly spoofing their IP addresses)---machines that changed anyway as old subpopulations were cleaned up by their owners or new subpopulations were recruited---is, effectively, a Distributed Denial Of Service attack.
Weirder still, I doubt the spammers made their money from online-car-insurance-bargains.com itself, but from the publishers of the Webpages that online-car-inurance-bargains.com pointed at.
Now, let's see if this comment makes it through Andrew's spam filters...
Company