Referrer Spam:
A Knock-Knock that is not a joke.
As I have been keeping watch of what has been doing fly-bys of the Extensionary, I have been noticing a number of curious things. But one in particular stymied me for a moment until I realized what sort of person wants me and the rest of the world to visit their web site - a selfish sack of... Well, I'll be kind.
A number of the referrer entries in my blog statistics - these are the supposed sites/resources on the web which are, supposedly, referring people to your site - are not only not referring people to this blog, but they are not doing so twice. That is a clever trick indeed! What this means to anyone viewing it is that the person visited your web page twice from the same web page. The odds of you doing that very frequently in your day is very limited. It is something you do if you mistakenly close your browser, and then using your browser's history, you follow links you previously followed in order to arrive at a web page - probably the one you were viewing when you closed the browser!
Given that the blog is graciously provided by Google for free, the depth of this referrer information kept on hand for my own personal perusal by the blog service is a short list, to say the least. I suspect that if I were on some paid service, I would notice a lot more of these non-referring referrers. My hard earned money so easily separated from me would finance long lists of gibberish that allow you and I to see who did what and when on our web enterprises.
The whole point of Google providing you with referrer information is so that you can get a glimpse of what people are doing when they come to your blog. What web page they were on that took them to your blog, what browser they use, if they like lasagna, that sorta thing.
The referrers that were stumping me were from some truly unique URLs. The kind of URLs full of numbers, and nothing identifiable, save for the presence of a randomizing sequence that obviously generated this crud, and a domain name you never heard of (for good reason). Following these links is something you can do quite easily, thanks to Google making all referrer addresses in these lists a hyperlink (something you can click on and your browser takes you there).
I will say here and now that clicking on any dubious looking hyperlinks in your referrer list is best avoided by you. It is unlikely any harm will come to you should you do so anyway, though I can not guarantee that. In all probability, one of those links could lead you down a primrose path that makes your compute device a member of the Borg collective. But from what I have observed, the link itself serves as a means for a web site to verify what person behind what blog/site is following the link.
Since I am the only one privy to who is visiting my web site (and indirectly, Google is too), the persons/machines generating these referrer addresses in my blog statistics know that if a machine arrives at a specially crafted URL (all those numbers and gibberish in the link), they know that the webmaster or operator of the blog/site is visiting them.
They glean a whole lot more information, however.
Your browser is a tiny gold mine of information about yourself every time you visit a web site. Depending upon what browser you use, what operating system you use, and other factors, the site can usually determine what operating system you use, what browser software, perhaps additional software you use (ie: if your browser supports specific plug-ins like Adobe Flash/Shockwave), what language you speak, etcetera. The IP address your machine is tied to also tells them information, such as your location, country, city/town, Internet service provider and/or company to whom the IP is assigned to (which could be where you work, and in some instances, this provides much more detailed information as to your location). All this because you clicked on that link, and finding nothing there of interest, you immediately closed the browser.
No, I cannot guarantee that all those referrers with strange addresses or site-names are doing that. But I am quite confident most of them are, or in the least, they are tabulating how many monkies they can make jump to a web site by making their machine give a referrer address to the blog service twice.
That`s the Knock-Knock.
The joke is on you when you act on it.
The reason why the referrers of these addresses often have a two visit count beside them is because by getting that value above one, it will cause their entry to be higher in the list. These people know how many entries are in that list - they can apply for a free blog just as you or I can. So they have done that homework, and know that most entries in that list will drop lower in the list if they merely visit your page twice and have a process that provides Blogspot/Blogger with the same URL. They want to be sure you see that address and follow it.
So yes, they are clever people. But they`re still scumbags in my book and unworthy of as much blabber as I have given them here.
Below, I provide partial URLs of known scumbag-operated sites. I don`t provide the complete URL because in many cases, the URL will be unique to your site, and the only related part of it might just be the domain name. So in a way, my blog post does acknowledge to these scumbags that I have followed up their link, just not in the way they want me to.
Please avoid the following if/when you can, and avoid doing so in future (Don't follow any links to these URLs):
http://*.dyo.gs/
http://*.qqc.co/
http://*.yyv.co/
http://*.any.gs/
http://good.sale-go.ru/
http://*.kallery.net/*
http://www.vampirestat.com
http://*.7secretsearch.com
http://*.current.com/*
http://www.adsensewatchdog.com
http://*.thetaoofbadass.pw/*
http://www.filmhill.com/*
http://*.ourmeets.com
http://*.x-artfanclub.comhttp://livecams.url.ph
http://*.cloudns.us
http://*.semalt.com/*
http://www.christinesetrakian.com/
http://www.gmailmirror.com/
http://www.iianews.com/*
http://www.trustcombat.com/*
http://pharmacy-express.biz/
And it seems Russian spammers (России спаме создатель = идиот робот) think I will add their URLs here. Many of these are actually driving in from a Ukrainian IP, and for all I know, its all generated by some disgruntled Latvian working out of a hovel in the Urals. Of course, like all Russian spammer thought processes, and the vee-hickles their gas-station-of-a-country manufacturers and sells, they are always дефектный... Please do take liberties in excising inappropriate foreign, дефектный - for example, textual data from these URLs presented in order to arrive at an actual URL that is currently spamming my blog, and likely others. Please note that all valid URL data is lower-case, and not some commie cyrillic upper-cased lower-case, and that the faux denigration shown in this post is solely reserved for the topical scumbags, and not their fellow countrymen, culture, and the glyphs of choice of their language. Trailing and leading periods are often used prior to foreign text as well.
http://*.auto-дефектныйmalinovka.дефектныйru/*дефектный
http://*.nu.меньшевик.do.c.больной.a/* (Yes... Moronovich registered a Canadian domain, and a visit proves it to be a thriving un-success of boilerplate and chewing gum).
http://www.die.больной.tet.узбекский.ykamet.уничтожать.abol.ABALL??.iczna.com/*
http://*.ip.CANADA99.adp.USSR0.lay.r.OVECHKINDOESNOTBACKCHECKHAHAu
http://*.pi.пи.tera.CCCP.-prost.мертвый.itu.FEDELI_ALLA_LINEA.tki.ruGBY
http://*.blog.нездоровый.hea.притон.lth.ruBLES=бесполезный
http://*.ne.PUTIN0PERCENT.ws...tr...av...ell...er..UKRAINE100PERCENT..ruBBER
* = indicates any valid data that might appear in the URL/address.
Note that most recently encountered referrer spam is lowest in this list.
Of them all, vampirestat seems to be the most Bolshevik, though as of 2014 it has fallen off to zero. Of course, if your blog has a lot of chaff like mine does, it appears that particular unit loses interest in activities. Food for thought, though tomorrow it could be back turning in a valiant showing.
Edit: June 11,2014: Not all referrer spam is from spam sites.
Scumbags are also in the habit of using legitimate web services for scumbag purposes. Just as you or I can sign up and obtain access to varied online services, such as this free blog, so too can a scumbag. If I were so inclined, I could quite easily have nearly every new blogspot/blogger blog referrer stats page feature my own blog's URL. That would be my doing, and not Google's. So please look kindly upon legitimate web services, and do not allow a few rotten apples to tarnish their reputations. You'll find some below that have suffered having their services - and their URL - used for referrer-spam purposes.
The following legitimate sites offer free services that are worth recommending, even if the occasional scumbag takes advantage of them:
www.freenode.net = an IRC (Internet Relay Chat) network that provides webmasters, and the general public, with an ability to set up chat rooms that can be accessed by anyone on the planet. All they need is a modern browser that supports Java, or they can use any of the myriad IRC chat client programs (mIRC, Pidgin, iRCle, etc.) to contact the network directly or any of the hundreds of freely accessible IRC networks that have provided people with chat facilities long before Al Gore was even aware there was an Internet.
Update: March 2015
I won't hold my breath. But it seems as though the novelty of referrer-spamming my particular blogs has fallen off a precipice. Whether this bodes well for your own personal blog, I do not know. Just be assured that they haven't quit entirely. You'll find plenty of blogger blogs with a single entry, a half dozen, highly visible URLs in the navigation pane, and they may even make that lone, solitary post in that blog a fake "concern about referrer spam, phishing exploits on your blog, etc." As if they, truly care. I admire such disingenuous honesty!
Update: June 2015
Spoke too soon! A fresh, young pharma spammer is alive and well and making itself seen.
Update: August 2015
Comment moderation enabled on blogs.
Apparently, Google is incapable of closing accounts of those using their own Google services in order to comment spam Google hosted blogs - OR - A convenient "Report Google account spamming this blog" is not a helpful solution.
Thanh nguyen = comment spammer. Acct ID = https://plus.google.com/107409177539865835595
Same spammer = Hà Tuấn Đạt = comment spammer Acct ID = https://plus.google.com/107095586408795148637
These two accounts have been testing the waters of my blog, and others. They are also inundating the web with miraculous spammy content that says, in no uncertain terms, "We are proud to be users of Google's services. We enjoy the merits of this wondrous relationship. Thank you!".
Pump this on into your Google search box, no quotes: dong tam game mu cho thuê phòng trọ cho thuê phòng trọ nhạc sàn cực mạnh tổng đài tư vấn pháp luật công ty luật số điện thoại tư vấn luật dịch vụ thành lập doanh nghiệp on
Ahhh... Search engines been berry berry good to thee.
No comments:
Post a Comment