So, it seems the referrer-log spamming is getting worse. The earlier attempts all used a limited set of IPs; probably the real source machines.
However, the latest crop are now relaying through open proxies. Out of a sample size of 10 random IPs, every one was a proxy listed in the OPM blacklist.
The URLs being spamvertised are all pr0n; lots of .ws and .biz hits with pretty colourful names. Take a look here, under any of the top 5 hits. They’re outnumbering the legit hits by about 20 to 1.
BTW, it’s now pretty clear the practice of referrer-spamming is intended to gain Googlejuice; plenty of other sites have noticed it too. It’s worth noting that in my case, it won’t work — my log pages are all off-limits to the Googlebot for quite a while, but the referrer spammers haven’t figured this out yet…
Some notes:
-
the spamvertized URLs include
perlcoders.com,openproxies.com,-
cgifactory.net, so steer clear of those sites.
-
-
the User-Agents are randomised, similar to spamware’s randomised
X-Mailer headers. Some samples include:
-
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MSN 6.1; MSNbMSFT; MSNmen-ca; MSNc00; v5m)
-
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SC/5.10/1.14/Telenor; .NET CLR 1.1.4322)
-
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
-
Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Wanadoo 5.6)
My guess is they just took a large list of legit user agents, and used that.
-
-
I’ve now left them a few little surprises ;)