Referrer Log Spamming

I first saw this in June/2004, although it was probably happening sooner, but I just didn't notice.

NOTE: There are names of "adult" web sites on this page, but there are NOT any direct links from this site to "adult" content

Referrer Log Spamming is when scumbags hit your website, but forge what is called the HTTP_REFERRER header and insert their own scumbag URL in it. The reason is that they hope that your web sites will publish statistics about activity on it, and this almost always includes something called the "Referrer Report" that list where people came from to visit your web site. So what happens is the scumbag URL ends up being listed, which counts as "back link" and makes them look better to the Search Engines. It's also a way of driving traffic to their site since people click on those links to see what it is. Typically used by folks in the adult/porn industry as you'll see below, although perhaps not surprising is that referrer log spamming also been used in politics.

Kinda slimey, eh?!?

So you are probably saying "sounds super-techo-gee-whiz Alek, but this doesn't really happen much does in real life does it?" ... welllll, there's an easy way to find out. Do this Google Search for "lucky-macho.com usage" (the word "usage" is typically in a Referrer Report) and there are 289 (!) web pages of various people/corporations/etc. which have links from THEIR site to lucky-macho.com - how many do you think are aware of that?!?

Pretty slimey, eh?!?

And oh yea, one more thing to mention is that the scumbags typically don't hit your web site from theirs - what is often used is "zombie PC's" - i.e. those that have been taked over with spyware/adware and then unknown to the owners, is surfing the web for the scumbags!

REALLY slimey, eh?!?

In case you are interested, here are just a FEW examples of referrer log spamming I've seen on my web site. The links below simple show the Apache Log entries - again, none of these links go to adult sites:

sexxx-links.net is interested in sudo-tools (this is a UNIX Sysadmin tool)
lucky-macho.com is also interested in sudo-tools (UNIX Sysadmin tools must be popular porn implements)
7voyeur-upskirt.com/foot-fetish is yet another porno site interested in sudo-tools - they shoulda look at my bare foot skiing page
gay.old-young.com appears to be exactly what the name suggests and is similarly interested in sudo-tools
- Note that the last three used the same 69.50.191.130 IP address which reverse lookups as an esthost.com host which is registered by GoDaddy.com with points of contact in Estonia.
Looks like the scumbags found this web page since a BUNCH of 'em are all checking it out - we have:
- family-sex.hqsearch.net - do you think maybe a family related web site?
- incest-sex.hqsearch.net - boy, this is really "in" the family, eh?!? ;-)
- scat-sex.hqsearch.net - just not my cup of tea - probably a sh*tty web site like the rest of 'em! ;-)

I worked my way "upstream" a bit, and it appears that the following hosting companies are probably involved/associated with these guys: www.esthost.net and www.web-studio.net ... and a traceroute shows that the last ISP reporting is www.cenic.net so my guess is that is who they are getting connectivity from.

In case these guys ever read this ... correction, since you are referrer spamming THIS page, you HAVE read this, how 'bout taking your spamming somewhere else ...