Referer spam

From Wikipedia, the free encyclopedia

(Redirected from Referrer spam)
Jump to: navigation, search

Referer spam is a kind of spamdexing (spamming aimed at search engines). The technique involves making repeated web site requests using a fake referer url that points to the site the spammer wishes to advertise. Sites that publicize their access logs, including referer statistics, will then end up linking to the spammer's site, which will in turn be indexed by the search engines as they crawl the access logs.

This benefits the spammer because of the free link, and also gives the spammer's site improved search engine placement due to link-counting algorithms that search engines use.

Some web sites receive so many referer spam hits that they amount to a denial of service attack on the server because there are not enough resources left on the server to handle legitimate traffic.

Contents

As with e-mail spam, web site operators who receive unwanted referer spam may respond using filtering and blocking.

A simple solution to render this form of spamming ineffective is to prevent the search engine spiders from crawling the site logs by moving them to a non-public area such as a password-protected area, or configure the web statistics generator to use the rel=nofollow attribute on the referer links.

An example configuration fragment for filtering using the Apache server is as follows:

 # Filter rules
 # The regexp can be refined to reduce false positives...
 # As many SetEnvIfNoCase directives can be used...
 SetEnvIfNoCase Referer "(hold-?em|poker|casino|hotel|loan|mortgage|payday|credit|pingdom)" refspam
 SetEnvIfNoCase Referer "(viagra|cialis|penis|diet|porn)" refspam
 # Whitelists can be used, too... note the !refspam vs. refspam
 SetEnvIfNoCase Referer "white-listed_site\.com" !refspam
 # Deny access to refspam (OPTIONAL: conserves resources otherwise wasted by refspam bots)
 Deny from env=refspam
 # Now separate the logs so that refspammers do not pollute your logs as they intend to
 CustomLog /var/log/apache/access.log combined env=!refspam
 CustomLog /var/log/apache/access_refspam.log combined env=refspam

The "fake" web site hits will go to access_refspam.log, whereas normal traffic goes to access.log. The "SetEnvIfNoCase" lines contain Regular expressions (more specifically, Perl regular expressions) that can be used to match any undesirable traffic.

If most of the spam is coming from a few IP addresses, or is requesting a certain page (that may no longer exist on the server) the Apache server may also be configured to deny access via the configuration file, (often named httpd.conf), based on either IP address or the name of the requested file by adding lines like the following:

 # Deny access based on the filename or path of the requested file
 
  Deny from all
 
 # Deny access based on the IP address or host name of the offending site
 
   Deny from 255.255.255.255
   Deny from example.com

A good statistics analysis program will allow you to target the worst offenders.

A third solution for Apache is to install ModSecurity, which allows you to deny requests based on any variable from the server environment, such as referer, request, IP, host, etc.

v  d  e
Spamming
General History of spamming · Network Abuse Clearinghouse
E-mail spam Address munging · Bulk email software · Dictionary spamming · Directory Harvest Attack · DNSBL · Spambot · Pink contract
Spam over other protocols Autodialer · Flyposting · Messaging spam · Mobile phone spam · Newsgroup spam · Telemarketing · VoIP spam
Anti-spam techniques Disposable e-mail address · E-mail authentication · SORBS · SpamCop · Spamhaus · List poisoning · Bayesian spam filtering
Spamdexing Keyword stuffing · Google bomb · Scraper site · Link farm · Webring · Cloaking · Doorway page · URL redirection · Spam blogs · Sping · Forum spam · Blog spam · Referer spam
Internet fraud Advance fee fraud · Lottery scam · Make Money Fast · Microcap stock fraud · Phishing · Vishing
Retrieved from "http://en.wikipedia.org/wiki/Referer_spam"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.