Hi all,

My website statistics log shows some funky URLs for referring sites and 404
errors.

For referring sites, a few every month are spammy-looking URLs that have
nothing to do with the topic of my site. For instance (modified not to be a
real site), www.refinance-with-badcredit.com

Curious, I visited a couple of them and confirmed that they do not actually
have a link to my site. How does this happen, that these sites show up as
directing traffic to my site?

Then the 404 errors:

/MSOffice/cltreq.asp
/administrator/components/com_webring/admin.webring.docs.php

No way can these be simple typos because I have never had pages even close
to those file names.

This has been going on for a while and is starting to bug me. Can anyone
shed some light on this?

--
Asiya
**********
http://www.asiya.org/

Asiya wrote:

> My website statistics log shows some funky URLs for referring sites
> and 404 errors. ...

> No way can these be simple typos because I have never had pages even
> close to those file names. This has been going on for a while and is
> starting to bug me. Can anyone shed some light on this?

Google up: referer spam (yes, it is misspelled)

--
-bts
-Motorcycles defy gravity; cars just suck

Asiya <asiya_is_here@sbcSORATHglobal.net> wrote:

> For referring sites, a few every month are spammy-looking URLs that
> have nothing to do with the topic of my site. For instance (modified
> not to be a real site), www.refinance-with-badcredit.com

referer [sic] spam


> Curious, I visited a couple of them and confirmed that they do not
> actually have a link to my site. How does this happen, that these
> sites show up as directing traffic to my site?
>
> Then the 404 errors:
>
> /MSOffice/cltreq.asp
> /administrator/components/com_webring/admin.webring.docs.php
>
> No way can these be simple typos because I have never had pages even
> close to those file names.

That's not referer [sic] spam. This are programs that scan for know
security risks. You might want to report those (I am going to do so next
year, of course 100% automated)

--
John Bokma http://johnbokma.com/

On 12/23/07 9:56 PM, "Beauregard T. Shagnasty" <a.nony.mous@example.invalid>
wrote:
> Asiya wrote:
>
>> My website statistics log shows some funky URLs for referring sites
>> and 404 errors. ...
>
>> No way can these be simple typos because I have never had pages even
>> close to those file names. This has been going on for a while and is
>> starting to bug me. Can anyone shed some light on this?
>
> Google up: referer spam (yes, it is misspelled)

Thanks! What a silly practice. I must get such small amounts of this spam
since I don't publish my statistics. I found a couple of methods to combat
it using the .htacess file. I¹m not comfortable enough with .htacess to play
around with it on my own; is it workable to combine these two following
methods?

From http://www.spywareinfo.com/articles/referer_spam/

# Options +FollowSymlinks
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammersite1.com.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammersite2.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammersite3.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammersite4.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammersite5.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammersite6.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?spammersite7.com.*$ [NC]
RewriteRule \.*$ http://www.some-other-website.com [R,L]

From http://drupal.org/node/24302

# Block referrer spam
RewriteCond %{HTTP_REFERER} (viagra) [NC,OR
RewriteCond %{HTTP_REFERER} (internet-casino) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (Looksmart) [NC]
RewriteRule .* - [F]


I like the idea of having a URL of my choosing show up so I would have an
easy way to recognize and ignore it. I also would prefer to use keywords.
Would that work, something like this?

# Block referrer spam
RewriteCond %{HTTP_REFERER} (viagra) [NC,OR]
RewriteCond %{HTTP_REFERER} (internet-casino) [NC]
RewriteRule \.*$ http://www.diespamdie.com [R,L]


--
Asiya
**********
http://www.asiya.org/

On 12/23/07 11:10 PM, "John Bokma" <john@castleamber.com> wrote:
> Asiya <asiya_is_here@sbcSORATHglobal.net> wrote:
>>
>> Then the 404 errors:
>>
>> /MSOffice/cltreq.asp
>> /administrator/components/com_webring/admin.webring.docs.php
>>
>> No way can these be simple typos because I have never had pages even
>> close to those file names.
>
> That's not referer [sic] spam. This are programs that scan for know
> security risks. You might want to report those (I am going to do so next
> year, of course 100% automated)

I Googled the webring line and found that it's an attempt to exploit
something in Joomla (which I don't have). The MSOffice thing is just a weird
feature in IE. Hmmm...guess I should go through my logs and Google all the
strange 404 errors that come up, just in case. Thank you!


--
Asiya
**********
http://www.asiya.org/

Asiya <asiya_is_here@sbcSORATHglobal.net> wrote in
news:C394ACC7.2442E%asiya_is_here@sbcSORATHglobal. net:

> On 12/23/07 11:10 PM, "John Bokma" <john@castleamber.com> wrote:
>> Asiya <asiya_is_here@sbcSORATHglobal.net> wrote:
>>>
>>> Then the 404 errors:
>>>
>>> /MSOffice/cltreq.asp
>>> /administrator/components/com_webring/admin.webring.docs.php
>>>
>>> No way can these be simple typos because I have never had pages even
>>> close to those file names.
>>
>> That's not referer [sic] spam. This are programs that scan for know
>> security risks. You might want to report those (I am going to do so
>> next year, of course 100% automated)
>
> I Googled the webring line and found that it's an attempt to exploit
> something in Joomla (which I don't have). The MSOffice thing is just a
> weird feature in IE. Hmmm...guess I should go through my logs and
> Google all the strange 404 errors that come up, just in case. Thank
> you!
>
>

I've expalined this on more than a few occassions (perhaps not in this
NG).
For the longest time, many assumed this was a virus or some function of
MS Front Page.

In fact, what it really is?
Some devoted MS Word person that is using Word as a browser.

if you read the Word NG's?
You'll find that most of these folks firmly believe that Word should be
used for everything between shingling the roof and mowing the lawn ;-)