Referer Spam

,

Spammers are just getting lazy. Even lazier than before. For a miniscule chance of spamming a single person, i.e. referer spam, a spammer will go to incredible lengths. They’re almost as delusional as most of the people on American Idol…

Referer spam is the process of going to a website and faking certain information, the referer, which can show up in website log reports. The referer is supposed to tell a site what URL a visitor was referred from, which can be handy in determining what to serve. A lot of webmasters check this information in their logs, so they can see how people found the site – whether it was via google, technorati, another site, whatever.

Not all webmasters check this. Plus, very few sites have publicly accessible stats, because they can be costly for computation or bandwidth. Still, these scum-suckers will go to all lengths just to get one link in this remote place.

What’s next? I’m betting they’ll make up fake user-agents that contain covert links, or visit non-existant URLs on your site containing their links, or maybe set their monitor resolution to the hexadecimal equivalent of a partial-URL…

Anyway, visit Caveat Lector for some tips and a list of evil referrers that might help you kill a few. One problem though: if you’re using a RewriteRule to redirect bad traffic back at the spammer, be sure that you include a clause such as RewriteCond %{HTTP_REFERER} !yoursite.com so that you don’t get endless 301 loops. It’s a neat trick, but caused me a bit of a headache this past week.

Comments

One response to “Referer Spam”

  1. redshift Avatar

    I think I may be a little overzealous about the whole spam issue. I wanted to get it out of the way with good tools so I wouldn’t have to worry about it, but I wound up (for a short time) causing a 301 loop, and blocking almost all comments. How do people find a happy medium? Spammers are relentless, so I can’t just give up, but the last thing I want is real visitors being bothered.

    Like

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s