Referer Spam

by redshift

Spammers are just getting lazy. Even lazier than before. For a miniscule chance of spamming a single person, i.e. referer spam, a spammer will go to incredible lengths. They’re almost as delusional as most of the people on American Idol…

Referer spam is the process of going to a website and faking certain information, the referer, which can show up in website log reports. The referer is supposed to tell a site what URL a visitor was referred from, which can be handy in determining what to serve. A lot of webmasters check this information in their logs, so they can see how people found the site – whether it was via google, technorati, another site, whatever.

Not all webmasters check this. Plus, very few sites have publicly accessible stats, because they can be costly for computation or bandwidth. Still, these scum-suckers will go to all lengths just to get one link in this remote place.

What’s next? I’m betting they’ll make up fake user-agents that contain covert links, or visit non-existant URLs on your site containing their links, or maybe set their monitor resolution to the hexadecimal equivalent of a partial-URL…

Anyway, visit Caveat Lector for some tips and a list of evil referrers that might help you kill a few. One problem though: if you’re using a RewriteRule to redirect bad traffic back at the spammer, be sure that you include a clause such as RewriteCond %{HTTP_REFERER} ! so that you don’t get endless 301 loops. It’s a neat trick, but caused me a bit of a headache this past week.