Cenzic 232 Patent
Paid Advertising
web application security lab

Referral Spam Tactics

This isn’t truly a new referral spam tactic, but it it’s probably not well known, especially amongst people who don’t run their own websites. I got an email from someone who thought that somehow some porn site had inadvertently linked to them and started to send them tons of traffic. In fact it was quite a few sites that they had thought were sending them traffic. He thought someone had mis-configured something and it was working to his advantage. As a result he put up a link back to their sites, thinking he could get more traffic. It turns out he was playing completely into their hands. He had been social engineered.

The URLs are pretty sneaky: http://search.msn.com/results.aspx?srch=105&FORM=AS5&q=pr0nsitename (obviously the string itself has been changed). So I searched for pr0nsitename and found that dozens of hits were coming in from msn and live.com. Each one of them were cloaking and sending indexing themselves really high. When you actually went to that msn or live.com page you can see the URL linking back to me (something like this): www.pr0nsite.com/cgi-bin/blah.cgi?cmd=out&url=http://sla.ckers.org/forum/somepage.php Upon inspection you can see it’s a simple rediction to detect that I, in fact, started sending them traffic if I post a link pointing to them.

After some more digging I found that if you take any one of the IPs you can find that it comes from more than one different porn search. Hmm… what are the chances that a single IP address found it’s way to my site through two completely different redirects from porn sites? Uhm… I’ll give you a hint, it’s zero. The point is you cannot trust referring URLs. I barely look at them anymore, except to diagnose issues. You should not trust referring URLs from porn sites, you should definitely not click on them and you should absolutely definitely not post them on your site thinking you’ll get more traffic from it. It turns out that every single hit that both he and I got from this particular porn site was robotic. Yup, that’s bad.

3 Responses to “Referral Spam Tactics”

  1. Awesome AnDrEw Says:

    It is true though that it’s possible for a porn searcher to come across it, but I see your point.

  2. Tribute Says:

    I have a few hits a month of referral spam. I get logs with the referrer set to pingdom.com/monitor/0×90.info using the site’s bot. Visiting the referrer goes to pingdom’s mainpage. I just see pingdom’s tactics is to advertise their name and get signups. :\

  3. Awesome AnDrEw Says:

    Fuck Pingdom. I see their referrals everyday, and everytime I checked it out I had nothing but “buy some shit for your site”. I’m not much for advertising so I don’t appreciate their shit.