I receive a lot of spammy requests like the ones at the bottom of my article.

What are they? Iunderstand that they are trying to referer spam me, but how? Is that some malware running on users' browsers?

Should I block these requests? If so, how? I am running apache2. There are very many IP
addresses involved.

i

61.11.26.142 - - [07/Jun/2005:08:31:21 -0500] "GET /algebra/about/history/votes_for_deletion/log/2005_february_19.wikipedia HTTP/1.0" 404 561 "http://www.poker-7.com/texas-hold-em.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon)"
200.77.229.133 - - [07/Jun/2005:08:31:22 -0500] "GET /algebra/about/history/votes_for_deletion/log/2005_february_19.wikipedia HTTP/1.1" 404 561 "http://www.poker-7.com/texas-hold-em.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon)"
202.47.247.130 - - [07/Jun/2005:08:33:48 -0500] "GET /algebra/about/history/votes_for_deletion/log/2005_january_21.wikipedia HTTP/1.0" 404 561 "http://www.poker-7.com/pacific-poker.html" "Mozilla/4.0 (compatible; MSIE 5.0; YANDEX)"
200.77.229.133 - - [07/Jun/2005:08:33:57 -0500] "GET /algebra/about/history/votes_for_deletion/log/2005_january_21.wikipedia HTTP/1.1" 404 561 "http://www.poker-7.com/pacific-poker.html" "Mozilla/4.0 (compatible; MSIE 5.0; YANDEX)"
148.244.150.58 - - [07/Jun/2005:08:34:35 -0500] "GET /algebra/about/history/blair_p._houghton/archive/20050131.wikipedia HTTP/1.1" 404 561 "http://www.poker-7.com/pacific-poker.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; AIRF)"
200.77.229.133 - - [07/Jun/2005:08:34:43 -0500] "GET /algebra/about/history/verses_criticising_jews_in_the_new_testament_(arch ive).wikipedia HTTP/1.1" 200 8098 "http://www.poker-7.com/online-poker.html" "Mozilla/4.0 (compatible; MSIE 5.0; YANDEX)"
202.29.136.140 - - [07/Jun/2005:08:35:16 -0500] "GET /algebra/about/history/blair_p._houghton/archive/20050131.wikipedia HTTP/1.0" 404 561 "http://www.poker-7.com/pacific-poker.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; AIRF)"
200.77.229.133 - - [07/Jun/2005:08:35:17 -0500] "GET /algebra/about/history/blair_p._houghton/archive/20050131.wikipedia HTTP/1.1" 404 561 "http://www.poker-7.com/pacific-poker.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; AIRF)"
211.114.68.60 - - [07/Jun/2005:08:42:12 -0500] "GET /algebra/about/history/postcomment.wikipedia HTTP/1.0" 200 7151 "http://www.poker-7.com/party-poker.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
24.123.82.134 - - [07/Jun/2005:08:42:20 -0500] "GET /algebra/about/history/featured_article_removal_candidates/archive.wikipedia HTTP/1.0" 404 561 "http://www.poker-7.com/texas-holdem.html" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; AIRF)"

Els wrote:

> Ignoramus6010 wrote:
>
>> I receive a lot of spammy requests like the ones at the bottom of my
>> article.
>>
>> What are they? Iunderstand that they are trying to referer spam me,
>> but how? Is that some malware running on users' browsers?
>
> Well, they at least now got their URL across the internet by you
> posting it 10 times in your message, which happens to be taken over by
> several well spidered so called forums, like forum4designers and such
> <g>

Don't spend your time keeping track of referrer spam. I used to block them,
then I lost hope of identifying real and fake referrers (about 100 of them
every month) and finally I learned to ignore and made sure that my stats
could never be viewed publicly. By quoting the logs, you have just
encouraged the spammers to do more of the same.

Roy

--
Roy S. Schestowitz
http://Schestowitz.com

Ignoramus6010 wrote:

> I receive a lot of spammy requests like the ones at the bottom of my
> article.
>
> What are they? Iunderstand that they are trying to referer spam me,
> but how? Is that some malware running on users' browsers?

Well, they at least now got their URL across the internet by you
posting it 10 times in your message, which happens to be taken over by
several well spidered so called forums, like forum4designers and such
<g>

--
Els http://locusmeus.com/
Sonhos vem. Sonhos v?o. O resto ? imperfeito.
- Renato Russo -
Now playing: Dave Edmunds - I Knew The Bride (When She Use

From the relative comfort of the Sirius Cybernetics Corporation boardroom,
<newsgroups@schestowitz.com> patched in a new connection to
news:alt.internet.search-engines,alt.www.webmaster,alt.apache.configuration
and said:


> ...
> and finally I learned to ignore and made sure that my stats
> could never be viewed publicly.

exactly so - can I have a penny for every available online stats report
please?

--
Whatever you do - do something.

William Tasso wrote:

> From the relative comfort of the Sirius Cybernetics Corporation boardroom,
> <newsgroups@schestowitz.com> patched in a new connection to
> news:alt.internet.search-engines,alt.www.webmaster,alt.apache.configuration
> and said:
>
>
>> ...
>> and finally I learned to ignore and made sure that my stats
>> could never be viewed publicly.
>
> exactly so - can I have a penny for every available online stats report
> please?

Wanna share those pennies?

--
Els http://locusmeus.com/
Sonhos vem. Sonhos v?o. O resto ? imperfeito.
- Renato Russo -
Now playing: Blue Oyster Cult - Don't Fear The Reaper

Ignoramus6010 wrote:

> What are they? Iunderstand that they are trying to referer spam me, but how?

> Should I block these requests? If so, how? I am running apache2.
> There are very many IP addresses involved.

"referer[sic] spam" occurs when spiders crawl your site with fake
referrer entries in the HTTP request headers. Often, websites have a
publically viewable (and crawlable) statistics web page that list top
referrers. Search engines crawl your stats page and record the inbound
links from your website to the spam site.

For Apache, banning the sites involves editing .htaccess. I do a
Rewrite on any referer match with "*****" themes or gambling related
words (e.g. casino, poker). If your site is ***** or gambling themed,
these broad matches are undesirable, but for many webmasters they work
just fine. Part of my .htaccess is below. I started with a template I
found somewhere and I've added to it. The rewrite rule creates a 301
redirect back to the spammer in the (probably vain) hope of crashing
the spidering software. I suspect the spider doesn't even see the
redirect.

Regarding the many IP addresses you are seeing, one of the tactics of
these guys is indeed to install malware so they have distributed
referer spam spidering.

To help fight referer spam, be sure to Disallow your stats page in
robots.txt.

RFM


-- part of my .htaccess file --

Rewri****gine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)*****(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)anal(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)***(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)mature(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)****(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)****(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)***(-|.).*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)****(-|.).*$ [OR]
--snip--
RewriteCond %{HTTP_REFERER} ^http://(www\.)?yahh+oo.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?andrewsaluk.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?genaholincorporated.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?findmore.org$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?izhuqiu.*$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?sina.com.cn$ [OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?firsthorizonmtg.*$
RewriteRule ^(.*)$ %1 [R=301,L]

"Fritz M" <nospam@masoner.net> wrote in news:1118160383.736538.210680
@g47g2000cwa.googlegroups.com:

> To help fight referer spam, be sure to Disallow your stats page in
> robots.txt.

Or even better, put your stats page behind a password. It's not unknown
for even well-behaved spiders to hiccup on robots.txt and index something
they shouldn't, and that data is also commercially valuable.

On the whole, the only people other than you who are interested in that
data are your direct competitors and their SEOs - so why help them out?

Victoria
--
Clare Associates Ltd
http://www.clareassoc.co.uk/
--

On Tue, 07 Jun 2005 17:27:18 +0100, Victoria Clare <victoria@markpoles.org.uk> wrote:
> "Fritz M" <nospam@masoner.net> wrote in news:1118160383.736538.210680
> @g47g2000cwa.googlegroups.com:
>
>> To help fight referer spam, be sure to Disallow your stats page in
>> robots.txt.
>
> Or even better, put your stats page behind a password. It's not unknown
> for even well-behaved spiders to hiccup on robots.txt and index something
> they shouldn't, and that data is also commercially valuable.
>
> On the whole, the only people other than you who are interested in that
> data are your direct competitors and their SEOs - so why help them out?

Some clarifications. My stats pages are public for a good reason. They
are public so it is easier for me to sell direct ads and links from my
sites. I cannot make them private because of some spamming lowlifes.

My stats are produced with analog, and the list of top referrers lists
them (and would list spammers), but the list has no clickable items,
only website names. No <A HREF> there. I doubt that major search
engines would pick up those addresses, but I am not certain.

i

Roy Schestowitz wrote

> Don't spend your time keeping track of referrer spam. I used to block
> them, then I lost hope of identifying real and fake referrers (about
> 100 of them every month) and finally I learned to ignore

Good advice.

--
Charles Sweeney
http://CharlesSweeney.com

Els wrote

> Ignoramus6010 wrote:
>
>> I receive a lot of spammy requests like the ones at the bottom of my
>> article.
>>
>> What are they? Iunderstand that they are trying to referer spam me,
>> but how? Is that some malware running on users' browsers?
>
> Well, they at least now got their URL across the internet by you
> posting it 10 times in your message, which happens to be taken over by
> several well spidered so called forums, like forum4designers and such
> <g>

Yep. I came across a couple of those "forums" just recently, new ones I
hadn't seen before.

--
Charles Sweeney
http://CharlesSweeney.com