Automatic Referral spam Blocking.

PeterS · 2005-01-21 22:37:40

Reid, I’m going to open my comments up on old entries. I’ve modified them via Jon Hicks’ Comment Hack, so I’ll see if that part’s correct. They won’t have anything blocking them from commenting since the preview option is gone ATM.

Hopefully, it can lead to some helpful information, though, I doubt it.

Last edited by PeterS (2005-01-21 22:38:57)

zem · 2005-01-21 23:15:56

> You should talk to zem (Alex). he is deep in the process of developing an anti-spam tool for Txp.

Referrer spam is the first on my list.

Ironically, in many respects it’s harder to block than comment spam.

ubernostrum · 2005-01-22 00:37:42

I saw this method for stopping referer spam a couple days ago; it’s not a bad idea but it’d be nice to have something which scales.

zem · 2005-01-22 00:59:20

> I saw this method for stopping referer spam a couple days ago; it’s not a bad idea but it’d be nice to have something which scales.

It’s fine if you like spending hours each day playing whack-a-mole.

Patience, fellas.

reid · 2005-01-22 04:34:37

And if you want to try and counter-program referral spammers, know your enemy and their techniques.

“My guess is that spammers will start using HTTPS next. That way madness lies, since the SSL handshake alone will bring your average server to its knees if it starts happening in batches of 80 or so.”

Oh, geez…

TheEric · 2005-01-24 21:44:37

I’ll have the first version available by Sunday night. This initial release will only have a keyword based filter editable through a web form. (txp?) and will ~~not~~ be for ‘ransom’

Following versions will support ‘bayesian’ filtering and a basic pattern detection (this itself, is proving to be the most difficult)

TheEric · 2005-01-26 20:08:58

Interesting discovery. I’ve been researching the tools that these idiots use, and not a single one of them “follows” any redirect as they operate on a basic http level and just issue GET requests to as many URLS as possible.

Following this, I’ve realized that it would be possible to write a simple script that upon loading, redirects the legit visitor to the page they intended to visit.

Benefits?
- Bandwidth.
- Ability to log who does /not/ redirect and ban the ip at the htaccess level.

I can see that using this would pretty much destroy the whole point of referrers, but they are pretty much useless now anyway.

zem · 2005-01-26 23:16:19

> TheEric wrote:

> Interesting discovery. I’ve been researching the tools that these idiots use, and not a single one of them “follows” any redirect as they operate on a basic http level and just issue GET requests to as many URLS as possible.

My research shows a very different result: most referrer spammers follow redirects.

TheEric · 2005-01-26 23:51:44

>My research shows a very different result: most referrer spammers
>follow redirects.

Nope. I obtained a copy of one of the primary window applications used, “Reffy” and it simply issues the HTTP GET with the appropriate information, and then closes that connection. End result? Referrer spam and no redirect.

Now, the great thing about any client that MAY follow the redirect? redirect it back to itself.

Win Win.

ramanan · 2005-01-27 00:25:09

TheEric, two things to think about: If Zem is seeing referrers that follow redirects, you can’t dismiss that with a nope. Obviously there are people spamming that don’t use “Reffy”. Second, if you redirect clients that follow redirects, how do you propose to have legitimate clients get to your site?

zem · 2005-01-27 00:25:30

> > most referrer spammers
>follow redirects.

> Nope.

213.172.36.62 – - [14/Dec/2004:23:39:25 -0500] “GET /article/1925 HTTP/1.0” 301 0 “http://www.texasproptax.com/” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT5.2; .NET CLR 1.1.4322)”
213.172.36.62 – - [14/Dec/2004:23:39:31 -0500] “GET /article/1925/wired-fluffy-bunny-no-longer-energized HTTP/1.0” 200 12944 “http://www.texasproptax.com/” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)”

..etc. Almost all spam that’s hitting my honeypot displays similar capabilites (and then some).

They moved on from Reffy a while back. Whatever tool they’re using now is far more sophisticated. More details here, here, and here.

Make no mistake: these guys are clever, motivated and well funded. They won’t fall for a circular redirect, and they know exactly how to turn your keyword blocker into a quagmire.

Kibitzer · 2005-01-30 22:39:20

I saw this article about blocking referral spam and thought it might be interesting. I think it’s what you guys are talking about; the article was helpful in explaining the problem to me. I know you’re looking for an automatic solution but perhaps this’ll be useful to others in the meantime.

Textpattern CMS

Textpattern CMS support forum

#13 2005-01-21 22:37:40

Re: Automatic Referral spam Blocking.

#14 2005-01-21 23:15:56

Re: Automatic Referral spam Blocking.

#15 2005-01-22 00:37:42

Re: Automatic Referral spam Blocking.

#16 2005-01-22 00:59:20

Re: Automatic Referral spam Blocking.

#17 2005-01-22 04:34:37

Re: Automatic Referral spam Blocking.

#18 2005-01-24 21:44:37

Re: Automatic Referral spam Blocking.

#19 2005-01-26 20:08:58

Re: Automatic Referral spam Blocking.

#20 2005-01-26 23:16:19

Re: Automatic Referral spam Blocking.

#21 2005-01-26 23:51:44

Re: Automatic Referral spam Blocking.

#22 2005-01-27 00:25:09

Re: Automatic Referral spam Blocking.

#23 2005-01-27 00:25:30

Re: Automatic Referral spam Blocking.

#24 2005-01-30 22:39:20

Re: Automatic Referral spam Blocking.

Board footer