Do you have images on your site? Could be some one is direct linking to one or more of your images and in doing so is stealing your bandwidth. I found several of those abusers while going through the logfiles. Did you check out the sites that linked?

Going through our logs we discovered that our site appeared as a link on www.a-b-l-o-g.com. Seems harmless until you view the source code: look at the very bottom, and then'll you'll understand that they are a big porn-house masquerading as a metablog.

Look at the links on the left hand side of their page, and then hit Refresh a few times. Try following some of those links and you will find a) you reach a control panel login b) an actual blog site, or c) a non-blog site. Many of the sites are foreign. It appears as if they are trying to increase their juice by linking outward to a constantly changing list; the list is small enough to avoid 'link-farm' status, but everytime the Googlebot comes 'round, their content is fresh and, in many cases, blog-related.

The Whois information is falsified (there is no Adam Wilmot in Stone Mountain, Georgia), and so we did dome detective work along with some folks at Webproworld, and tracked these folks down to a university in Bucharest.

I hope this informs, but please post back if you question any of my findings or if you have additional information.

Cheers.

Glen MacPherson

[edited by: engine at 8:44 pm (utc) on Nov. 18, 2003]
[edit reason] No sigs, thanks. See TOS [webmasterworld.com] [/edit]

There is no hotlinking involved, but it is very strange that they are linking to other peoples control panel port. I was not the only link on the page with a port # on the URL.

I did not notice the JS at the bottom but was wondering if they were some how trying to swipe my password via JS. Who knows?

Thanks for the responses, none the less.

This is a little late, but hope the info will be usefull.
There are a number of fake blogs that are linking to sites. I'd like to post a link to a relevent discussion, but I think that is forbidden here.
Do a Google search for "porn_sites_hiding_behind_blogs"

I have had my site linked in one of these fake blogs. They are apparently hosted out out Bucharest, and are porn sites.
If you have a public or unprotected "stats" psge they will show up in the referrer logs. So SE's will index the referrers link and bang! you are listed in their links page.
Very devious and and intelligent.

BTW, at least change your password to your control panel. They are hijacking that also.
Pehaps even .htaccess the folder.
These are pretty sharp spammers/crackers.

yeah, that's what I was thinking. They may be hacking passwords via the cookie or something. I'm gonna do further research, for sure.

My host also advised me to change the password to the ftp and the control panel every month, sounded a bit strange to me at first, but he seems to be correct, so if you do change the password to the control panel, perhaps also change the ftp password on a regular base.