Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies


log spamming?

6:36 pm on Mar 9, 2003 (gmt 0)

10+ Year Member

I found an entry in my logs that appears to be log spamming. The referrer and user-agent were from ctechld.com and the referrer was appended with my domain name in capital letters. Notice that the referrer looks bogus--it has subdirectories after an html file.

Originating IP:
Referrer: "http://www.ctechld.com/index.html/links/MY_DOMAIN_NAME_HERE"
User-agent: "http://www.ctechld.com"

A whois lookup says that ctechld.com belongs to an outfit called Concert Technologies (concerttechnologies.net) in Long Island, NY.

ctechld.com gives a 302 redirect to 4kissld.com which is registered to Capsule Communications, Inc. (capsulecom.com) in Bensalem, PA., NETBLK-CAPSULE (NET-209-195-236-0-1) - has no reverse DNS configured. It is part of a Cloud 9 netblock.

I'll be banning ctechld.com, 4kissld.com, and

5:30 am on Mar 10, 2003 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

There are so many log file spammers running now (100+ a day here), that it is futile to even point them out.
6:21 am on Mar 10, 2003 (gmt 0)

10+ Year Member

Wow, that many, huh? That answers the question I posed in the related thread [webmasterworld.com].
1:27 am on Mar 12, 2003 (gmt 0)

10+ Year Member

Yeah, I had this one too. The referer looked dubious, so I decided to check it out. As soon as I hit the enter key I knew it was a mistake. Now I feel like a newbie who replied to a remove-me@spammer.com email. :o

Hopefully log spamming doesn't actually work that way!

2:42 am on Mar 12, 2003 (gmt 0)

10+ Year Member

Whenever I investigate a spamvertised website, I use the Sam Spade safe web browser interface. That way I don't pass any identifying information such as my IP address to the spammer. In this case, I also removed my domain name that was appended to the spamvertised referrer before I checked it out. If I'm investigating a spamvertised site from an email, I make sure to munge or remove any identifying codes that might be in the URL.

I'd like to see a forum here devoted to outing and identifying log spammers, similar to n.a.n.a.s and n.a.n.a.e for email spam. Maybe a SPEWS or Spamhaus type site would nip this log spamming in the bud before it gets as bad as email spam (if it's not too late).