Welcome to WebmasterWorld Guest from

Forum Moderators: DixonJones & mademetop

Message Too Old, No Replies

How to identify log spamming



12:46 pm on Jan 8, 2006 (gmt 0)


i see an huge increase of visits in my awstats. ( +1500 daily ) all made by "different-ipdress.example.ccom"
(every 60/70 pags it changes the ip )

my unique vists seems not be affected by this.

does anyone knows what they do?

[edited by: engine at 5:32 pm (utc) on Jan. 8, 2006]
[edit reason] examplified [/edit]


11:34 pm on Jan 8, 2006 (gmt 0)

10+ Year Member

i get them ALL THE TIME

what i seen around the net is these spammers just want their url to show up in your logs, because a lot of people don't password protect them; or even post them on their site (not smart!)...so they get "PR" from it.

to block them, i put this in my htaccess (they get a 403 when trying to view, and their hit is not logged):

RewriteCond %{HTTP_REFERER} (urlofoffendingsitehere.com) [NC,OR]
RewriteCond %{HTTP_REFERER} (urlof2ndoffendingsite.com) [NC,OR]
RewriteCond %{HTTP_REFERER} (urlofthirdoffendingsite.com) [NC]
RewriteRule .* - [F]


12:29 am on Jan 9, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

I guess we all see log spam if we just look.

As for IDENTIFYING it, its simple but tedious.

Visit the pretend referring page. It will be commercial and usually looks spammy.
Check the source code for that page. Invariably there is no real link to your page.
What to do about it? If its just a few hits I ignore it.
Even if the site is potentially offensive, I don't worry much.
The engines will see no link to your site since there never was one.

Never never put up your access log files or similar.
That just begs for these abuses to happen. -Larry


2:49 am on Jan 9, 2006 (gmt 0)

10+ Year Member

Not to diss the above posters advise...
But I would suggest not visiting the the referred site in your logs. You can pretty much tell that the log entry is a log spammer after you see them again and again, and or just from the entry to the log.
The reason I state this is because the log entry may not just be a spammer but somebody far more vicious. I am sure in the near future, if not already.. Malicious hackers will use these type of entries to gain access to your computer or network through exploits that have not been patched or virus updated. If for example you are not updating your virus protection on a daily basis, or visiting daily numerous "good guy" watch dogs... to keep abreast of patches and vulnerabilities... well 'nuf said. Even then, visiting one of these spammer sites is as risky as clicking on a suspicious phishing email link etc etc....

I think in time, these spammers will be delt with in the same way as other spam blockers are delt with. They are a waist of resources and just another "lazy boys" scam.

You are certainly viable in blocking them as others have mentioned... and there are some really good methods out there... but after a while... it just might be better to go out and ride your bicycle, take your wife and kids to lunch... than really be bogged down by them.

Cheer mate!


3:18 am on Jan 9, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Not to diss the above posters advise...
But I would suggest not visiting the the referred site in your logs.

Sometimes it's hard to be sure, so you have to have a look. The main ones to avoid are those with tracking codes in the URL so they know what site the check came from. If you're using Firefox, usually there's no tremendous risk in having a peak at a generic URL. Agreed though, of course, if you have Active-x enabled and use IE, steer clear. Mostly, I wish those feeble, incompetent excuses for webmasters would stay the hell out of my logs (it's not going to do them any good on my sites).


4:16 am on Jan 9, 2006 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

The single easiest way to tell is that they rarely fetch anything but your 'home' page, and they don't fetch any images, CSS, external JS, or anything else that's normally included on your home page.

I agree with the advice regarding visiting the log spammer's site -- Definitely put your shields up before doing so, and disallow Active-X or use Firefox, Mozilla, or Opera, not IE.



Featured Threads

Hot Threads This Week

Hot Threads This Month