A horse racing site receives 100's of uniques from

Forum Moderators: phranque

Message Too Old, No Replies

A horse racing site receives 100's of uniques from

adult sites?!?!?!?

Essex_boy

7:52 pm on Dec 10, 2006 (gmt 0)

This is really weird and im not sure whats happening at all, I have a site that thats nearly dead suddenly on the receiving end of a shed load of traffic from adult sites.

In one day alone I received nearly 400 people and just under 20000 page views!

Can someone tell me whats what?

physics

8:00 pm on Dec 10, 2006 (gmt 0)

This is probably log file spamming. They're sending you fake referrals so they might show up in your log stats.

Essex_boy

8:24 pm on Dec 10, 2006 (gmt 0)

And the point is?

I imainge they expect me to click on the links to go to their sites do they?

Can I stop them? My bandwidth has gone sky high.

appi2

8:31 pm on Dec 10, 2006 (gmt 0)

Just had similar for a site, fortunately the user agent showed, PycURL.
Quick add to the .htaccess it go bye bye.

jtara

9:00 pm on Dec 10, 2006 (gmt 0)

I imainge they expect me to click on the links to go to their sites do they?

No, they expect their site's ranking to be increased when search-engine crawlers crawl your log. They are hoping your site is misconfigured such that your log is publically-viewable.

physics

4:50 am on Dec 11, 2006 (gmt 0)

You can serve them up a 404 or better yet redirect them back to their own sites with .htaccess if you want ... let them eat their own bandwidth.
The easiest way to identify them is based on the referring url they're coming from, you probably can identify adult terms and block based on referers with those in their .com's also.
See:
Log File Spam .htaccess Block [webmasterworld.com]

Essex_boy

6:31 pm on Dec 11, 2006 (gmt 0)

Thanks, thats really helpful

Moby_Dim

8:15 am on Dec 15, 2006 (gmt 0)

"Can I stop them? My bandwidth has gone sky high...."

Seems you're only in the very beginning of the long and winding road the name of which is "Personal Sad WWW Experience Street". Have a good trip then!

Frank_Rizzo

9:33 am on Dec 15, 2006 (gmt 0)

Essex_boy I have exactly the same problem for a similar site - the only solution is to use something like modescurity and ride it out.

.htaccess blocking is not robust enough in this case. The referers, url's, ip's are very comprehensive, Each day about 20 new proxies are being used.

I wouldn't mind if it was traditional logfile spamming as this can be easily cleaned up or not logged in the first place. What annoys me is that the spammers are actively targetting scripts on the pages.

I have a login box newsletter signup box etc. The spammers see the links and automatically stuff the login and newsletter scripts.

This is harder to clean up and makes admin a bit more difficult.

Check out modsecurity.

[edited by: Frank_Rizzo at 9:34 am (utc) on Dec. 15, 2006]

Frank_Rizzo

10:39 am on Dec 15, 2006 (gmt 0)

BTW you will need the rulesets from gotroot. Modsecurity just does the basics. The extra rulesets are for blocking the trash you are seeing.