Referer Log Spam.
October 24, 2002 9:14 AM   Subscribe

Referer Log Spam. Seen this url in your logs yet? They're actually trying to get people to pay them to put bogus urls in your referer log. As if we weren't swimming in spam already.
posted by fraying (43 comments total)
[This is Evil]
posted by KnitWit at 9:24 AM on October 24, 2002

How much traffic do they think they're going to get from people checking their referral logs? Either I'm missing something or this is really rarefied.
posted by mcwetboy at 9:28 AM on October 24, 2002

I think there's something inherently wrong with linking it for them and thus giving them more exposure.
posted by trioperative at 9:33 AM on October 24, 2002

Really, though, how can you stay angry at them with a logo that cute?
posted by Robot Johnny at 9:33 AM on October 24, 2002

mcwetboy, I'm assuming it means that by having the site appear in the referrer log, then you will go to that site via the referal log's link. ("Ooh, who's this? Someone new has linked to me!") Now the website (through its own referal log) has a record of your IP, which it can use to search for names and e-mails to "advertise" to- the same thing as Spam with the "click here to be removed from our service. Honest. It's not a trick" links in the message. They're not trying to get blog visitors (of which there can only be a few,) they're trying to get blog owners (of which there are thousands.)

Yet another foothold in the blind faith that marketers really, really, really believe that you just love advertising you're tricked into recieving. My guess is that referal log software can soon be made to list and block addresses that are known to be in one of these affiliate programs.
posted by XQUZYPHYR at 9:36 AM on October 24, 2002

Q: How mush does it cost?
A: The cost of a referrer broadcast is CAN$ 1500, which converts roughly to US$ 1000. We accept Visa and MasterCard.

A thousand dollars?! Are you kidding me! Writing a script to run wget with a spoofed referer on lots of blogs would be quite easy and a lot less expensive than shelling out $1000.
posted by mfbridges at 9:36 AM on October 24, 2002

I just noticed this in my logs last night. Mine are from here and a few other urls that redirect to

The people who spammed me seem to charge $195 / month for 200,000 logs spammed twice, or you can buy their perl script for $500 dollars.


The good news is that now I'm officially one of the web's top 200,000 web masters :) . According to

Your link will be made available to the top 200,000 webmasters through their logfiles, using a brand new advertising concept called Ad-referral.
posted by Sirius at 9:38 AM on October 24, 2002

I've seen a few other people doing this. If the target audience for your ad is people who are running websites, then this is some pretty precise targeting -- quality over quantity. Unfortunately it is also likely to piss those same people off when they realize they have been suckered. Not a spam-friendly crowd.
posted by davidfg at 9:38 AM on October 24, 2002

XQUZYPHYR, that's exactly what I thought, which is why it doesn't make any sense to me. Going after site owners who check their referral logs and visit the sites that link to them redefines hit-or-miss, if you ask me.
posted by mcwetboy at 9:50 AM on October 24, 2002

I think the point of this is that if the spammed site uses Trackback, the spam will appear in the trackback links. So it's not quite as narrow an audience as you might think. I seem to recall that the people who first came up with trackback being aware that this was a potential problem, but I guess they were hoping it would take a while longer to happen. Evil... definitely evil.
posted by pascal at 9:54 AM on October 24, 2002

I've seen this same sort of crap in my logs, except the same IP used multiple addresses to try to "convince" me: their site, fake Google searches for "the best web hosting ever!", and so on.

So I took a moment to spam their error logs with things like "do_you_honestly_believe_that_spamming_shit_into_my_logs_is_an_effective_way_to_market_your_overpriced_hosting_service.html" and similar, a few dozen times. I hope they appreciated the effort.
posted by Danelope at 9:55 AM on October 24, 2002

aye. but I must admit I clicked on the dang thing when I spotted it in my logs. Dunno what good that does them as I closed the window, returned to my own beezwax and never surf with any email-information in browsers. My logged-on-at-home IP isn't related to the IP of where I send and receive mail anyway. So what are they thinking they will gain from it, really?

weirder log entries are these nasty pornsites that pretend to be refererers - usually revealed by their ugly domainnames, I get lots of those.
posted by dabitch at 9:58 AM on October 24, 2002

They're from Quebec. That explains it.
posted by websavvy at 10:14 AM on October 24, 2002

websavvy: What the fuck does that have to do with anything?
posted by lupus_yonderboy at 10:23 AM on October 24, 2002

pascal, this has nothing to do with trackback, we're talking about spamming web server access logs (which used to be popularly known as "web logs", back in the day), and owners going through their stats.
posted by mathowie at 10:34 AM on October 24, 2002

Matt- OK, but then what's the point? Any "novel" spam/e-marketing approach doesn't seem useful if it requires the recipient to go through so many manual hoops. Then again, maybe this company's just grasping at straws.
posted by mkultra at 10:41 AM on October 24, 2002

I appreciate that this stuff will appear in the server access logs, but if they are setting the HTTP referrer header in their requests to a site, and are accessing a page that uses trackback, won't those hits appear in the trackback? And how else, other than using the referrer header, would they be able to direct you to a specific advertiser's page? Without that, all you'd have is the IP address.
posted by pascal at 10:58 AM on October 24, 2002

well, i was thinking of including an automatic referrers page on my web site, but i might have to rethink that.
posted by jasontromm at 11:05 AM on October 24, 2002

Y'all are missing the point. The idea is that you click the spammed URL in your referrer logs, think "cool site," and link it on your blog. That's why they're targeting bloggers, to build a grassroots buzz and reach tech-savvy people who surf a lot. It's fairly brilliant, actually. I've been seeing this sort of thing for months, which is why I always view source and search for "kindall" when I don't see why their referrer is in my log.

Writing a script to run wget with a spoofed referer on lots of blogs would be quite easy and a lot less expensive than shelling out $1000.

Actually, if you have no programming expertise whatsoever, $1000 is probably cheaper than learning, especially if (like most people) you don't have the aptitude and/or are the sort of person who thinks that the Internet is primarily a way to make money. However, the margin is so huge on this service that competitors will soon drive the price down, and within a month or three you'll be able to buy referrer-spamming tools written in Visual Basic for $50 with "thousands of sites" in their built-in database. Something to look forward to...
posted by kindall at 11:12 AM on October 24, 2002

won't those hits appear in the trackback?

No, they won't, because they're not hitting your trackback ping URL with variables in their referral URL. Again, this has absolutely nothing to do with trackback.

This is a very, very narrow bit of advertising, aimed only at weblog site owners that go through their stats looking for referrers, and that's it. A very tiny, tiny number.
posted by mathowie at 11:22 AM on October 24, 2002

I don't see how this is a very effective marketing tool. If it only generates one entry in a log, I would not go back and look at the site. But if I had 100s or 1000s of entries from a single referrer that I've never heard of, I may check them out.

On the bight side, if you're paying in US dollars, the $1000 price is really only $640US based on today's exchange rate.
posted by MediaMan at 11:32 AM on October 24, 2002

Netcraft, Netfactual, and Fantomaster have been doing this for quite some time... all sites that might be of interest to webmasters.
posted by rogue at 12:03 PM on October 24, 2002

First, spam is evil.

But, I have seen this process (real referral, not spam) actually work for my personal website. I linked to a site and he checked me out after going over his logs. And in time he put a link to mine.
posted by squidman at 12:05 PM on October 24, 2002


Actualy, thats kind of funny isn't as bad as, say, spam email. Unless they flood their logs by a huge amount, I don't see this as obnoxious as spamming.

I mean, I get two or three legit emails a day, max. But thousands of hits.

If it got to the point that most refers were fake, like email, I wouldn't be happy, though.
posted by delmoi at 12:38 PM on October 24, 2002

This is what showed up in my referer logs recently link to an image on my server. This isn't marketing, this is abuse. And there's no 'grass-roots campaign' with the above... it's blatantly obvious and greatly stupid.

The thing is, this DOES have something to do with trackback. It doesn't take a PhD to modify the script to send track back pings, instead of HTTP requests (especially since trackback pings ARE HTTP requests). has been spammed before... expect trackbacks to get spammed too.
posted by mkn at 12:42 PM on October 24, 2002

Not only would it hit your log files, but many blogger-types have little widgets on their sites that display the last five referrers to their site. Not only do you spam a referral log, but if you're lucky, you'll also get mention on someone's front page! Joy!

'course, I could be wrong about that...
posted by Fezboy! at 12:43 PM on October 24, 2002

i have observed for many months that people with weird/bizarre/blortlike sites are leaving thier URLs in my logs, hoping i'll feature them. there is no link to my site, they are using a proxy and seeding my logs with thier URL. i usually won't bite. unless it's really unusually blorty.
posted by quonsar at 1:58 PM on October 24, 2002

The culprit himself has shown up at blogroots in a thread on the same subject.
posted by frykitty at 5:14 PM on October 24, 2002

I fake my referrer URL using Proxomitron. If someone wants to put US$5 into my Paypal account, I'll make the fake a URL of their choice for at least a month.

No promises about the number *or types* of sites I visit.

There should be a working (sneak)email address on my homepage:
posted by krisjohn at 6:36 PM on October 24, 2002

Looks like it's time for a referrer spam URL blacklist.

Here's mine:

There's not much there yet - drop me a line with any URLs that are bothering you and I'll add them in. I'll add in spammers I see in my own logs too, so hopefully it should keep up with the (reasonably small) amount of referrer spam we're seeing right now.

Feel free to use it for your own log analysis, although keep in mind that it won't change that often (perhaps once a week), so you don't need to download it every time you analyse your logs.
posted by myelin at 9:49 PM on October 24, 2002

I got five of these today. I think it's worse than email spam by far. At least with email spam there is the pretense of actually using the medium for it's intended purpose, i.e. sending messages. False referrers are abuse. Unfortunately, given the marketing ideas that seem to be prevalent on the net, this was inevitable. It's dead simple to do. Three lines of visual basic and a text input box is all you need. Twenty lines and it could pull from a text file of sites to spam and a file of addresses to promote.
posted by Nothing at 11:54 PM on October 24, 2002

I've got a fair number of them in my referrals log. I'm going to update the code now to filter them out.
posted by ralawrence at 2:31 AM on October 25, 2002

Rather than repost it here, I'll just point you to my suggestion (at blogroots) for discouraging this behavior.
posted by Danelope at 10:38 AM on October 25, 2002

And today the flood hit, it seems. There are always a few erroneous referrers, due to browser bugs and whatnot, but in the last 24 hours I've seen a 2000% increase in referrals from pages which do not link to mine.
posted by Nothing at 10:55 PM on October 25, 2002

Wired News story on the phenomenon. Two participants in this thread, XQUZYPHYR and some other dude whose name I forgot, are quoted.
posted by kindall at 5:09 PM on October 26, 2002

I haven't seen Wired News say something this clueless in a long time:
Unsurprisingly, bloggers are not thrilled, even though they ruefully admit that the log spamming may falsely boost their ranking on some search engines.

Some search engines decide site ranking by factoring in the number of pages that link to a site. A site that's linked to heavily may appear among the first URLs returned in response to users searches.
Are they trying to say that this referral spam will boost target sites' Google Pagerank or something? Search engines don't decide site ranking by reading the site's referral logs, they look at actual links...
posted by mmoncur at 5:18 AM on October 27, 2002

*Hahahahaha* well spotted mmoncur.
posted by dabitch at 9:30 AM on October 27, 2002

The bit about building Google pagerank probably came from me.

Some blogs do put their "recent referrers" right out in the open, which would improve the spamming site's pagerank pretty much immediately.

Other bloggers might see the site in their private logs, click it, decide it's interesting, and link it, also increasing pagerank, although this is a more indirect method (and less likely to work, once people get wise to the tactic).

If enough people fall for it to get the link listed on Daypop, then more bloggers may pick it up from there, and the site's pagerank will be lifted further.

The goal is traffic, not specifically pagerank, but getting links from blogs potentially increases traffic both directly (usually a short-term thing) and indirectly (in the longer term, by building Google pagerank).

Which is why I called the tactic clever but evil.

I actually spelled out this chain of reasoning in my e-mail to Delio, but I'm sure she was under pretty tight word count constraints and chose to gloss over the details.
posted by kindall at 9:54 AM on October 27, 2002

The fake referrals are easy to detect as we do not actually download anything on the target website: the logfiles will
show that a (or client) referral has hit your URL and downloaded 0 kilobyte (yes, zero).

We usually hit any single target URL less than twice a day from all sources combined (successmath, datashaping or clients).

We will soon offer webmasters the option to be removed from our list. We might discontinue the service altogether should the drawbacks start to outweight the advantages.

Finally, compared with, we are 20 times cheaper ($200 for 200,000 URLs instead of $1000 for 60,000 URLs).
posted by at 4:13 PM on October 27, 2002

the drawbacks of messing up my statistical data which I might intend to use in some way are already clearly visable. get your hands off my petri-dish.
posted by dabitch at 4:17 AM on October 28, 2002

kindall: You're right. My trouble was Wired's sentence has a dangling infinitive that makes it sound like the bloggers' sites will gain pagerank, rather than the spammer's sites:

Unsurprisingly, bloggers are not thrilled, even though they ruefully admit that the log spamming may falsely boost their ranking on some search engines.
posted by mmoncur at 6:24 AM on October 28, 2002

Yeah, that "their" doesn't really refer to what it should, does it? I do have some sympathy for this kind of error, having written on tight deadline myself.
posted by kindall at 9:09 AM on October 28, 2002

« Older Around the globe, nations are testing and...   |   Google censors search results Newer »

This thread has been archived and is closed to new comments