What looks innocent often isn’t.
I was checking my logs today and noticed some unusual referrers and made a mental note to check what they were saying about me. I then read my email and saw a forum post about spammers with fake blogs. Out of curiosity I read the post. 50 plus websites & several hours later I’m much, much wiser.
The scenario is this:
- Bad Guy sets up a fake blog using someone else’s design. It’s probably a respected and high traffic site which is copied. Above the fold there is a list of “Recommended Sites”, clearly visible for all to see.
- Bad Guy has a link at the bottom of the page to his Adult webcam or similar XXX content. You can’t see the link, you’re not meant to.
- Bad Guy has code which generates hits on your site with the referrer seeming to be his site.
- Your site will do 1 of 2 things
- List the top referrers (as a thank you) with active links that are spidered by search engines and increases the other sites relevancy (PR in googlespeak).
- List on the stats page with an active link back to the site. My own site does this, it makes it easier for me to see where my hits are coming from. But by doing this I’m feeding the search engines with lots of valuable links. You don’t even get a link since they’ll turn this off when a search engine visits using cloaking techniques.
- When I visit the offending site:
- If I visit from my site I can see my site’s name in the recommended sites list.
- If I type the url into a new browser window I almost certainly won’t.
It has been reported that Bad Guy also links to people’s control panel and cracks the code. He doesn’t make changes but leaves the door open to allow others to hack or destroy.
Bad Guy might also post spam into the feedback or comments section of your blog. It’s difficult to be vigilant and clean your blog if Bad Guy visits frequently.
The Search Engine Implications
Most of us are concerned about how we rank in the search engines. Some people actively read up on “Search Engine Optimisation” while others just try to code right and hope for the best. If you are in the second group there’s just one thing you need to know right now. The number of sites which link to your site is very important.
Bad Guy knows this, and Bad Guy puts a lot of effort into driving traffic to his sites. What he is counting on is lots of sloppy links to his site.
Who is Bad Guy?
Who knows? Bad Guy & all the look alike Bad Guys won’t be telling us anytime soon. He’s gone to great lengths to ensure that he won’t be found too. He’s probably a spammer trying out a new method of driving traffic. Don’t expect him to retire soon. Bad Guy has the time and money behind him.
He hasn’t targeted you, you just have a site which matches his profile. He’s probably taken links from another forum, from DMOZ or a similar list.
- It is possible to use .htaccess to block sites from referring to you but that will lead to the longest .htaccess file in the world as domains are cheap and they will change often. Not only does take time to manage but slows down your site for all (legitimate) visitors.
- Use your Robots.txt file to ban bots from your stats directory. The better engines read this and it’s the better engines we are interested in. Otherwise use the meta tag to stop robots from indexing the page.
- Don’t have direct links out, use a “linking script” to control outbound links. This lets you track how many times the link is used and can limit the impact on hitting.
- Turn the outbound links into forms using code like this:
- Just increment the form name for each link on your page (note that it’s in 2 places).
- You can also only show the top referrers who match with a manually approved list. This might be a hand written array in your script or a more automated checking form where you can “approve” and “ban” referrers and see new top listers.
If anyone has any questions or comments post a comment below.
Further reading: idly.org