[development] My site is under attack (trackbacks, spam and cpu usage).

Morbus Iff morbus at disobey.com
Mon Sep 18 15:03:59 UTC 2006

> Do spammers really leave referrers?

Oh yes! Many blogs actually used to display referrers in their blocks, 
and that's when that really started getting into vogue. Nowadays, it's 
not seen so much, but it's more effort to remove a "feature" than to 
leave it in, of course. Also, many people don't protect their web log 
analysis directories from search engines and those referers are counted 
by search engines as valid links.

I'm seeing new comment spam nowadays which is kinda interesting:

  * The URL looks legit, like http://www.uiboston.net/
  * Visiting it /redirects/ you to a legit site (like boston.com).
  * The comment is suitably generic: "you know what I like about
    your blog? you talk about your interests!"

The assumption I'm making is:

  * Spammer redirects to a valid site for the duration of attack.
  * After attack stops, spammer removes redirect, and shows spam site.
  * All comments that remain, which have been checked by the admin and
    "seen" as legitimate (due to the redirect to a valid site) now
    link to the spam site, and an admin probably won't recheck 'em.

Morbus Iff ( two! four! six! eight! who do god and jesus hate! )
Technical: http://www.oreillynet.com/pub/au/779
Culture: http://www.disobey.com/ and http://www.gamegrene.com/
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus

More information about the development mailing list