referers filling up fast

registered · Posted: Sat Jun 12, 2004 1:29 pm

I get strange referers.

I have over 50 today from keywordmaster.de. Are they actual hits or what?

I also have a ton from apart-design.com. I don't understand what this stuff is. It has been happening for a long time but I don't understand what it is. Are they search engines indexing me or somethng?

Posted: Thu Sep 30, 2004 5:24 pm

Quote:

I get strange referers.

I have over 50 today from keywordmaster.de. Are they actual hits or what?

I also have a ton from apart-design.com. I don't understand what this stuff is. It has been happening for a long time but I don't understand what it is. Are they search engines indexing me or somethng?

In my opinion, your site has been exploited in an attempt to boost up the *web presence* of those *referrer spammer sites* by getting listed your sites' TOP REFERRER listings/rankings.

Furthermore:

I've recently started to get experiencing similar kind of symptoms - and more specifically *locators.com* being now clearly considered as a major *referrer spammer*, as I found out that the site consistently spreads out referrer information that is classified with offensive backlink content.

A typical encounter from *locators.com* is a scripted visitor BURST OF 2, which contains (2) visits from the *locators.com* with interrelational timing stamps differences of [1-2] seconds. The extractable backlink targets are without an exception always different between the bursted OFFENSIVE backlinkage spreading attempts, but from the same IP always (as a general rule). The IPs that are identified with these bursted referrer spams always equal between the ones present in the BURST, but differentiate from the ones seen with the other unique bursts.

Conclusions:

* referrer spamming
<-> scripted approach using BURSTED approach
<-> payload info (offensive backlinkage)
<-> different IP's used (possibly spoofed ones)

Possible motives
<-> SE "backdoor page promotion attempt" by getting listed as a referer with PHP-Nuke sites
<->-->(...GT'ed the MSA, and Google does crawl it.)
<-> Direct *customer trap generation* (by offering offensive content)

As there are sites present listing the PHP-Nuke sites, it would definately not be a significant task to sort out the victim sites containing *space for open listings* reserved for the TOP REFERRERS and thereafter extract the exploitable ones to efficiently maximize the SE Marketting effort (the bad way) by getting listed the *high/low traffic* PHP-Nuke sites.

BR,

-beetraham

Posted: Thu Oct 07, 2004 11:03 am

I just got hit by this site 80 times in the last few minutes.

http://www.keywordmaster.de/index.html

I'm going to add them to my blocked referers for Sentinel.