Referrer Spam In Awstats

[Iki]

I hardly ever check the stat logs on one of my sites, and I made the mistake of going in there yesterday and poking around. Imagine my surprise when I saw there were something like 192 external sites linking to me, and all of them spammer sites.

 

So I spent all day today hunting up referrer spam information and reading enough techie stuff to make my head spin. There are a few different ways to get rid of it, and I almost posted in here asking for someone to help me out with this... then I started wondering if the spam referrers matter at all since I don't publish referrers and my stats aren't available from anywhere but cpanel.

 

Is that the case? If I don't publish my referrers and there are no stats publicly available from my site, are the spammers getting a page rank boost just from being in my logs?

 

I looked back a few months, and in October 2004 I had maybe 24 referrer links. This month already there are 192 so far, so obviously they've got my number. Is it doing them any good, and is it worth the effort for me to try to purge this stuff from my log files?

 

Using .htaccess seems to be the best choice, but I'd need to block using wildcards instead of flat-out listing every single url. Can someone direct me to some info on what wildcards are allowed for use in the mod_rewrite for .htaccess?

 

Thanks in advance for any info!

 

-Iki

[annie]

Do you by any chance have a blog? If you do, you're more likely to get referrer spam. One outfit is responsible for most of my referrer spam. I also get a few on my other non-blog equipped site, but those are mostly one offs.

 

I'd say ignore it unless it becomes a bandwidth issue. Many referrer spams have subdomains. Spammy ones. That's a dead giveaway. But the one offs generally have more normal sites, and are spamming once, twice at most.

[Iki]

Do you by any chance have a blog? If you do, you're more likely to get referrer spam.

 

I use MovableType as a CMS to build and publish the site, but it's not a blog. I don't allow comments or trackbacks or "audience participation" in any way. We use boards like this one for that, and it requires everyone log in to even see it.

 

-Iki

[Deverill]

As long as you don't publish your logs or stats then it is not benefitting them in any way.

 

If they are not using up all your bandwidth (or a significant portion of it) then I'd just chalk it up to them fishing for someone who does publish that info and call them harmless.

[Iki]

Yeah, I think I'll leave it alone. I'm only using like 75mb in bandwidth and I get 20 gig. But nonetheless, I think I'll keep an eye on it.

 

How annoying are spammers? Geez.

 

Thanks for the info!

 

-Iki

[arvind]

Referrer Spammers try and get onto those recent referrer scripts that many people put on your websites. As long as you don't have one of those on your website anywhere then you should be ok

 

If it really bothers you (and considering you use MT) this tutorial will guide you through preventing referrer spam using MT Blacklist: http://www.juju.org/archives/2005/01/21/derefspam

 

If you do a google search there are several other techniques one can employ.

[annie]

They search for MT installations. So just the fact that you have one, would be enough for them to try.

[Iki]

If it really bothers you (and considering you use MT) this tutorial will guide you through preventing referrer spam using MT Blacklist: http://www.juju.org/archives/2005/01/21/derefspam

 

If you do a google search there are several other techniques one can employ.

 

That's what started this whole thing, the derefspam.pl. It's funny how I just noticed the referrer spam 2 days ago, and that's the same day that script came out.

 

That script would be good except it does nothing to prevent referrer spam; all it does is stop me from seeing it. It's like a little kid putting his hands over his eyes and then assuming that since he can't see you, you can't see him. I'll still get hit with the referrer spam, and it's the hitting me thing, the blatant theft of my bandwidth for idiotic 'marketing' purposes, that's bothering me. There's absolutely no payoff for them since my referrers aren't published, so all that's happening is I'm donating bandwidth (albeit a small amount) to them every month. It's like a spam tax or something, and it's infuriating.

 

So stopping them at the gate would be my preferred method of dealing with this, and yesterday I found a ton of ways to deal with it using Apache and .htaccess. However, with .htaccess you might win a few battles but you'll never win the war. Blocking by referrer is like blacklisting by IP address - there are too many of them out there and you'll never get them all.

 

There's just no good solution to this problem. I hate spammers. But thanks for the suggestions!

 

-Iki

[LisaJill]

You can block by keywords, wholesale. For instance, I have blogspot blocked in my .htaccess. Not to mention a whole bunch of other words that aren't family friendly.

 

The problem now is that they're using non-existant domains to do this and theres no catch all and they're always different. Others have noticed this, but I haven't kept up to see if there's a solution. I just kind of gave up, after a year of fighting these abominations, I no longer care.

[arvind]

I was under the impression that if you didn't have one of those "Latest Referrers" script displaying on your blog that there was no real problem ie it would show in your referrer logs but not on the public end, am I right?

 

This was what I was going by so I took no real interest in preventing it....comment/trackback spam on the other hand

[LisaJill]

That's right, but it still eats bandwidth. I get several hundred of these hits a night, it's a pain in the ... neck.

[Iki]

I went back and checked my bandwidth earlier... out of the 75 mb I'm using, 32mb of that is from bots and spams and spiders. That's a pretty significant drain - almost the same amount I'm actually using for legitimate things. But I've got some measures in place now, so we'll see how it looks tomorrow.