And here I was wondering why our site was so slow ... Turns out we have a massive case of referrer spam for, AFAICS, four domains:
The requests seem to be coming in from a lot of different IP addresses, so I'd suggest blocking by referrer. They also seem to use the same user agent string on all requests: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU; rv:1.7.5) Gecko/20041108 Firefox/1.0
Russia, it seems. Why doesn't that suprise me at all?
The two ...4me domains are supposedly registered to a
WILLIAM B CANTON (crow@2hmr.biz)
2028 OAKMEADOW CT APT 805
BEDFORD
null,760214717
US
Tel. +508.9102401
while the other two are registered to
Monster INC.
Andrey Monst (webmaster@mega7porn.com)
Seliva 396
London
null,SE9 3TL
GB
Tel. +02.077314135
All four of them are hosted on the same server, 69.50.176.251 (InterCage, Inc., CA).
As for the reason of that spam - I have no idea (yet). I've only looked at one of the spamvertized URLs: police-officer-association.hq-pictures.net looks like a blog but the actual articles are only gibberish. On a quick scan, I don't see any redirects, popups, JavaScript, or AdSense ads. All the links seem to lead to other subdomains at hq-pictures.net.
Have to look into this closer at another time - I have to keep a website up and running here ...
Comments (0)
Damn Spam!
http://spam.tinyweb.net/article.php/massive-referrer-spam-wave