Douglas vs Referrer Spam
Every day my IMAP server is filled with spam. Luckily, Mozilla Thunderbird has learned what I consider spam/junk mail and moves all that stuff to a Junk folder leaving me with an inbox that’s mostly free of useless emails. So far, I’ve had no false positives, which means that emails from Mum don’t end up being marked as junk. That’s good. But it’s at the expense of still receiving two or three junk emails per day. That was further reduced at work which our acquisition of the Astaro Security Linux, a Linux-based firewall product from Astaro. What doesn’t get caught by Astaro’s software is caught by Thunderbird so at Zymeta I work in a spam free environment. At home it’s a different story, but that’s an easy fix since Astaro offers free home licenses for personal, non-commercial and non-revenue generating use. A great offer from a great company which makes a great product.
Anyway, back to referrer spam. Unfortunately Astaro doesn’t have a way to specifically block referrer spam, though as blogging in the workplace becomes more prevalent I’m sure they’ll add that. Since the Zymeta blog server has been around for over a year now, we’ve found our way onto the referrer spammers’ lists. If you look on the right side of my blog, you’ll see a list of websites that led people to my blog. The majority of people arrive here directly (they either have the site bookmarked or are reading the RSS feed for the site), but every day people arrive at my blog for the first time from another site. In my case, the majority of the people come via Google while looking for information on getting the D-Link DWL-G122 to work under Linux. But every so often some referrers show up that aren’t real referrers at all; they are referrer spam.
Basically, every time a web page is requested by someone, their web browser sends along the referring website. That is, the browser sends along a link to the web page that led the user to my blog. Unfortunately, it’s an easy thing to spoof and as a result my blog ends up with a bunch of ‘referers’ that are actually pr0n sites (yes, I meant to spell it like that) or sites advertising online gambling or other low-life activity. That in itself is bad enough. But, because those links are now in my referrer list, if Google happens to come by to search my blog for content that day, suddenly people looking for that barely legal stuff arrive at my blog also. It’s a vicious circle. And the worst thing is that most of this referrer spam comes from regular people’s computers who’ve had their computers compromised and don’t even realize it.
Five years ago I would have tried to figure out a way to contact the computer’s owner to let them know but I figure more than half of average computer owners have infected computers so it’s a losing battle. Instead, I’ve started putting those IP addresses sending referrer spam into the web server’s local firewall rules and blocking them from accessing the site. And if I find more than one spammer in the space Class C address space in the logs, I just block all 256 IPs. In today’s case, the spamming machines were on dial-up accounts in Mexico.
It seems wrong to block them all since potentially someone might legitimately be looking for info that may be found on my blog. But I was so tired of constantly checking my referrer list and removing those entries which were clearly spam. Roller Weblogger, the blog server we use, uses a blacklist to help block this stuff, but it isn’t always up to date and the blacklist author only accepts additions via a certain program. So, until the file is updated with the sites that are showing up on my blog, I’ll keep blocking those IPs because in this case, as far as I’m concerned, ”the good of the many outweighs the good of the few.”
Fri, 19 Aug 2005 20:42 Posted in Technology
