A Very Strange Blogger Referral

I checked my stats today and found a referral that looked extremely suspicious:

mysql . removeyourcontent . com / russ_pornbb_spider / admin / hentai_check . php

An attempt to access this through a virtual machine asked for an admin login plus password and when I limited it to the domain I got an Apache 2 test page. Apache is one of the most common software packages that runs servers.

To my eyes, it appears to be a misconfigured spider checking web sites to see if it can drop porn spam. Either that or it is looking for porn. The hentai part of it relates to anime and the referral showed up on one of my anime reviews. Since I don’t have any hentai this is a dead end if it is a search.

Could it also be a way to get into an Apache server? I wish I knew more about the software to say.

April Fools Day Delivers the Spam

It was an unusually sedate April 1st without any friends pranking me. But a wave of spam hit one of my email accounts. 61 were caught by filters and three made it through for the biggest spam assault I’ve seen in years. All were diet/weight loss centered with many purporting to come from celebrities ranging from Oprah to Pamela Anderson. Other common elements were the phrase “special offer” introducing a link and Microsoft Office Word 12 formatting.

It makes me wonder if it is connected to the attacks on Spamhaus, an organization that blacklists known spammer IP addresses. Probably not, given the ridiculous number of spammers out there. There seems to be no end to the Black Hats on the Net.

More interesting is that weigh loss spam is amongst the most successful in getting people to open it. Nothing beats social engineering for finding a way into a system as the banks in South Korea found out last month. I remember when it was false protestations of love or romantic interest that was the best bait to get people to open emails.

It is amazing that spam is still successful given how old email and the Internet are now. One would think people would stop falling for this by now. I guess P.T. Barnum was correct about “a sucker born every minute” – except he never said that.

Can’t trust anything, can you?

Comment Spam

From the Sidelines has had a visitor named “fati” from Casablanca, Morocco attempt to post twice during the past two days on different referral spam posts. The content of the comments is the same:

It's easy way to make money
Super-Duper Easy Way to Earn Money By
Promoting A link - 0.5$ per Referral Link Visit.
-Register
-Share Refferral Link
-Earn Money on every visit

A shortened shortened link is also included. I’m not going to click that for obvious reasons.

It’s fascinating to see how prevalent “black hat” methods of generating income from ads on the Net have become. Some of this is typical of how underhanded people always exploit anything that can be exploited. But I’m also becoming aware that some of this is a reaction to how hard it is to make money from running advertisements on a website these days.

Money is tighter and tighter in the current world economy that’s teetering on collapse and ads have always been nebulous in results. With the Web coming into being, actual viewing and response to ads has become a harder science than it was. Results can be tabulated in near real time, targeting has become extremely refined, and wasted efforts easier to avoid.

Google has tried refining its search indexing protocols (SERPS) to downgrade black hat method using sites, but is losing the war while taking out innocent bystanders. They also are in the business to make money and favor branded economic sites over “mom and pop” small businesses now. Reading the pain going on for some of them and how some are turning to “the dark side” to survive, I have to wonder if the mess can be resolved in any good way at all.

My posts on spam, especially of the referral type on Blogger, came about due to the lack of information about the links showing up in my stats. They are a public service endeavor which has led me to learn about things I had no clue about in the financial ecosystem of Web advertising and search results. I’ll never be an expert, but from the amount of hits the posts have gotten at least some information got relayed to those who needed it.

So these public service announcements will continue though they annoy me to write.

How Many Referral Spammers Are There?

That’s the question on my mind. Yet again faked referral links have shown up in my Blogger stats and yet again it is one I haven’t seen before.

afslotat . net16 . net is the newest one to hit the blog with a tempting link:
afslotat . net16 . net / info / my blog address

It appears to be out of Latvia, but that could be faked too. An attempt was made to load the site in a VM, but failed so I’m very suspicious and advise not clicking the link for any reason.

UPDATED

Another address like it showed up this evening:
radepaha . hs8 . ru / de  /info / my blog address . de

I'm not even going to try to investigate it since it is likely from the same people behind the other.

UPDATED again...

Now I've gotten referral spam from one of the biggest weirdos on the net. escapefrommasachusetts . org is on the loose again after being around as escapefromma . com and this site is dangerous to click on. The latest incarnation of pseudo anarchic drivel is salacious statements about Mitt Romney. A little out of date, that.  DO NOT CLICK!

Yet another UPDATE:

A new variation of the first two spams has shown up and racked up a ridiculous number of hits in one day. It uses the same fake "info" then your blog address in the referral. The new culprit is:

tkdot . com

Another Day, Another Referral Spammer

If you notice another Blogger site by the name of www . kmzackblogger . com in your referrals, know that it is a blog setup to get you to pay for better YouTube video placement. It showed up on the blog I just started for my grandmother's diaries, so I was curious enough to check it out.

Don't click on it.

UPDATED April 28, 2013

Once again KMZack Blogger left a comment, this time with an embedded link to a link exchange. Text follows:

Hey if you still get a referrer as my web (link removed) please aware that it is a kind of system that my competitor did to visual my web as spamming. then if you would like to exchange link with my website please proceed to here..
(link removed)

Since he's hoping to get his links up, the comment is not being put up.

A screen capture of his website (picture is safe to click):

Nothing shady about that, right? A competitor trying to make him look like a spammer isn't very plausible.  I'm surprised he isn't offering the Brooklyn Bridge for cheap.
UPDATE:

It is very interesting that as soon as I post about one of these spammers, more referral spam shows up. It makes me suspect they are all connected somehow.

In this case three different ones:

www . bthemes . info
This looks somewhat legitimate in that it has themes for Blogger. But the fact they use referral spam makes them look quite shady. I don't advise using them for that alone.

vampirestat and zombiestat:

These are run by the same people using the same templates with different graphics and purport to show the monetary worth of websites. I have to wonder how legitimate the Facebook likes and G+ numbers are. Do not go there since there are all sorts of things asking to be installed.

UPDATED:

Yet another referral spammer on Blogger showed up with 11 page views on February 28.

make-money-with-your-blog . review-blogspot . com is another get rich quick scheme making the rounds. "Mary" even has a short bit on the page about people reporting her blog is a scam and that she has "the approval of Blogger." Of course there is only the one post containing a shortened link.

Avoid at all costs.

An Odd Bit of Spam

2013 continues to be an interesting year for blog referral spam here at From the Sidelines. The latest one intrigued me a great deal due to how ridiculously long the link was:

applehut . info / 2011 / 08 / 05/ woot – deal – 16gb – hp – touchpad - %e2%80%93 – 379 – 99 – 5 – shipping . php

I’ve added a lot of spaces to disable the link from working, but did check it out in a Linux virtual machine. The site is another fake meant to lure traffic in and poses as an aggregator of smart/cellphone news. It even has an “About” page! That particular post is very out of date which was a tip off that they hadn’t really linked me. Also, I’ve never written about the HP Touchpad! Something very amusing to me is that the post itself may have been spammed in the comments.

If you are going to sucker people in for a deal, it would be smart to at least have the date on the post be within the current month and year, don’t you think? Not to mention using a product that isn’t out of production and replaced by cheaper alternatives that are vastly superior.

As far as how safe the link is to check out, I cannot say since I used Linux to visit it. There might be some Windows (or other OS) based malware there in the ads, but I wouldn’t be able to tell. I highly recommend not clicking on this or any other link from there in your referrals.

Also recommended is adding Google Analytics, Statcounter, or some other tracking service rather than relying on Blogger’s own stats. They filter this spam out a lot more effectively, though they aren’t bullet proof. In the end, your own judgment is your best defense against spam.

Neither registered this referral.

A More Sophisticated Referral Spammer

2013 seems to be shaping up to be a spam heavy year and one that has been around hit my blog today. ontimemarketing . biz takes you to a Wordpress blog that at first glance appears to be legitimate. But spend more than a couple of seconds looking at it and you find that the posts are all taken from other sites to give the illusion that it is serious.

Well, it is serious about one thing and that’s generating online traffic to it in hopes you will click on the wall to wall ads and deals posted there. That is how the owner of the site makes money. I highly doubt Tiger Direct and The Huffington Post are contributing posters to the site given how amateurish the layout is. It is enough to fool spiders from registering it as a fake site, however.

Please do not click to go there. While I detected no malware, I was using Linux to visit the site, so be careful if you do.

Now back to working on real content for this site!

First Referral Spam of 2013

The new year has hardly begun and a new spammer has shown up: videoshub . needz . it. From the spelling, I can only surmise that it is a link to tawdry materials of a graphic nature. It is highly suggested you do not click on it if you find it in your Blogger stats.

An Impressive Bit of Socially Engineered Blog Spam

Going through my email account revealed a comment waiting to be approved. While posted from that ever witty pseudo being, Anonymous, it looked legit at first before going off the rails:

Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point.
You definitely know what youre talking about, why
waste your intelligence on just posting videos to your weblog when
you could be giving us something enlightening to read?
Look at my homepage ... free porn

No video on the post is a wee bit of a giveaway even before the pornography offer (link deleted by me). Misspelling is no longer a surefire indicator that something is spam, so that can be forgiven. The idea of using constructive criticism as a form of social engineering in spam is a new one to me. I know it made me read the entire thing, so I bet this one is fairly effective.
Fiendishly clever is the phrase that applies, methinks.

UPDATED

Meanwhile, the Russian referral spam continues unabated. This time it is one from super-online-search . com that takes you to a site you do not want to visit.The Huns are at the gates, I tell you.

UPDATED 9-13-2012

A comment for another post is another clever variation of this that turned out to be a way to get clicks on a “survey” site as well as the video.

I'm having this exact problem with the video: http://www.youtube.com/(removed by me)  I've put one comment on the video site, but Youtube won't let me link your post as part of the explanation. So far, you are the only post that has tried to make sense of this stupid spam issue. Thanks for posting!

The identity of the commenter was “Ron” but the link to his profile is the afore mentioned survey at sprezzaturarrd . blgospot . com. Interesting development because it looks like they are aware of people trying to spread the word. Notice how the video gets another hyperlink via the comment?

Sadly they did get a couple of clicks out of me verifying the profile, but somebody has to take a look to see what is going on to warn others.