More referral spam from Russia and the Netherlands cluttered my Blogger stats in Fevruary. Adding to the mess is the loud blast of spam from http: // ranksonic . info / krawler . pho?refToken threatening to blow the doors down on my blog for the past month. Join me as I explore the links you should never click on…
Let’s start with spam from RanKSonic since it is clogging up Statcounter as well as Blogger’s stats. Of course, it is SEO spam claiming to be able to boost traffic to your website. Hey, if they were that good at it, would they be spamming blogs to get business? Of course not.
Scrolling down to the bottom of the page, I tried several links since there was no way I would sign up for the shady service. Terms of Service and Privacy Policy produced 404 errors like the one above, while About Us just took me back to the top of the home page.
Inspires great confidence in their understanding of webpage design, doesn’t it?
In the same vein, but from the Netherlands is spam from http: // www . wizzbit . nl / index.php?id=89&hostname=pdf-prods . blogspot . com offering SEO and domain name registration. Again I do not recommend doing business with anyone desperate enough to spam in order to find customers.
A report on referral spam wouldn’t be complete without a visit from Russian spammers, so http : // zaimy-rf . ru / fills the bill for spam arriving this month with nearly 100 false hits. Instead of offering SEO, the site offers mass applications to Russian loan companies. If you are looking for a loan in Russia, I advise going elsewhere – especially after I got an HTML5 canvass data warning. Odds are that the page was looking to harvest data from the computer, though it could be a coding error.
After these rather mundane spam sites, a new form of spam showed up in large quantities that attempted to use PDF files to work around spam detection filters. http: // www . mydrmobile . com / mobileboard / go . php?http: // greatbooksblogs . blogspot . com / 2014 / 12 / good-page-llqpk1w-of-pages-for-funs . html briefly took me to a cellphone seller, but loaded the second site in the link before the first even finished loading. The resulting page is a post on a barebones blog hosted on Blogger complete with a fake Google Plus account to make it look legitimate to search engines.
A list of Adobe Acrobat PDF files are all you will find in the posts on the blog and Google Plus. What was interesting that all of the links went to files on Canadian government servers and are inaccessible. Was all this to drive traffic to the cellphone seller? It was all very puzzling.
Time went by and life prevented me from writing this post until now. In the mean time, http: // mysharedpdf . blogspot . com / 2014 / 12 / free-list-f3pnmnw-of-ebooks-special-for . html hit the blog almost fifty times. The link looks like it is the same kind of quickie blog using the same model, unfortunately for my investigation, checking it revealed that it had been removed from Blogger.
The mystery deepened.
http: // mysharedpdf . blogspot . com / 2014 / 12 / free-list-f3pnmnw-of-ebooks-special-for . html showed up next. Same pattern as before, except the PDF files could actually be loaded and were on a different server. Ads for a variety of services ranging from weight loss to divorce lawyers all in Spanish are linked to.
So what was up with the original site with links to Canadian government servers? My best theory is that the first link was either a test run for the concept or that the files had been deposited briefly by a trojan and later deleted by admins of those servers. For that matter, it could have been an error with placeholder links.
Or it could be something completely different. Only the spammers know for sure.
Remember to never click on strange links in your Blogger statistics. Leave that to people with secure ways of poking around webpages that might harbor malicious code!
No comments:
Post a Comment