Slashdot Mirror
New Spam Frontier: Referer Logs
geoffsmith writes "Wired News is reporting that spammers are using referer logs as a cheap new way to
spam small sites. Anyone running a website has probably already seen this phenomenon; I'm thinking of writing a script to remove these entries from my access_log by looking for hits that don't grab my images. (sorry lynx users!)"
"I'll adapt or I'll discontinue. I'm not planning on becoming the major annoyance of the blogging world.... I'm not too worried my reputation. Marketing is all about being innovative, different, adaptive, taking risks and knowing how to use the technology. I'm trying to be all that."
Heh, it's funny that this guy can make this statement and expect to be taken seriously. It's even more pathetic that he actually thinks he's "innnovative".
Actually, yeah I have. I normally get 20-30 a day on my throw-away hotmail account, I just checked it for the first time in a week and had a total of 4 messages in my inbox--all spam of course, but there were NONE in the junk mail folder. Hopefully they put some sort of spam stopper in place? We can only dream.
Sent from your iPad.
For one thing, I only get about 2-3 legit emails a day, vs 20-30 spams.
On the other hand, I usually get a few thousand refer logs, and I *already* get a bunch of bogus refer logs from buggy browsers or something (like, a refer from a site I link to, I guess from people hitting the back button, that kind of thing).
On the other hand, I could see how it could get annoying for small sites.
The "solution" you mentioned wouldn't really work, as the spammers could simply download your images as well.
A more effective way to block these would be to scan sites in your logs and check to see if they link to you. It might take a while for huge sites, but then huge sites probably don't look through their refer logs as much.
OTOH, you would miss out on hits from sites that have random URLs or that kind of thing (like goggle's 'get lucky button')
Lonely?
Find love on the internet
I don't know who started it - but I find it very odd that browsers send referer info by default. Why? It does not provide anything extra for the user but problems. It is not once or twice that you find URLs to "confidential" pages if you browse through your webserver logs. And... I bet 95% of web surfers do not even know that they are sending this information all the time. Is there really any reason why the default is to send the referer info? I have seen people riot on much less important privacy issues. Why not about this? The referer plague exists in almost all browsers - and only in few browsers you actually can easily turn it off. What's going on?
True, but at the same time wrong. Has anybody else noticed that the internet is currently the most active battlefield in hostory?
Lowlife (but capitolist god bless 'em) pigs generate spam to sell their penis enlargement scam and mail clients develop ways to filter and block email. Distraction.
Distributed Denial of Service attacks attempt to shake the very foundations of the NET through bandwidth flooding and sysadmins implement redundancy and load balancing. Jamming - Frequency Hopping.
Remote exploits and virus appear everyday and patches are generated quickly for the more quality OS's and virus updates are required daily for Micro$oft OS's. Infiltration.
Governing bodies exist that the people disagree with such as the RIAA and MPAA. Demonstrations are held in both violent(DDoS) and non-violent(civil disobedience of P2P) manners. Revolution.
Needless to say, civilization has managed to survive for thousands of years despite man's desire to control everything including his fellow men. I think the internet will find a way.
I've dirtied my hands writing poetry, for the sake of seduction; that is, for the sake of a useful cause. --Dostoevsky
I'm not sure I understand. Does this mean the spammers put links on their own porn (or whatever) sites, and casual surfers will click into the blog from the porn site, thus making the porn site show up in the logs as the referer? That's how the referer is supposed to work, right?
Or are they just bots that hit random web sites and send fake referers along?
Either way, I have absolutely no clue why this would be abusive or even annoying? Can someone explain? Do people sit around checking their referers all day long?? (Then again, I don't understand why anyone would run a blog, so maybe I'm just out of touch).
I clean out all my outgoing referers (thanks squid), so maybe I subconciously assume everybody else does too. Never thought of the referers as anything but a silly waste of bandwidth, since they can be forged so easily.
I read somewhere (sorry, can't remember where ) that Microsoft updated their anti-spam service to coincide with the rollout of MSN 8. I believe it was Brightmail that they are using now.
a rk et=en-us&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3d misc%2fspecialoffers%26pgmarket%3den-us
Wish I could remember where I read it, I would give you a link. Best I can find right now is:
http://join.msn.com/?page=features/junkmail&pgm
One day soon I'm going to tell everyone using my hotmail account to use a yahoo account I've set up. I tolerated the increasing spam by using the custom filters. This worked until I hit the limit of 36. Then I had to get creative to work within that boundry. This was okay until last week when the my custom filters page now tells me I am over my limit of 10 filters and must delete 26 of them or pay for Hotmail Extra Extortion Services. Fuck them. I had the account before MS bought Hotmail and I tolerated all the crap until now. Yahoo's junk mail filters actually work so that's where I'll be.
It is extremely useful for security purposes.
No, not the security most people are thinking of. Checking to see if the user came from FeedBack.html before executing FormMail.pl is no security, since spammers can forge any referer they want.
I'm talking about security which stops a human user who is logged in to a particular website from being tricked into performing actions they didn't authorise. For instance: I log into my server's adminsitrative area. Then, in another window, I browse someone's blog. And I click on their "search" button. As it turns out, this search button is a trap, which sends me to my own admin area with a command to delete someone's account. I'm logged in, I have a valid network address, I'm active, there's no problem. Except that fortunately my browser sends "Referer: www.blog.org" instead of "Referer: www.admin.com".
That's why referer info is useful: to prevent a user from being hijacked.
Slashdot monitor for your Mozilla sidebar or Active Desktop.
> Wow, you are so full of shit!
That's so profound, Dick. Please, could you elaborate on your point?
I control the time!
The internet is so often dealt with as if it were entirely novel. For the most part it's not, and simply complements telephone, fax, USPS, television, and so on for delivering information. (Granted, it is pretty neat.)
So at minimum the internet deserves regulatory parity with these other media. Abuse of telephones and faxes was dealt with years ago -- (albeit incompletely -- our phone rings off the hook, I'll rant another day). For some reason business was quick to push for the outright ban on junk faxes, but hasn't for email which must waste a lot of their employees' time and hassle IT, in the end costing them money. Money talks, so I which there was a more concerted effort by those businesses that would never themselves spam.
As with junk faxes (again, analogies everywhere) the injury from each incident is too small to do anything about; but we can act collectively through our government to attack the collective harm that is quite large.
I won't comment on the current political obsessions in DC on anything but domestic policy, but I hope we see something soon. I don't think state-by-state legislation will do the trick. Your opinion will count if you express it to the right people. Writing your congresspeople for one is NOT a futile activity: they carefully tally what their constituents are saying, and you will likely get at least a form letter in reply. (BTW, I think a real paper letter carries more punch than email.)
Exasperated outside DC, Andrew
For now I'll delete the entries by hand, but if this increases it could get really annoying.
AlpineR
And this is, of course, broken behaviour.
So do you have an alternative proposal to prevent resource (i.e. bandwidth) theft? That is a very real problem, and no amount of arguing that the current solution is "broken" will get people to change unless you provide them an alternative.
they will come... and rip it to shreds as fast as they can in any way possible.
It's the same deal if you have any kind of script that can be compromised. Example: FormMail.pl, if it didn't do strong checking someone could use it maliciously. There are a few ways to combat this, like setting a repetition checker so that if within n seconds if the same thing comes in m times ignore and remove it and/or ignore the ip address(es) it's coming from. You can also set it so it will only work for trusted people and you could have do some small monitoring to make sure none of the trusted people are flooding it. There are many ways to go about preventing the spammers from getting through you just have to think practically (ie: What do spammers do that would be different from your regular users) and do a little coding and your done... They obviously could care less about you, so there's no other way to really deal with them.
Cute Filter Trick:
set a filter that works like this
Put it after your 'friends' filters ( who may bcc or cc you ).
Messages to/for me ( in me journal )
Count me as another Lynx user. On Windows.
It is the BEST text web browser for actual information browsing. Keyboard nav is much better than links (use numbered links with "G," as in "25g" takes you to - but doesn't follow - link/text entry box #25 on the screen, etc.). No mouse required, but it is supported.
Links is better for maintaining layout and some other things, but that only helps in a few cases. Lynx is far superior for slashdot, webmail pages, etc., where links would simply produce a 2" column of whitespace along the left side of the screen, forcing you to scroll to the right to make heads or tails out of anything.
Links elitists can kiss my ass. Someone accustomed to lynx browsing can locate usable information (such as searching for a URL and copying it to the clipboard) MUCH faster than someone who's used to using links.
I wonder if there is a vulnerability in here somewhere... people are displaying raw referrers on their sites, typically via a server script of some sort. Potential breeding ground for a new worm of some sort?
On the other hand, perhaps this is the first valuable use of spam: making people aware of the problem, and the smarter people shutting it down, before someone writes a worm to exploit it.
Read reviews of shopping cart software