The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
In the last few weeks I've noticed a new kind of 'log' spam taking place with some of my sites.
It's not the more normal 'referrer spam' - the spam URL is in the page 'requests' - (this is not just Freeola sites!)
Some of my websites track out-going links and sites I have hosted where the raw log is available also show similar problems.
The spammers add their address to the out-going link:
http://www.real-link.co.uk/page.shtml? id=http%3A%2F%2Fwww.spammer - site.com%2Far%2Farticles%2Fjed%2Fumut%2F&links
I'm seeing lots of similar addresses. Searching for snippets of the url shows lots of others are also having the problem:
Google: %2Fadmin%2Fcorreo%2Fenaq% to see more examples and some discussion.
It seems someone/thing has been attacking sites trying to either spam or test for vulnerabilities. The attacks come from numerous addresses - no doubt sites/servers that are acting as zombies.
The links created are broken (404) so don't seem to be serving any purpose (Google bomb for example)?
Thought I would share this with you all ;¬)
I'm following discussions on a few sites to see if anyone has a good way of stopping this (using .htaccess perhaps) - If anything useful comes up I'll update this thread.
Obviously if anyone has any suggestions, please let me know.
Search Freeola Chat
It's not the more normal 'referrer spam' - the spam URL is in the page 'requests' - (this is not just Freeola sites!)
Some of my websites track out-going links and sites I have hosted where the raw log is available also show similar problems.
The spammers add their address to the out-going link:
http://www.real-link.co.uk/page.shtml? id=http%3A%2F%2Fwww.spammer - site.com%2Far%2Farticles%2Fjed%2Fumut%2F&links
I'm seeing lots of similar addresses. Searching for snippets of the url shows lots of others are also having the problem:
Google: %2Fadmin%2Fcorreo%2Fenaq% to see more examples and some discussion.
It seems someone/thing has been attacking sites trying to either spam or test for vulnerabilities. The attacks come from numerous addresses - no doubt sites/servers that are acting as zombies.
The links created are broken (404) so don't seem to be serving any purpose (Google bomb for example)?
Thought I would share this with you all ;¬)
I'm following discussions on a few sites to see if anyone has a good way of stopping this (using .htaccess perhaps) - If anything useful comes up I'll update this thread.
Obviously if anyone has any suggestions, please let me know.
Search Freeola Chat
I still see this 'attack' every few weeks or so. I've found lots of other posts but no solution yet.
This page www.seo-blackhat.com removespace /article/someone-is-scraping-me.html documents the IP addresses of the 'zombie' PCs.
I guess someone has released a malicious game or application that is infecting PCs/servers.
Some people have commented saying that they think it may be testing a hosting companies security vulnerabilities - have Freeola seen any of this activity?
Search Freeola Chat
This page www.seo-blackhat.com removespace /article/someone-is-scraping-me.html documents the IP addresses of the 'zombie' PCs.
I guess someone has released a malicious game or application that is infecting PCs/servers.
Some people have commented saying that they think it may be testing a hosting companies security vulnerabilities - have Freeola seen any of this activity?
Search Freeola Chat
Hmmm... wrote:
> The links created are broken (404) so don't seem to be serving
> any purpose (Google bomb for example)?
Maybe some sort of identification. Brute force attack on thousands of sites with a unique query string. Then you go googling to see what results come up and if anything has done anything "interesting" with the url.
Generally I think its a mistake to believe that most of these attacks have a specific purpose anyway. They're more like playing the percentages, chuck something out there and see what happens.
Easiest solution is mod_rewrite I guess. You can check the query string for http (assuming your sites dont allow http in the query string) and then throw a 403 or 412. Although not going to make an awful lot of difference as it'll still appear in your logs, just with a different error code. :)
> The links created are broken (404) so don't seem to be serving
> any purpose (Google bomb for example)?
Maybe some sort of identification. Brute force attack on thousands of sites with a unique query string. Then you go googling to see what results come up and if anything has done anything "interesting" with the url.
Generally I think its a mistake to believe that most of these attacks have a specific purpose anyway. They're more like playing the percentages, chuck something out there and see what happens.
Easiest solution is mod_rewrite I guess. You can check the query string for http (assuming your sites dont allow http in the query string) and then throw a 403 or 412. Although not going to make an awful lot of difference as it'll still appear in your logs, just with a different error code. :)
In the last few weeks I've noticed a new kind of 'log' spam taking place with some of my sites.
It's not the more normal 'referrer spam' - the spam URL is in the page 'requests' - (this is not just Freeola sites!)
Some of my websites track out-going links and sites I have hosted where the raw log is available also show similar problems.
The spammers add their address to the out-going link:
http://www.real-link.co.uk/page.shtml? id=http%3A%2F%2Fwww.spammer - site.com%2Far%2Farticles%2Fjed%2Fumut%2F&links
I'm seeing lots of similar addresses. Searching for snippets of the url shows lots of others are also having the problem:
Google: %2Fadmin%2Fcorreo%2Fenaq% to see more examples and some discussion.
It seems someone/thing has been attacking sites trying to either spam or test for vulnerabilities. The attacks come from numerous addresses - no doubt sites/servers that are acting as zombies.
The links created are broken (404) so don't seem to be serving any purpose (Google bomb for example)?
Thought I would share this with you all ;¬)
I'm following discussions on a few sites to see if anyone has a good way of stopping this (using .htaccess perhaps) - If anything useful comes up I'll update this thread.
Obviously if anyone has any suggestions, please let me know.
Search Freeola Chat
It's not the more normal 'referrer spam' - the spam URL is in the page 'requests' - (this is not just Freeola sites!)
Some of my websites track out-going links and sites I have hosted where the raw log is available also show similar problems.
The spammers add their address to the out-going link:
http://www.real-link.co.uk/page.shtml? id=http%3A%2F%2Fwww.spammer - site.com%2Far%2Farticles%2Fjed%2Fumut%2F&links
I'm seeing lots of similar addresses. Searching for snippets of the url shows lots of others are also having the problem:
Google: %2Fadmin%2Fcorreo%2Fenaq% to see more examples and some discussion.
It seems someone/thing has been attacking sites trying to either spam or test for vulnerabilities. The attacks come from numerous addresses - no doubt sites/servers that are acting as zombies.
The links created are broken (404) so don't seem to be serving any purpose (Google bomb for example)?
Thought I would share this with you all ;¬)
I'm following discussions on a few sites to see if anyone has a good way of stopping this (using .htaccess perhaps) - If anything useful comes up I'll update this thread.
Obviously if anyone has any suggestions, please let me know.
Search Freeola Chat