MT-Blacklist and Spoofing

I installed MT-Blacklist the week before last after getting hit with 5 spam comments. Since then it’s stopped 12 more spamming attempts, so it’s doing its job very well.

For those who don’t know, comment spamming has become a problem on blogs because it’s used as a way of pushing up web search rankings. Comments on various sites with links pointing to an online casino/viagra store etc, push the destination site up in the rankings.

The spammers use search engines to find blogs, and then post repeated comments which often appear innocuous enough (e.g. “Great site!”), but have links pointing to the spammer’s site.

A similar thing is done by spoofing referrers, so that sites which show recent referrers end up advertising dodgy sites. I keep my web stats unlinked from my site, but have noticed a bunch of spoofed referrers recently.

For the uninitiated, every time you click on a link, your web browser sends the address of the page holding that link to the destination site when it requests that page. Most web servers can record the referrer address, which can provide useful information about where visitors to a site are coming from. Some sites process the referrer logs and display the results on the site, hence the benefit of spooking the referrer field in a request. It’s done by using a program to act as a browser, which sends false referrer data in the request.

3 thoughts on “MT-Blacklist and Spoofing”

  1. Yeah, I had to take my referrer log offline, because the legit visits were completely crowded out by crap sites linking to fake paris-hilton-blah-blah.com and nude.britney.ridiculous.etc.com

    Does MT help block that crud? I tried using a php redirect by IP, but it had no effect, which I guess is because they’re not actually coming via browser…

  2. > Does MT help block that crud? I tried using a php redirect by
    > IP, but it had no effect, which I guess is because they’re
    > not actually coming via browser…

    Unfortunately MT doesn’t help with the referrer stuff, as it’s just the Apache logs that I process for referrers.
    The only solutions I’ve seen are

    a) not putting your referrers on display (which you’ve already done)
    or
    b) blocking known “bad referrers” using Apache mod_rewrite (http://www.unix-girl.com/blog/archives/001080.html )

Comments are closed.