"We have been very pleased with the competent, prompt and courteous service they have provided to us."

Stu Perlman
Monarch/USESI (New Jersey)

Referrer Spamming

January 14th 2010

The Problem of Referrer Spamming Begins...

In the process of checking our web stats I noticed a couple of odd links showing up as external links (referrers). Some of the sites listed didn't look any where near valid so I decided to pull the HTML for the pages with a custom application I had created. After reviewing the HTML, CSS, JavaScript and images for the site I concluded that there weren't actually any links from the site in question back to our site. It was about this time that I noticed that the content for the site was not something in line with what our company would support or condone. Something had to be done!

What did Google know about this referrer spammer?

I decided I would double check the questionable site with Google's "link:" function. Once again, I didn't find any legitimate links from the questionable site back to our site. I also found that the site appeared to be banned from Google all together. These discoveries lead me to think about how the reference from the questionable site to ours may be negatively affecting our ranking. I needed to find a solution to the problem.

Internal Research on Referrer Spamming

I discussed multiple possibilities with the other WSI departments including the possibilities of banning a referring site IP, the stats system incorrectly reporting link backs and a virus. None of the possibilities checked out, so I went back to the drawing board.

I did a trace route on their site to check out if some where along the way a DNS server was messing up a reference, I have seen this happen before when an IIS default site isn’t setup correctly. This was another dead end.

A lookup on Network Solutions also resulted in little additional information as the questionable site had used a DNS registration proxy to avoid having to supply accurate registration information.

By searching Google and various web developer forums, I found that other people with various configurations for web stats were also seeing random results in their referrer links. While there were many people posting problems, there were very few technical answers. Many of the solutions or proposed causes were little more than a virtual shoulder shrug.

The Solution to Web Stats Referrer Spamming

Just as I was about to leave a particular thread, that seemed like another dead end, I found the holy grail of posts related to this issue. While the post itself only read “You are getting referrer spammed.” it held the key to solving the problem.

Of course! This was a very tricky way of manipulating the system that I didn’t think of. I started digging on referrer spamming and how it related to web stats systems. The Wiki on referrer spamming gave me the information I needed.

Security Hole

Late last year we changed our server stat program for our corporate site and didn’t replace the username and password on the site. The stats for our site were public to the world, but only if you knew the correct URL. This didn’t seem like a big deal, but most "security by obscurity" solutions are often left vulnerable because they don’t seem like a big deal.

How the Referrer Spamming was Working

What was happening was the questionable site had somehow found our public stats page and was running a robot to report false information to our server. This false information was seen in the form of an external link and registered in our stats program as a link to the referring page.

So what does that mean? What the questionable site was doing was not trying to refer to us; it was trying to get our web stats page to refer to them. If our stats pages were then indexed by a search engine their link would be seen on our web stats page and counted as a referring link to them. Tricky! Fortunately, our web stats pages aren’t listed in any search engine so any benefit they thought they were was minimal.

The Fix for Referrer Spamming

For the solution, I had our network administrator replace the missing password and place a robots.txt file with appropriate instructions for spiders to not index the stats system. Now it’s a waiting game to see how long the other site continues to try to “cheat” the system. Since there is no way for me to turn off their robot, they can still spam the server stating that they are linking to us.

I plan to further research this issue by seeing if I can identify exactly what IP the robot is coming from and ban it from our servers.

Web Department Manager

Iowa Headquarters
(MIDWEST)
103 E. 6th St., Suite 101
P.O. Box 726
Ames, Iowa 50010
Tel: (515) 239-9900
Fax: (515) 239-9800

Driving Directions to the Ames Iowa Headquarters
Florida Headquarters
(Southeast)
4200 Evans Ave., Suite 10
Fort Myers, Florida 33901
Tel: (239) 267-2749
Fax: (239) 267-9936
Caribbean & Latin America
(Puerto Rico)
Tel: (787) 303-0042
South Dakota - Sioux Falls
Tel: (605) 496-9580
Texas - Austin
Tel: (512) 593-1056
New Mexico - Albuquerque
Tel: (505) 289-1364
Iowa/Illinois - Quad Cities/Muscatine
Tel: (563) 316-2378
North Carolina - Asheville
Tel: (828) 278-2323
Want quick Answers?
During normal business hours you can reach us via our live chat program.  Try it, it's really cool!!
 
Partner Locations
Cedar Rapids, Iowa
 
Interested in joining our partner program?  Click Here to learn more about the Winning Solutions, Inc. Partner Program.