Referrer Spam is the New Amway

Ever since I found out about Amway and other network marketing schemes many years ago, I’ve always considered them the lowest form of commerce in the world. I mean, you’re not creating a damned thing and you’re using your friends and personal contacts to move generally unneeded goods around the economy. All to make a profit for yourself.

I think we have a new winner now in the “lowest form of commerce” category though: referrer spam. I simply don’t understand the point of this silly practice. If you don’t know what referrer spam is, here is the “technology” in a nutshell:

Websites maintain automatic lists of other web sites which link to them. This is useful, for instance, if I write an article and I want to see who is linking to my article and what people might be saying about it. So every day or so, I check my “referrer log” for new links. Well, what referrer spammers are now doing is polluting my log file with obviously fake referrers like “vicodin-for-free.info” and “sex-with-jenna-jamison.org”. So as a result, I have to wade through hundreds of these links in order to get to real referring links.

What I don’t understand is what the point of it is. The referrer log is only accessible by me and surely nobody technical enough to be checking their own referrer logs would actually click on one of those links. I’ve heard another reason spammers do this is because some people display their “most recent referrers” live on their sites. If you’re doing this, STOP. It provides no value and only perpetuates the myth that referrer spam has a chance achieving its intended effect.

As an aside, the best way I’ve found to get around the referrer spam problem is to use Refer 2.0 to check your referrers. Refer 2.0 can sort referrers by frequency and most referrer spam has a frequency of one, so you can easily ignore any referrers who haven’t provided you at least two referrals.

Also, for a more complete statistical tracking package, make sure and check out Shaun Inman’s ShortStat. Shaun’s working on a spicy new beta right now which is quite nice, but in the meantime, feel free to use the current version. You can have a look at what the output looks like here.

39 comments on “Referrer Spam is the New Amway”. Leave your own?
  1. Do you realize that aproximatively 47.5% of visitors actually tried accessing “sex-with-jenna-jamison.org” after you mentioned it? (Trust me, I’m part Statistician)

    Also, if the ShortStat page is publicly accessible, you’re creating PageRank for those damn sites. Referer spam is all about PageRank.

  2. Dave S. says:

    “Refer 2.0 can sort referrers by frequency and most referrer spam has a frequency of one”

    Maybe for the moment. Anything involving spammer activity has to have a big red disclaimer saying “this works right now, but the crafty bastards are hard at work finding a way to circumvent it, you can be assured.” Best suggestion is your first one, just don’t expose uncontrolled referrer stats.

    I suspect there must be some reason they’re doing this, beyond simply hoping against hope someone knowledgable enough to check their referrer logs will by their crap. Perhaps there’s some sort of PageRank boost to be had from gaming referral trackers like Technorati. I haven’t seen anything to confirm this, but that they’d flood my referral log for an audience of one seems unlikely.

  3. Turnip says:

    I agree, referrer spam is stupid. But then, so are spammers, so I guess we shouldn’t be surprised. Recently I’ve had spam comments on my WordPress blog to posts that don’t exist (due to a bug, it’s fixed in 1.2.2). What the point in that is, I have absolutely no idea, as no-one will see the comments?!?! Dumbass spammers.

  4. Jemal says:

    Another reason is that referrer logs, when visible to Google, can help increase the page rank of the referring page. And even if you’re the only one looking at your logs, Google may know about them.

  5. Adam says:

    Like Jemel said, it is likely an effort to improve “Page Rank”, as well as Alexa and Amazon A9 Ratings.

    They maybe exploiting browser’s “What’s Related” and 3rd party (Google) Toolbar features.

    That’s my best guess at least.

  6. Jeremy says:

    Ironic that you mention Amway in this post…given that one of Amway’s founders, Jay Van Andel, passed away yesterday…

    (Amway’s based here, so this passed as news in this market…)

  7. Mike D. says:

    Wow, very interesting news about the Amway founder, Jeremy.

    Can I interest you in a set of greeting cards to help commemorate the occasion? They come in packs of 1000 and if you can just sell 20 to ten of your friends, you’ve already made your money back!

    If you’re open-minded, let me know, and I’ll send you the paperwork.

  8. Craig C. says:

    A while back I got hit with a referrer spam flood which was the final straw. I googled a bit and found this blacklist by Joe Maller. By adding some .htaccess rules you simply block all traffic with particular strings in the referrer header. Every time I get a spam hit, that domain goes onto the list. It’s not quite as preventative as I’d like, but it stops the repeat offenders.

    Of course, as with any blacklisting practice, you run the risk of false positives so you need to be pretty careful with the domains you block and how broad you get with your wildcards. It has certainly kept my stats cleaner.

  9. I don’t get much comment spam, but my referrer spam is incredible. As for most spam only having one referral — I wish! Most of mine range between 30 and 100 referrals. They just keep coming back for more.
    One morning I woke up and found that 4 new spam sites had sent 180+ referrals between them.
    What the F……… :\

  10. gb says:

    I tend to just do an IP deny for referal/comment spammers. They can change top-level domain names, quickly, but changing their IP is usually a bit of work. I’ve been getting a boatload of comment spam as of late, usually with the same person posting the exact same message about 10 times on a single entry.

    These people make me homicidal…

  11. Referer spam is certainly a pain in the butt. A few weeks ago I got hit really hard and not only did the spammers plug up my log files, but they also stole close to 1GB of traffic! To combat these scum, I’ve resorted to simple additions to my .htaccess file.

  12. I write a statistics plugin for WordPress called StatTraq. SEO ‘professionals’ have tried to exploit a feature in StatTraq wherein people can open up the stats to any user by not requiring a login (so technically Search Engines could view the results). Referral spammers are all about getting their site linked to for PageRank etc.

    If you’re a StatTraq user, please require logging in to help Slow Refferer Spam!

  13. Mike D. says:

    Jim:

    Awesome! I just implemented your .htaccess thing. It’s definitely something to keep an eye on, but I agree with you that at least for now, no legitimate sites use .info or multiple dashes in their domains.

  14. Scott Evans says:

    I wrote a simple set of scripts to check referrers and email me when new ones show up. It includes support for filters, so you can get rid of obvious crap like texas.*holdem.

    In case anyone’s interested: self-love

    Installing it isn’t for the faint of heart, but there it is.

  15. Philippe says:

    Mike wrote (comment 13)

    … or multiple dashes in their domains.

    Err… I do : http://www.l-c-n.com :-). And two of my clients do. Granted, nothing with .info

  16. Mike D. says:

    Philippe:

    Ok, well that’s good info then. Scratch off the .htaccess solution!

  17. Ryan Berg says:

    Thankfully my referrer spam has been minimal. I had my first comment spam attacks in the last two days though – stupid online gambling rings.

  18. Don says:

    We have a stats counter that tracks referrers. It has yet to be infected by this type of situation and gives some very accurate information on many things including … who does/doesn’t use javascript, screen resolutions, unique visitors in a day vs click count, etc. We have a free version on our site over at http://htmlfixit.com and a $10 “pro” version. It is great for knowing what google terms for example bring people to your site.

    FYI, Amway no longer exists, it is Alticor. Those guys singlehandely keep our local economy going. So we thank your friends and family who actually buy the stuff (even though I live about 7 miles from their world headquarters I have never actually bought product from them). In reality Alticor is much much more than you think it is even though it’s genesis was a direct distribution network of people. They own real estate, professional sports franchises, an internet company the name of which currently escapes me, vacation resorts and islands. Interesting reading about these guys in a special section of the local paper yesterday on the death of one of the co-founders:
    http://www.mlive.com/grpress/jayvanandel/

    Whether you love or hate Amway, if you find anyone who actually knows VanAndle or Devos, they are very well liked. This guy would hand write notes of encouragement to people he found in personal struggles with words of encouragement. He would mail off a packet of them daily. They were very positive upbeat guys.

  19. Jeremy says:

    Well, technically the Amway brand and business does still exist, it’s just that the parent corporation was rebranded Alticor (in an effort to remove some of the Amway stigma from the other businesses). And also, it’s important to note that the internet company is a variation on the Amway model applied to the web.

    The Amway founders also exerted (and still do) a great deal of influence on Michigan, and to some degree National, politics. They are very well liked by those that agree with their conservative agenda.

    And I’ve met enough former corporate employees who are no longer with the company as a direct or indirect result of having political or social views that ran contrary to the company line, so to speak, so I wouldn’t characterize the Amway founders as universally well-liked. That’s not to say that they haven’t made significant philanthropic contributions to the community, just to say that their work was not universally good.

    Mike – I’d be all over those greeting cards, but I’m already a double-diamond dealer. And if you’re looking for a good source of cialis cheap, I can hook you up…

  20. Jason Beaird says:

    After reading through the comments, I’m still going to employ Jim’s .htaccess fix. It’s true that some valid referrers will have two or more dashes, but not 2+ dashes and a .info domain… Even if there were valid domains out there that fit this description, they would most likely be corporate sites and not linking to a blog, would they? If anybody knows of any deviants, please post the URL!

    For extra stat protection:
    Perhaps the Wolf could work some rules or a blacklist into the next version of ShortStat. But… blocking these scum before they become statistics would be better.

  21. Krzysztof says:

    There is an discussion thread on Textpattern Support Forum about this.

  22. Franki says:

    Hi guys,

    After reading the above, I notice that nobody has mentioned image auth system. we just installed it on htmlfixit.com and now whenever people go to post a comment, they have to type the characters on an image into a text box or the post is not accepted. try it, it was easy enough to install and we have had no further spammnig since we implimented it.

    You can find a ton of anti comment spam tips here:
    http://www.tamba2.org.uk/wordpress/spam/

    Including the image auth..

    Hope that helps someone.

    rgds

    Franki

  23. Julia says:

    Franki,
    image auth or captcha do help with some spam, but they are not accessible for those users who are visually handicapped. We need to keep working on a universal solution. My blog has died and until I have time to investigate another software (I was using Mt 2.63 with Blacklist) package, I won’t relaunch. The attacks on my site shut my host server down and they in turn limited my access. I tried every trick offered by Elise over at http://www.elise.com/mt/
    and all the suggestions I could find anywhere on the web – changing cgi file names, altering the comment function, I did it all – it didn’t help. Now I am hearing WordPress is being targeted as well. I will look at the .htaccess suggestion, but I am not optimistic. I just hate the bastards.

  24. Jeff Croft says:

    Being the idiot Mike refers to in his post, I have actually clicked on some of this referrer spam in my ShortStat. Guess what? Most of them don’t even work. Usually I get a 404 or an empty directoy listing.

    So now what’s the point?

  25. Mike,

    Did Shaun slip you a copy of the SS1 beta? It has, amongst a billion other awesome and useful things, a handy tool for combatting referral/pagerank spam: each referral is displayed with a link to delete that domain and block all future referrals from being recorded.

  26. Ray says:

    Indeed.

    The Web is about as democratic an institution as Amway, or whatever they’re calling themselves now (Quixtar?). Low barrier to entry, no need to qualify one’s self against any form of scrutiny, anyone with the desire…

  27. Mike D. says:

    Seth: Yep, I’m using the new Shortstat beta. I’ve been talking with Shaun about a way to eliminate those referrers completely without you even having to see them. Hopefully it makes it into the next beta.

  28. Pascal says:

    Well I use Awstats and my traffic stats are publically accessible and I like doing that at least as much as you have your reasons for not doing it.
    But …
    The awstats default is to generate all stats pages with the standard META NoIndex/Nofollow tags because engine spiders have nothing to gain from indexing stats in their databases as it only pollutes their otherwise normal results … I mean, unless a visitor specifically wants to look at stats and searches for them, there is no reason to index them and se’s would show more than a few stats pages for other searches as the ‘keywords’ on stats pages would trigger them as results to searches. That, and allowing se’s to index your stats page is likely to lower your own site’s ranking for more than one reason so most places it’s No-index/No-follow.
    So guess what: No pagerank, even with public stats.
    But yeah the Fokhars spam mine, too and I nicely remove their entries every day thou smashing the spammer’s pc to smithereens or visiting the spammer’s house with several big guys in grey suits and dark sunglasses (ala Agent Smith out of the Matrix) would make my day. Oh yeah, it’d be even cooler if the whole dozen or so agents drove up in all identical, black BMW’s (dunny why, it just would).
    lolz

  29. Joshua Case says:

    I am trying to test a spam solution.. Anyone know where I can sign up and get a ton of spam.. Ryan.Bick@owens-ill.com

  30. Alex says:

    After reading through the comments, I’m still going to employ Jim’s .htaccess fix. It’s true that some valid referrers will have two or more dashes, but not 2+ dashes and a .info domain… Even if there were valid domains out there that fit this description, they would most likely be corporate sites and not linking to a blog, would they? If anybody knows of any deviants, please post the URL!

  31. Awesome! I just implemented your .htaccess thing. It’s definitely something to keep an eye on, but I agree with you that at least for now, no legitimate sites use .info or multiple dashes in their domains.

  32. Kolin says:

    I’m not sure if they’re just stupid or what, but even with no publicly available list of refering URLs, they continue to hit my site. The good thing about these guys is that they typically use domains with an easily recognizable set of keywords – i.e. sex, credit, viagra, etc.

    To stop them in your .htaccess file (if you’re using Apache), use the following:

    SetEnvIfNoCase Referer “.*(credit|texas-hold-em|holdem|badwordshere).*” BadReferrer
    order deny,allow
    deny from env=BadReferrer

    If you search Google, you can find some pretty decent blacklists of domains these guys are using as referrers. Add them to the above section that’s separated by the pipe character.

  33. Paul says:

    For extra stat protection:
    Perhaps the Wolf could work some rules or a blacklist into the next version of ShortStat. But… blocking these scum before they become statistics would be better.

    (Editor’s Note: You might want to check out Mint.)

  34. Not only am I getting killed with referrer spam, my message board is getting killed with fake user signups (with the same garbage sites being used in the homepage field) and even automated spam replies! I turned on visual confirmation when registering to prevent automated signups, but I would receive quite a few e-mails from people who couldn’t view the image so I had to disable that.

    Unfortunately, the automated replies were insane, so it is impossible for me to manually delete the hundreds per day I was receiving, so I had to disable unregistered users from replying.

    Anyone have a solution that can keep out referral spam from phpBB message boards? I hate requiring people to go through registration in order to post, but I honestly can’t think of another way to prevent all of the spam postings.

  35. Joecool18 says:

    Quixtar is Amway with a new name. Actually, Amway exists in foreign countries and Quixtar is in the USA and Canada.

    Guess what? Quixtar has the same rules and compensation plan as Amway, they have the same products, the same owners, and the Amway distributors became Quixtar distributors. Duh…..

  36. SuperWife says:

    bah! referrer spam is beyond irritating, however…..

    i think it might be oddly beneficial… i know part of google’s algorithm for ranking (aka- ‘the secret sauce’) is hits. referrer spam has over doubled my unique visitors, and i’m #1 in google for a few random search phrases.

    maybe it isn’t so bad afterall ;)

  37. We are infested with SPAM

    We’ve all learned to deal with email spam. We’ve accepted it, and we’ve moved on. But lately it seems that I’m being a victim of more than just email spam….

  38. CLICHES ARE THE NEW CLICHE

    Saw this headline over at the always fabulous Wonkette: Very cute. But also very over-used as a cliche, if my Google searching is any indication: Fake is the new real. Small is the new big. Apple is the new Microsoft….

  39. Grandma J says:

    Hi, back to the Amway. Our personal household started selling it over 30 years ago when you sold the product. You demonstrated on household problems, showed how to make things easier. You did not expect to make thousands, but you got your products you really loved cheaper, your friends and family DID buy from you. As it is, I know who to go to when I run out of a favorite, I buy my laundry SA* Bioquest in the 50# boxes, several at a time for shipping price purposes, store in 5 gallon buckets. The kids like the car products, other cleaning items. As everything, we find what works great. If someone else has a better product without any hype, etc let it be so.
    I am disgusted with the pyramid factor of everyone getting a cut. NOT nice, no matter what the company is.

    I grew up in the late 50’s early 60’s with the household using these products, as the “friends” sold it. And they worked well. Cause you were shown everyday problem solving for the products.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe by Email

... or use RSS