Spammers now searching websites for their spam links?

One of the new features in the 1.4 release of ExpressionEngine is the ability to track search terms whenever someone uses the built-in search function. Being the sort of person who pays attention to the logs on his site out of pure curiosity I’ve been hitting the search log pretty heavily and even considered putting in some code to display the last several search results.

That is until I noticed a rather interesting trend over the past few weeks. Spammers are hitting the search function of EE with the links to their gambling and porn sites every so often. The times logged are spaced just far enough apart that it’s hard to tell if it’s an automated script or an actual person doing the searches, but with the growing trend of displaying recent searches on some blogs I wouldn’t be at all surprised if it were a script designed to get the URL in the search results table in case a particular site is displaying such data.

If it is a person then they’ve been very busy. IP address 80.178.147.17 out of Amsterdam stopped by several times today to search for various gambling URLs. It’s one of several IP addresses allocated to a “RIPE Network Coordination Centre” that has been hitting SEB pretty hard as of late. I suppose I should be grateful as this actually helps me to keep the blacklist up to date. Anything I don’t recognize as already being blacklisted gets added immediately just to make sure. At times I’m still amazed at the lengths these assholes will go to get their spam out onto as many blogs as they can.

11 thoughts on “Spammers now searching websites for their spam links?

  1. The whole idea of course, is that alot of bloggers will display top ten search results, etc on their sites, the spamvertisements show up on the top 10 list, and this bypasses your normal spam filters, yet they still achieve their goal of getting their spamvertisement shown on your blog.

    More than likely it is a script being run to first get the spamvertisements listed, and then to keep them listed by checking in now and then and automatically performing a search with their query terms.

  2. How’s it going, Rori? Good to see you again. I admit my blogging the last few months has been less than spectacular as I dealt with the ongoing grind of being unemployed. Now that I’m working again and the once looming problems of being unemployed are shrinking back down to minor concerns I think I’ll be getting back into focusing on problems beyond my immediate concerns.

  3. I never had the joys of dealing with ‘blog spammers’
    but have seen it often eneough. Having run mailservers in the past for companies spam turns into a full time job. People dont make it any easier. Fishing attacks and @work porn surfing CEOs
    get mad when they get spam, but really dont wanna lay off the porn and use decent mailtools to help
    prevent it. IP to country searches were a great help and is worth every bit of time put into it. Country exclusion was wonderful. like all of korea and melanisia, but you draw a crowd from all over Les..
    hmm.. maybe just dropping repeat offenders would help. are you using iptables scheeme to accomplish the task? like a prefilter?

  4. I get occasional referrals from RIPE too, but that’s actually kind of meaningless. Based in Amsterdam, they’re the European version of ARIN/InterNIC. APNIC covers the Asia-Pacific region, and I think they’re based in Sydney. LACNIC is Latin America & the Caribbbean.

  5. Actually, RIPE just allocated the IP address – see http://whois.sc/80.178.147.17 for who actually owns it. It belongs to a broadband ISP in Tel Aviv, Israel. Whois.sc is very good for finding out information about domains and IP addresses.

    As for the searches, what the spammer is probably doing is checking to see how good you are at removing his links. If you get rid of them quickly, or block them completely, then there’s less point in wasting time pinging you. But if you’re lax and don’t remove spam, then the spam becomes more effective.

  6. I have an interesting time keeping SIMU afloat and have just about reached the conclusion that the world needs another tool to deal with referrer spam. One suggestion I picked up elsewhere is to spider spam sites – for the purposes of training your own spam filter, of course. Of redirect referrer spam back to itself or a know spam IP. I suppose if enough people do it, the sites they hawk will go down or force them to deal with what they subject others to.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.