[wp-hackers] Referrer Spam [s]
r at schestowitz.com
Mon Oct 10 13:31:17 GMT 2005
_____/ On Mon 10 Oct 2005 13:31:07 BST, [John Ha [c]] wrote : \_____
> ----- Original Message -----
> From: "Matthew Thomas" <mpt at myrealbox.com>
> To: <wp-hackers at lists.automattic.com>
> Sent: Monday, October 10, 2005 9:12 PM
> Subject: Re: [wp-hackers] Referrer Spam
>> On 10 Oct, 2005, at 12:41 AM, Roy Schestowitz wrote:
>> > Has anybody come across plenty of referral spam recently? Sex and
>> > pills from Tonga in particular?
>> > ...
>> "...a massive Referrer Spam attack is ongoing (and apparently not just
>> against my site), with dozens of distinct IP addresses trying to stuff
>> my server logs with links to blue-pill Tonga subdomains: buy.to,
>> get.to, dive.to, hey.to, drop.to, etc."
>> "Now I've seen some referrer spam in the logs before, one or two a day
>> nothing major, but this constituted something more akin to a total
>> onslaught." <http://heksie.co.za/blog/pivot/entry.php?id=91>
>> Matthew Paul Thomas
That's very informative. Thanks for that. Earlier today I attempted to
spammy requests, but the spammers will easily find a way around, e.g. simply
selecting a different entry point, thus making it a cat-and-mouse game.
Some time in the past the error logs came up with repeated attempts to take
advantage of PHP-Nuke exploits (READ: get admin privileges via loopholes).
Consequently, I systematically re-directed fishy URL's for all
On the contrary, the issue with WordPress-targetted attacks -- the ones
mentioned above -- is that genuine pages get requested by a wide range of IP
addresses (not Tonga). By re-directing as above real visitors can be
or offended at worst.
> Try: http://www.ioerror.us/software/bad-behavior/
> John Ha.
That seems like a sound solution. Fear the day of global gigabit Ethernet
reaching the wrong hands...
Roy S. Schestowitz | Useless fact: Digits 772-777 of Pi are 999999
http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
2:15pm up 46 days 2:29, 10 users, load average: 1.09, 0.98, 0.76
More information about the wp-hackers