[wp-hackers] Referrer Spam [s]

Roy Schestowitz r at schestowitz.com
Mon Oct 10 13:31:17 GMT 2005

_____/ On Mon 10 Oct 2005 13:31:07 BST, [John Ha [c]] wrote : \_____

> ----- Original Message -----
> From: "Matthew Thomas" <mpt at myrealbox.com>
> To: <wp-hackers at lists.automattic.com>
> Sent: Monday, October 10, 2005 9:12 PM
> Subject: Re: [wp-hackers] Referrer Spam
>> On 10 Oct, 2005, at 12:41 AM, Roy Schestowitz wrote:
>> >
>> > Has anybody come across plenty of referral spam recently? Sex and
>> > pills from Tonga in particular?
>> > ...
>> "...a massive Referrer Spam attack is ongoing (and apparently not just
>> against my site), with dozens of distinct IP addresses trying to stuff
>> my server logs with links to blue-pill Tonga subdomains: buy.to,
>> get.to, dive.to, hey.to, drop.to, etc."
>> <http://the.taoofmac.com/space/blog/2005-10-07.19%3A18>
>> "Now I've seen some referrer spam in the logs before, one or two a day
>> nothing major, but this constituted something more akin to a total
>> onslaught." <http://heksie.co.za/blog/pivot/entry.php?id=91>
>> --
>> Matthew Paul Thomas
>> http://mpt.net.nz/

That's very informative. Thanks for that. Earlier today I attempted to 
spammy requests, but the spammers will easily find a way around, e.g. simply
selecting a different entry point, thus making it a cat-and-mouse game.

Some time in the past the error logs came up with repeated attempts to take
advantage of PHP-Nuke exploits (READ: get admin privileges via loopholes).
Consequently, I systematically re-directed fishy URL's for all 
installations to
http://schestowitz.com/hacker.html .

On the contrary, the issue with WordPress-targetted attacks -- the ones 
which I
mentioned above -- is that genuine pages get requested by a wide range of IP
addresses (not Tonga). By re-directing as above real visitors can be 
or offended at worst.

> Try: http://www.ioerror.us/software/bad-behavior/
> John Ha.

That seems like a sound solution. Fear the day of global gigabit Ethernet
reaching the wrong hands...


Roy S. Schestowitz      | Useless fact: Digits 772-777 of Pi are 999999
http://Schestowitz.com  |    SuSE Linux    |     PGP-Key: 74572E8E
  2:15pm  up 46 days  2:29,  10 users,  load average: 1.09, 0.98, 0.76

More information about the wp-hackers mailing list