hi guys
it seems that spammers try every method in the book using methods like email, phising, posting on forums (with links to where they want you to click) amongst their methods,
while browsing through the statistics of this website (https://www.linux-noob.com) i came across some unfamiliar 'referral links' which drew my interest and later, disgust.
The spammers have obviously got some 'spam bots' which crawl websites for one purpose, to falsely leave behind their 'links' in the statistics page of a website.
To try and further understand these low-lifes I did some analysis:-
look at the statistics posted here
[/url]http://linux-noob.com/usage/usage_200512.html#TOPREFS
Quote:# Hits Referrer1 73339 24.26% - (Direct Request)
2 1563 0.52% http://www.google.com/search
3 1462 0.48% http://charlestyrrell-ins.com/
4 1462 0.48% http://wgostonemantel.com/
5 1340 0.44% http://downjigger.com/
6 1340 0.44% http://hedcore.com/
7 1340 0.44% http://hellwithgoogle.com/
8 1340 0.44% http://isdwebstore.com/
9 1340 0.44% http://redline-entertainement.com/
10 1340 0.44% http://skateinstrutor.com/
11 1340 0.44% http://slewfootrecrods.com/
12 1340 0.44% http://syperopts.com/
13 615 0.20% http://images.google.com/imgres
14 408 0.13% http://desktoplinux.com/articles/AT9133949670.html
15 376 0.12% http://www.dvd4arab.com/forums/showthread.php
ok, the first link is listed as a 'direct request' and what that means is any internal link on linux-noob.com that links back to a page/site/forum whatever on linux-noob.com is listed as a direct request, same goes for anyone coming here via a bookmark to linux-noob.com or RSS feed.
The second link in the list above is our friend google, nothing strange there.
However, if we look at the 3rd to the 12th links listed, things start to become strange,
obviously to find out who these 'new' referrals were I clicked on the link only to be surprised that I landed on a 'so called search page'
take a look at the first link listed
3 1462 0.48% http://charlestyrrell-ins.com/
clicking on that will re-direct you to the following website
http://www.searchmeup.com/search.php?aid...is_is_SPAM
which is 'marketing' (spamming to you and me) a drug called "lousy spam".
"lousy spam" itself (according to google) is a diet pill, but who cares. I don't. I'm not interested. What annoys me is that the 'charlestyrell' link redirects me to a 'search site'. That is the SPAM in action.
Let's take the second site listed:-
4 1462 0.48% http://wgostonemantel.com/
once again, it redirects to the above page
http://www.searchmeup.com/search.php?aid...is_is_SPAM
and you can probably guess that the 'aid=36585' part of the link is the method that the spammer has of knowing how successful his spam is.
Let's continue with the third link:-
5 1340 0.44% http://downjigger.com/
redirects to http://www.searchmeup.com/search.php?aid=3...hoes&said=550_1
which is the same 'searchmeup.com' website and the same 'aid=36585' but now with a 'new' PHONEY search term.
ok,, you get the idea now, so who is running this spamming operation ?
let's do some whois ...
Quote:charlestyrrell-ins.com (Reverse lookup failed)
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
Copyright 1999-2001 William E. Weinman
Request: charlestyrrell-ins.com
connecting to whois.internic.net [198.41.0.6:43]...
connecting to whois.criticalinternet.com [69.50.183.29:43] ...
Registration Service Provided By: ESTDOMAINS
Contact: +372.55647646
Website: http://www.estdomains.com
Domain Name: CHARLESTYRRELL-INS.COM
Registrant:
Miamy diamond, inc
Andrew Scott (andrewscott600@yahoo.com)
2301 E St Nw
Washington
,20037
US
Tel. +202.4630871
Creation Date: 10-Dec-2005
Expiration Date: 10-Dec-2006
Domain servers in listed order:
ns1.charlestyrrell-ins.com
ns2.charlestyrrell-ins.com
and the next 'link'
Quote:wgostonemantel.com (Reverse lookup failed)
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
Copyright 1999-2001 William E. Weinman
Request: wgostonemantel.com
connecting to whois.internic.net [198.41.0.6:43]...
connecting to whois.criticalinternet.com [69.50.183.29:43] ...
Registration Service Provided By: ESTDOMAINS
Contact: +372.55647646
Website: http://www.estdomains.com
Domain Name: WGOSTONEMANTEL.COM
Registrant:
-
Klaus Muller (klausmuller007@yahoo.com)
Sandershauser Strasse 101
Kassel
,34123
DE
Tel. +49.56150003
Creation Date: 09-Dec-2005
Expiration Date: 09-Dec-2006
Domain servers in listed order:
ns1.wgostonemantel.com
ns2.wgostonemantel.com
and the third link
Quote:downjigger.com (Reverse lookup failed)
BW whois 2.9 by Bill Weinman (http://whois.bw.org/)
Copyright 1999-2001 William E. Weinman
Request: downjigger.com
connecting to whois.internic.net [198.41.0.6:43]...
connecting to whois.criticalinternet.com [69.50.183.29:43] ...
Registration Service Provided By: ESTDOMAINS
Contact: +372.55647646
Website: http://www.estdomains.com
Domain Name: DOWNJIGGER.COM
Registrant:
-
Klaus Muller (klausmuller007@yahoo.com)
Sandershauser Strasse 101
Kassel
,34123
DE
Tel. +49.56150003
Creation Date: 13-Dec-2005
Expiration Date: 13-Dec-2006
Domain servers in listed order:
ns1.downjigger.com
ns2.downjigger.com
so are the people mentioned above real or fake ? any takers ?
the 'searchmeup.com' website has an 'report abuse' link which redirects to
[url=https://www.umaxlogin.com/user_page.php?page=FAQ]https://www.umaxlogin.com/user_page.php?page=FAQ
which is a 'pay per click' ad revenue, so we can see that the many links 'left behind' on linux-noob.com's STATS page are designed to get users to 'click' and end up on 'searchmeup'.
some is trying to profit here, but who ?
I tried to 'report abuse' to the domain name creation site listed above but was left feeling less than impressed (see screenshot)
cmon guys, feel like helping me out here ? who is doing this and how can we stop them ?
cheers
anyweb
<a class="ipsAttachLink ipsAttachLink_image" href="<fileStore.core_Attachment>/post-1-1134724123.png" data-fileid="429">[img]<fileStore.core_Attachment>/post-1-1134724123.png[/img]</a>