Strange referrersites
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Apprentice
- Posts: 19
- Joined: Mon Sep 19, 2005 9:06 pm
- Location: Berghem
- Contact:
Strange referrersites
The past few days our site www.kossiesdesign.nl has had strange referrers visiting us. TFSforMambo shows they came from sites like:
http://www.hellopolis.com/
http://www.metatrek.com/
http://www.oasee.com/
http://www.superseas.com/
http://www.ultragamma.com/
http://www.pressace.com/
http://www.smokeynet.com/
http://www.spotego.com/
(and many more)
The strange thing is that all these sites when tried to visit them result in a page with "This account is suspended" etc.
Can anyone tell me what this is?
With a whois I found that all these sites belong to enom inc., for example:
Domain Name: HELLOPOLIS.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS1.ACEBREAKS.COM
Name Server: NS2.ACEBREAKS.COM
Status: REGISTRAR-LOCK
Updated Date: 06-oct-2005
Creation Date: 06-oct-2005
Expiration Date: 06-oct-2006
http://www.hellopolis.com/
http://www.metatrek.com/
http://www.oasee.com/
http://www.superseas.com/
http://www.ultragamma.com/
http://www.pressace.com/
http://www.smokeynet.com/
http://www.spotego.com/
(and many more)
The strange thing is that all these sites when tried to visit them result in a page with "This account is suspended" etc.
Can anyone tell me what this is?
With a whois I found that all these sites belong to enom inc., for example:
Domain Name: HELLOPOLIS.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS1.ACEBREAKS.COM
Name Server: NS2.ACEBREAKS.COM
Status: REGISTRAR-LOCK
Updated Date: 06-oct-2005
Creation Date: 06-oct-2005
Expiration Date: 06-oct-2006
Last edited by huub on Fri Oct 21, 2005 5:44 pm, edited 1 time in total.
Huub van der Logt
www.OSDesign.nl
www.OSDesign.nl
- Das Gurke
- Joomla! Enthusiast
- Posts: 164
- Joined: Sun Oct 09, 2005 2:50 pm
- Location: Germany - Hamburg
Re: Strange referrersites
Sorry for off Topic question ...
Are you using Mambo or Joomla? I tried to install TFS for mambo into my Joomla and it just didn't work. If you are using Joomla could you give me a link to your TFS Component and Modules?
Are you using Mambo or Joomla? I tried to install TFS for mambo into my Joomla and it just didn't work. If you are using Joomla could you give me a link to your TFS Component and Modules?
- keliix06
- Joomla! Ace
- Posts: 1022
- Joined: Wed Aug 17, 2005 11:46 pm
- Location: Minneapolis, MN
- Contact:
Re: Strange referrersites
enom is a domain registrar. The domains don't belong to enom, they were simply registered through enom.
From what I can tell (research done on http://www.smokeynet.com/) they have a server at http://www.theplanet.com (more likely its http://www.servermatrix.com) that has probably been suspended by theplanet for abuse (spam, etc).
From what I can tell (research done on http://www.smokeynet.com/) they have a server at http://www.theplanet.com (more likely its http://www.servermatrix.com) that has probably been suspended by theplanet for abuse (spam, etc).
Doyle Lewis
BuyHTTP Internet Services
http://www.buyhttp.com/joomla_hosting.html - No Overselling Guarantee. Your Joomla site, faster.
http://www.joomlademo.com - 30 day free trial of Joomla
BuyHTTP Internet Services
http://www.buyhttp.com/joomla_hosting.html - No Overselling Guarantee. Your Joomla site, faster.
http://www.joomlademo.com - 30 day free trial of Joomla
- kai920
- Joomla! Guru
- Posts: 542
- Joined: Sun Sep 04, 2005 3:59 pm
- Location: Hong Kong
Re: Strange referrersites
Having similar problem here... getting weird hits from poker/casino sites... or "ddddd.com"
but when you go to those referring pages there is no mention of my site anywhere (obviously).
Wha'ts going on?
but when you go to those referring pages there is no mention of my site anywhere (obviously).
Wha'ts going on?
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: Strange referrersites
They are probably just running scripts looking for security holes. There are loads of bots out there scanning the net. I wouldn't worry about them, but I also wouldn't be going to the sites - you won't find any listing for your site on them, but you *might* end up visiting a site that contains nasty stuff (like the current Windows exploit, for eg.)
A lot of these scripts are doing nothing more than trying to find blogs or guestbooks so they can run comment spam.
A lot of these scripts are doing nothing more than trying to find blogs or guestbooks so they can run comment spam.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
-
- Joomla! Fledgling
- Posts: 3
- Joined: Fri Dec 30, 2005 11:45 am
Re: Strange referrersites
IIRC, one of the reasons for this kind of referrer spam is that some referrer logs are publicly accessible. So if someone can get their site's URL into the log it could make it look like your site is linking to theirs. If they do that with a lot of sites, they can boost their ranking in Google and so on.
Possibly there's also another reason, like Google perhaps giving a little weight to links from a site in its page rank algorithm. Obviously the links to a site are a much more important factor, but every little helps...
Possibly there's also another reason, like Google perhaps giving a little weight to links from a site in its page rank algorithm. Obviously the links to a site are a much more important factor, but every little helps...
-
- Joomla! Enthusiast
- Posts: 246
- Joined: Wed Sep 07, 2005 6:45 pm
- Contact:
Re: Strange referrersites
I also noticed that there was at least one path that visually went to my site, but if mouse-overed,link went offsite to "umsky.com/prx.php" which has something to do with proxy leeching.
(from research, http://fpl.my-proxy.com/fpl-judge.php , But do not know safety of this link)
As I am a newbie in web managment, I am not sure exactly what is going on, or how serious.
Is there anything I should/could be do to prevent this?
I have notified my host and assume they will advise.
(from research, http://fpl.my-proxy.com/fpl-judge.php , But do not know safety of this link)
As I am a newbie in web managment, I am not sure exactly what is going on, or how serious.
Is there anything I should/could be do to prevent this?
I have notified my host and assume they will advise.
Last edited by philmoz on Mon Jan 02, 2006 3:45 pm, edited 1 time in total.
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: Strange referrersites
If these are just showing in logs but aren't actually posting anything to your site or hacking in, then just don't worry about them.
Logs are always full of these kinds of referrers. They are usually just scripts that are continually cruising the net looking for sites that are insecure. They are always there, always appearing in logs. Nothing you can do about them.
The only way to stop unwanted referrals appearing in logs is to not have your site on the Net
Logs are always full of these kinds of referrers. They are usually just scripts that are continually cruising the net looking for sites that are insecure. They are always there, always appearing in logs. Nothing you can do about them.
The only way to stop unwanted referrals appearing in logs is to not have your site on the Net
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
- kai920
- Joomla! Guru
- Posts: 542
- Joined: Sun Sep 04, 2005 3:59 pm
- Location: Hong Kong
Re: Strange referrersites
Thanks for the advice, everyone. There is no malicious postings made (as far as I know!) so for now I will keep monitoring the logs and see what's happening...Elpie wrote: If these are just showing in logs but aren't actually posting anything to your site or hacking in, then just don't worry about them.
Logs are always full of these kinds of referrers. They are usually just scripts that are continually cruising the net looking for sites that are insecure. They are always there, always appearing in logs. Nothing you can do about them.
The only way to stop unwanted referrals appearing in logs is to not have your site on the Net
"IIRC, one of the reasons for this kind of referrer spam is that some referrer logs are publicly accessible."
What do you mean by the above statement, anabolic? Are the logs on my site not secure?
-
- Joomla! Fledgling
- Posts: 3
- Joined: Fri Dec 30, 2005 11:45 am
Re: Strange referrersites
No, that's not what I meant - though I haven't looked at your site. I should have said 'readable' not 'accessible'. I guess the only 'insecurity' would be that, if you've made your referrer logs viewable from outside, then they make an attractive target for referrer spam - which can eat up some bandwidth.
Thanks for the advice, everyone. There is no malicious postings made (as far as I know!) so for now I will keep monitoring the logs and see what's happening...
"IIRC, one of the reasons for this kind of referrer spam is that some referrer logs are publicly accessible."
What do you mean by the above statement, anabolic? Are the logs on my site not secure?
For example, this Google search shows that lots of people are making their Awstats logs public, for some reason (I just choose Awstats at random, other stats packages are probably similar):
http://www.google.com/search?num=20&hl= ... tnG=Search
If you follow some of the links from that search, and look at the 'links from an external page' section, you'll often see lots of referrer spam from gambling and porn sites etc. So I guess maybe they got more referrer spam because their site logs were showing up in Google... though almost every site seems to get some referrer spam, whether the logs are public or not.