Microsoft flooding sites with fake traffic
Arc Riley
arcriley at gmail.com
Thu Feb 21 10:00:52 EST 2008
> liberty$ find -name access_log\* | xargs egrep -h
> '^(131\.107|65.5[2-5])' | fgrep robots.txt | wc -l
> 1453
Look specifically at the IPs the faked live.com search results are hit from
vs those running msnbot. msnbot accesses robots.txt more than any other
search engine (seconded by Yahoo! Slurp).
Are you sure you don't have a wiki or tag cloud or comment board or
> file share or similar application that's been hijacked? Scam artists
> like to use such to host their content, or crank up their page rank,
> or spam others. I know they keep trying to hit GNHLUG (we watch it
> fairly closely and remove any such attempts). I know PySIG had to
> shut down their wiki it got nailed so often.
>
We have a fairly agressive anti-spam system setup, no such spam appears on
our site, certainly not on the landing pages of these faked live.com search
hits which contain svn changelog diffs.
The only place we've had spam is the ticket system which none of the hits in
question are for /ticket/*. We require reg to file a ticket and monitor
regs to isolate spammers before they can hit the site, so far it works
fairly well.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20080221/7322d806/attachment.html
More information about the gnhlug-discuss
mailing list