Malware Domain List

Malware Related => Compromised Servers => Topic started by: adminguy on May 18, 2009, 04:31:49 pm

Title: Click throughs from unwanted sites
Post by: adminguy on May 18, 2009, 04:31:49 pm
I recently launched two websites and I am finding that on viewing the stats for the site I am getting adult/dating sites in the list of referring sites? What is going on, should I be concerned and how can I avoid this?
I have been placing these sites in an IP deny list but expect there will be others.
Title: Re: Click throughs from unwanted sites
Post by: MysteryFCM on May 18, 2009, 05:41:38 pm
Have you looked at any of the referers to see if they actually reference your site?
Title: Re: Click throughs from unwanted sites
Post by: adminguy on May 18, 2009, 05:57:14 pm
Looked at a couple and did not find any reference to my sites.
Title: Re: Click throughs from unwanted sites
Post by: MysteryFCM on May 18, 2009, 06:19:58 pm
In that case, chances are the referers are faked, and the "visitors" are bots (without seeing the logs, it's a little difficult to do anything more than speculate).
Title: Re: Click throughs from unwanted sites
Post by: adminguy on May 18, 2009, 08:45:35 pm
You may be right about the bots since they register as just hits without pages. Is there any cause for concern?
Title: Re: Click throughs from unwanted sites
Post by: MysteryFCM on May 18, 2009, 08:51:54 pm
At this point, I'd just monitor their activity. If you notice their behaviour beginning to lean toward SQL injection attempts etc, then you'll need to start recording their activity and ensure (I'd recommend doing this anyway) your code is not susceptable to injection or exploit.
Title: Re: Click throughs from unwanted sites
Post by: adminguy on May 18, 2009, 09:04:59 pm
Thanks Steven, I will keep an eye on this. Currently have no database applications running so I might be OK re Injection Attack.

If these are bots, why are they showing up as undesirable type sites? If I was going to camouflage a bot I would disguise it as something benign. What is the bot up to? Harvesting email addresses?

I have also checked all my site links and they all go to the correct URL.
Title: Re: Click throughs from unwanted sites
Post by: MysteryFCM on May 18, 2009, 09:07:53 pm
Likely scraping or harvesting.

Alas bots and their creators aren't known for their logic, so I've not got an answer as to their faking the referer.