Security: Silent Spamming - Is your Website Being Abused?

By Kathy · Feb 10, 2004 ·
  1. Kathy
    Silent Spamming on Your Forums: Is your Website Being Abused?

    Website Abuse

    Do you have full and proper control of your website? It's possible you do. But if you run a successful web site, blog, or forum, then there's a good chance that your site is being abused.

    Many webmasters are helping support adult and spam marketing sites – without ever realising it.

    In their constant battle to seek out every exploitable niche of internet space, many spammers have resorted to a practice referred to as "Silent Spamming".

    That is, a form of spamming that is effectively invisible to most human users – but very visible to the very thing that the spammers are targeting most: search engines.

    And they could be manipulating your site to do it.

    Silent spamming

    The more overt e-mail spamming is well known to all. Without the overheads that postal marketing encumbers, e-mail marketing can reach millions of people with extremely minimal cost.

    And because of the volumes involved, even the smallest return is clear profit.

    But the backlash against unsolicited e-mail marketing (not least the implementation of legislation against spamming in Europe and the USA), coupled with the ever increasing importance of search engines for website marketing has led to a more subversive trend: the direct yet invisible abuse of websites. Silent spamming.

    This article will cover some of the commonest methods that are used, and offers solutions to each of them.

    Forum Spamming

    Many forum administrators and moderators are all too familiar with the problem of blatant spamming by hit and run visitors to their boards. However, most are completely unaware that they are also likely being "Silent Spammed".

    The simplest way this happens is for the spammer to register as a member, and simply link to their website from their member profile. The end.

    If the forum is spidered by search engines, then the profile link will show as a backlink to the site in question. That means that it benefits the spammer and helps promote their site.

    That may not sound terrible in itself – until you realise that these links go to any range of porn sites, incest sites, and penis extension sites. Member profiles could even be linking to child abuse sites. And your forum could be being manipulated to promote them.

    The scale of the problem is also not to be discounted.

    Realise that many Silent Spammers have multiple web sites, and therefore will repeat offend on the same site, creating a string of membership accounts under various free and easy e-mail addresses, simply to create a myriad of backlinks to their main index pages, internal pages, sub-domains, etc.

    Plus they likely also have more than one domain, and do precisely the same for each of them - even if these domains only exist as redirects.

    And once your forum is used for Silent Spamming you can be assured that word gets around.

    All is not lost, though. We'll show how to track down the silent spammers on your forum - and how to cripple their plans.

    How to stop Silent Spamming of your Forum - 1. The hard way

    Checking the memberlist of larger forums could be a monumental headache for forum admins. However, there is a clear logic in the methodology of Silent Spammers on forums.

    Firstly, they don't simply want a backlink – they want a high PR backlink. And as the memberlist for a forum is linked to from most of the internal forum pages, that means that the first page of the memberlist will have a relatively high PR.

    This means that Silent Spammers want a member profile that will show up high in the list of the first page of the memberlist, so that they can gain the most from PR benefits for their backlink.

    Open the memberlist and check out names that begin with punctuation marks and numbers, or else do a search of the memberlist from your admin panel , if you can. Exclamation marks and dashes are particular favourites. Sometimes member names will be composed entirely of punctuation marks, or else a string of punctuation marks and letter "a" 's, so as to help with the alphabetical listing.

    Sometimes they link blatantly to their sites, and you may see a string of domain names such as "incest-sex" and "mature-slut". However, sometimes they even use an innocuous seeming domain name that redirects to a porn site. If you do check out such links, be carefully that you are protected from such pages forcing your machine to download Adware, Spyware, or other Malware.

    Once you've got over the initial shock of seeing your forum abused, delete all website links from these profiles first, before banning such members – otherwise you may inadvertently ban the member, but leave the Silent Spammer's profile up for continued spidering.

    Unfortunately, not all Silent Spammers are as clued in about PR, and other still will be content to merely join up any conceivable name. I've had to deal with Silent Spammers using ordinary names. To completely clear Silent Spammers from your memberlist you may need to go through the list manually.

    How to stop Silent Spamming of your Forum - 2. The Easy way

    However, if you would rather cripple the silent spammers than completely remove them, then simply block all access to your forum memberlist.

    You can do this with a robots.txt file that contains the following code:

    User-agent: *
    Disallow: /forum/memberlist.php
    where /forum/ is your forum folder on your domain.

    To create a robots.txt file, simply create an empty text file, add the code above, save it as robots.txt, and then upload it to your forum folder.

    Without the Search Engines being able to spider your memberslist, this method of spamming is dead. And a file visibly blocking the memberlist will be an immense defence, and word *will* get around that your forum is protected and useless for Silent Spamming.

    Blogs and guest books

    One of the older tricks, and one that unfortunately many webmasters have had to face, is of links spamming of guest books and blogs. This is also one of the more insidious, as the webmasters involved aren't bothered whether they are putting up porn links on the blog of an 10-year old girl or not. All they see is an opportunity to spam another place with their links - and solely for the purposes of feeding the Search Engines.

    Is this Invisible Spamming? Nor normally. However, it remains a problem because the sort of people most likely to set up a blog or guest book on their website are generally the less experienced webmasters - ordinary people with little real webmastering experience, who think that a "cgi-bin" is a recycling outlet, and that "php" are an underground rock group.

    This means that they can happily continue blogging, or leaving their free bravenet guest books up on their pages, without ever realising that the comment boxes are being spammed full with to "herbal viagra" sites.

    Worse, it is often young teens who set up their own blogs, to communicate their sense of experience of the world across the internet - only to have it then spammed with hundreds of links to mature sluts, incest sites, bestiality, etc.. Hopefully I shouldn't have to even hint at the ethics and morality involved in spamming children with such material.

    Once these webmasters are made aware of the problem then they can deal with it. But how often do people take up free web hosting, only to abandon the project - perhaps through boredom or distraction, or even the death of the webmaster? That is when the Invisible Spammers come into their own, and you can be assured that they can sniff out sites otherwise dead in the water on the internet.

    How to stop the spamming of blogs and guestbooks

    At the end of the day, a webmaster is responsible for their site and their content. Because of the options open for the abuse of a whole range of websites, then it remains for the webmasters of those sites to remain vigilant. Forums need observing, and comments in blogs or guest books require monitoring. Where spam is found, it can be easily removed.

    For those who stumble in on sites being blatantly abused, it's hardly a big strain on your time to send a quick e-mail to the webmaster's almost always blatantly visible e-mail address, to point them to observe the problem. Many may not have realised and will likely act.

    However, where the webmaster remains absent, then it would hardly be a shame if the site webhost got an e-mail about the issue. It's not unlikely that some aspect of the hosting Terms of Use (TOU) has been violated if the site is found to be left to promote adult material, not least because it can make bandwidth providers edgy.

    But, ultimately, if you have your own sites, then watch them.

    What's that? You don't have a forum, or blog, or a guestbook - so you're safe from Silent Spamming? Think again.

    Referrer Spamming

    Never heard of this one? This is one of the sneakiest tricks in the book - akin to the memberlist spamming we saw earlier .

    Let me explain something simply to you - most websites do not password protect their stats folders. This is certainly true of Cpanel and Ensim control panels, whose Webalizer results alone can be accessed with a normal and insecure http request.

    This means that Silent Spammers can get backlinks from even very big websites, and without the site owner even knowing about it. This is through the process of Referrer Spamming.

    The trick is that stats will almost invariably include a list of referrer links. So using a fairly simple piece of scripting code, someone can ensure that a page of their own site launches a spider to the larger site. Run the software to repeat the process multiple times, and suddenly the bigger site has itself a new major referrer.

    Knowing this, the Referrer Spammer submits the URL of your stats to Search Engines, which then send legitimate search engine spiders to the larger site - and it will record the list of URLs on that page. Including the link to the new major referrer. The little site just made the big site backlink to it, without anyone but the silent spammer knowing about it.

    In this way even the largest sites on the internet can be entirely and unknowingly be manipulated to give backlinks to porn sites, viagra merchants, and pyramid schemes - so long as the stats program runs from an unprotected directory.

    Referrer spamming - how to prevent it

    The simple answer is that you password protect your stats directory. You can usually do this through your online webmaster interface - such as Cpanel or Ensim. And if you have trouble with that, then simply ask your webhost for help with using .htaccess files.

    If that's asking for too much responsibility from webmasters, then all I can advise is for you to check your stats. Any unusual referrers?

    The likelihood is that they are almost certainly bona-fide to most intents and purposes. But there is always the risk that your site is being hijacked entirely for this purpose.

    For example, you may have wondered why your site was getting so much site traffic, but the conversion rate of sale was dropping. That could be a sign of a competitor using Referrer Spamming on your site - so that Search Engines think that your site is commending your rival as being of particular importance by linking to it!

    Does that sound underhanded? Welcome to the world of spam.

    This article is republished with permission by britecorp

    Share This Article

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.