URL/Query String Spam - Poor Man's Referer Spam?
posted Feb 29, 2008 at 05:33:49 PM by Doug Gibson.
It hasn't been two full months since I re-lanched this site as a blog using ColdFusion and I am seeing a new form a spam. I was tipped off by some error emails that my error handling kicked off.
What is happening is that I am seeing a number of requests error out because someone is inserting URLs (all foreign, e.g, .it, .ch, .ru, and a couple .com's so far) in place of my articleid query string parameter.
http://dgibson.net/blog/article.cfm?articleid=http://www.somespammyurl.ru/blah/
If it only happened once, I wouldn't be suspicious, but I have gotten nearly over a dozen of these - all pointing to different sites - in the past 24 48 hours coming from at least three different IP addresses.
This seems like a really ineffective form of referrer spam to me. If I did not have an error handling system set up like I do, I would NEVER see these URLs. Since the "attacker" varies the URL in each request, they would not even show up in my stats sorted by most requested pages. The only way I would ever see it is if I viewed my raw logs. And since the URL is added on to a URL as a query string, any auto-linking would link the entire URL, not sending any more traffic to the spamming site anyway. I just don't get it.
Has anyone else experienced this? What is the point of this spam? It doesn't appear that the attacker is trying to inject anything more than a site URL. It could have been happening to my other sites for years and I'd never even know it.
It looks like my next step is to catch invalid articleids and treat them as a 404 error, as that's what they are essentially. Or rather than pollute my logs with that, just redirect them to the blog index. How would you handle it?
