Comments on: The new wave of HTTP referrer spam

By: Paul Butler

Paul Butler — Thu, 17 Jan 2008 01:13:54 +0000

Yeah, that could become an issue. I could see it happening not just with spammers though, but with shady webmasters as well.. If you get, say, 2000 hits/day of traffic, you could put an affiliate iframe (or multiple) in each page. You wouldn’t even have to spam, if you have the traffic. I’ve never seen this done, probably just because it would be so easy to track down.

By: Brandon

Brandon — Wed, 16 Jan 2008 20:37:32 +0000

Yeah, so far, spamming your affiliate link like this only really makes sense for big sites (amazon, ebay, and such) where they can spam everybody in hopes that some percentage of those users will buy something from that site. The big sites would have resources to track this down and cancel the payments before they actually send the spammer any money.

Your idea to use the hidden links is pretty good. Actually, there are several reasons why a spammer might want to do that:
1- Somebody would be less likely to report them to amazon. I immediately noticed the affiliate link, but if I was just on some spammer’s page, I wouldn’t take the time to view-source on it.
2- Affiliate links are often obvious, like in this case of amazon, or with a Commission Junction link. By using their own page, they don’t have to display those.
3- With one visit to the spammer’s website, they can load multiple hidden affiliate links.

With that in mind, I’d bet that the next thing we’ll see is targeted referrer spamming. If you have a blog about widgets, they spam you with a link to their site. Their URL will contain something about ‘widgets’ in the URL. They will sign up with any affiliate companies that sell widgets, and put hidden affiliate links on their page for when you visit.

By: Paul Butler

Paul Butler — Wed, 16 Jan 2008 20:19:56 +0000

Good find. The good news is that they are stealing from Amazon, who happens to be the company that sends their cheque.. As soon as Amazon sees something suspicious, I assume they have the means to make sure the spammer doesn’t get paid. If a big company like Amazon has an incentive to go after these guys, I bet they won’t last long.

I would think a more effective way for them to do this would be to embed a hidden iframe in their own website with the link to Amazon… Then again, Amazon would have an easy time tracking that down.