Categories

Federated Media is spamming referrer logs now

Disable Federated Media spambot using CSF or other firewall software

Disable Federated Media spambot using CSF or other firewall software

Well, what do you know: the big guys in the blogging business are not averse to stooping this low! I’m checking referrer logs on all my sites from time to time for any signs of irregularities – break in attempts and the like. Lo and behold, yesterday I’m looking at referrers for a large forum and seeing one after another URLs of individual posts from different blogs, all parts of the Federated Media network. So, I dig a little deeper …
… and of course no links to my site are found anywhere – not in the content (of course) not in the comments (I’ve personally never been there to comment and never hired any blog comment link-dropping services). I was even willing to give them a benefit of a doubt and looked the entire code, high and low (straight as well as JS-generated code) to see af any competitor was perhaps dropping a bad link to my site “on my behalf” – nothing.

In the logs their referrer link dropping looks just like any other referrer spam out there except it does not originate in Russia or Ukraine and goes from a Longmount, CO – located IP address 8.18.122.41. The spam bot comes in short bursts 2 visits 2 sec apart 1 or 2 times a day from the same IP address using different agent strings every time. The first part of the agent is always the same – “Mozilla/5.0 (compatible; MSIE 8.0; Trident 4.0; Windows NT 5.1; – but the reminder of the string always contains different toolbars and their versions (assuming to make it harder to catch the “sameness” of the agent).

Looking around the Web did not take long to see other questionable promotion techniques Federated Media is using. Here is one example from Gawker: http://gawker.com/271677/federated-was-warned-about-wikipedia-spam
Interesting that these are all link-dropping centered-techniques, obviously targeted at Google, which is a bit ironic given that Google has been trying to convince everyone lately that they are no longer dependant on links so much. It’s either Federated Media knows something that general public does not or they haven’t adjusted their promotion techniquest in years.

Additionally, it is telling that a large blog network that, at least on the surface, has no shortage of content and well-laid out sites, still feels that they need to engage in these shady techniques. If you listen to Google all these years, you’d think that having good content, nice pictures and good looking sites is all that’s needed to get noticed and prosper. Well, maybe not so quick…

So, there you go, Federated Media, thanks for dropping by [pun intended]:
for iptables users:
iptables -A INPUT -s 8.18.122.41 -j DROP

for CSF users:
run pico /etc/csf/csf.deny, then insert
8.18.122.41 #manually added 12-09-2012 do not delete
after that run service csf restart

You have to wonder though if referrer spam still works in 2012. You would think that noone in their right mind would keep their referrer logs crawlable (and I’m aware that some very limited amount of people still do, on purpose or through negligence). Also, with all Google’s crack downs on the low quality backlinks and weeding out networks, you would think that Federated Media of all blog networks would be more careful in where they drop their links to… Perhaps it just goes to show that what Google says and what Google does are not the same thing.

I imagine Federated Media may be running more than just one spam bot from more than only that Colorado based IP. If you come across another one, please post it here, I’ll be happy to investigate!