Sometimes spamming does not pay!
You'd think that with the seemingly unstoppable flow of all types of spam, that it must pay fairly decently. It does, for the upper echelon of professional spammers and their top affiliates. But, not necessarily for the lower ranks or those engaging in spam on their own.
Still, paying (for spammers) or not, the spam flood continues. It seems like an impossible task for us little guys to do anything to stop it. But is it really impossible for individual spam recipients to fight back and stop it? Not in this case!
So begins my story, where this little guy was able to make a big difference against a determined spammer. The spam I'm writing about is not your usual type, although it may have also been delivered to others through more typical means. This type of spam is where domain owners, or hired agents post spam links to the websites they are "spamvertising" - in the access logs of innocent websites. This is known as "log spam." They do this in the hopes that these logs may be published for the World to see, and show up in search results for the spamvertised keywords.
Since I have owned domains I have read my access logs, both to see where traffic comes from, and to catch bad behavior before it gets out of control. During the early to mid 2000's, from about 2002 through 2006, it was very common to see spam comments and links posted to a website's access logs, from remote visitors. These visitors were not usually human, but were often automated scripts written to post spam links in the "REFERER" field (that is how it is misspelled in the Apache Server documentation) of typical web logs. The reason they did this was because many cheaply or freely hosted websites published those access logs as viewable by the public, by default.
Fast forward to 2011 and despite the fact that most websites, like mine, have only privately accessible logs, the people wanting to spamvertise their new, often unfriendly websites will employ every tactic available to them. Thus, the spammer who wanted to promote his two new websites decided to post REFERER spam to my access logs. At first this was just an oddity that caught my eye, as it perused the hundreds of lines of hits to my main site. However, I am not your typical Webmaster and I don't have a typical viewpoint for seeing things, with my trained eyes.
Over a period of two weeks I noticed a repeating pattern of obvious spam links for two domains, coming at a short, predictable interval, from two closely related IP addresses. The IP addresses led to a broadband ISP in Czechoslovakia. The websites they were promoting were hosted by a well known hosting company here, in the USA.
Read my extended comments for the rest of the story.
The spammer, who lives in Czechoslovakia and has a dynamic IP address assigned by his broadband ISP, posted spam links in the Referer field of my access logs, promoting two - now suspended domains, which were just registered a month or so earlier. The name of the domain Registrant was distinctly European and his residence was listed as being in Czechoslovakia. The ISP through which the spam script was being sent was in the same area, in Czechoslovakia.
I ran a Whois lookup on both of the spamvertised websites and on the IP of the sender. The websites were both hosted on the same server, managed by Hostgator, in Boca Raton, Florida. The domains were both registered to the same person, with a Czechoslovakian address and the same free email account, at Hotmail.
It was difficult to establish where to send complaints to the ISP in Czechoslovakia. They don't seem to have a functioning website, where one could find terms of service (being violated by this activity). Still, I found three email addresses and sent complaints to all of them. I provided excerpts from my raw access logs, which are important in establishing the fact that wrongdoing was intentional and ongoing.
I suspected that since these folks are Czechoslovakian, I had no right to assume that they can read English. In fact, if they can, nothing was accomplished by my problem reports. The Referer spam continued unabated.
As a last resort, seeing as how I really, really dislike spammers of all kinds, I filed a spam report, showing all of my evidence and findings, with Hostgator, at 1:24 PM, on June 13, 2011. I didn't really expect them to take any action against the domain owner, since the spam came from a different IP and place in the world, but, what the heck, why not try?
Exactly one hour and one minute later I received two identical emails from a security Administrator at Hostgator, each stating the following:
Hello,We have suspended the site. Thank you very much for bringing this to our attention.
Robert Metzger
Security Administrator
http://www.hostgator.com/
True enough, both spamvertised websites are now suspended; totally dark. The spammer who purchased the account will not receive a refund for his unused time, because he violated their terms of service (by spamming about the domains). In this case, spam did NOT pay! To the contrary, it cost him!
Hats off to Hostgator! They took the high road, saw my evidence, looked at it objectively, then took appropriate action. This is a fine Web Hosting company, which does not knowing tolerate spamming, or exploit attacking of any kind, once they are notified about it (with proper documentation). This is the second time I have reported bad behavior by a Hostgator customer and the second time they have suspended those sites, almost instantly (in Internet time!).
The lesson for other Webmasters out there is this: if you are good people and use acceptable practices to promote your websites, you may thrive when others learn of your decency and honorable methods. If somebody tries to bounce spam links off of your logs or blogs, track them down, including their spamvertised domains, and report them to every possible person or company listed in the Whois, for both the sending IP and the domains listed in the Referer field. But, if you are a blackhat domain owner and you try to earn Brownie points by spamming my logs, or blogs, or contact forms, look out! I am coming for you, with legal authority behind me! And Hell is riding with me!
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.