Link Referral Scam - watch out!

I've written an article about this at http://www.weberblog.com/article.ph...031121220439862

but the brief intro is that p0rn sites have worked out how to get you to refer others to their site without really linking to you at all.

This may get you banned by some search engines and has an impact via Google.

My humble little sites are relatively low profile and have PR4 & 5 but they have been targetted as "easy prey". I know have work to do to fix all that.

I haven't seen anything here about this but it's definately an SEO problem as well as a security problem.

Sarah

Oh yes, it has been written here too... See my post about "sin protection" @

http://forums.seochat.com/showthrea...=&threadid=5979

A SEO problem? Unfortunately yes... A security problem... not really.

It is a security problem because some of the links include hacks into peoples secure areas - leaving it possible for a second visitor to create havoc.

The sites which are causing problems would get past your .htaccess and include:
* saulem.com
* jennifersblog.com
* a-b-l-o-g.com
* bongohome.com
* akksess.com

The point is that you can't block them as they are too cunning. You don't want your .htaccess to do the work of a spam filter.
The best you can do is ensure that their tricks don't allow them to achieve their end goal. ie
* your webstats pages don't give links that a search engine can read
* your top referrers list is manually verified or else it doesn't give links that a search engine can read

Security is a big issue for every website: no security == no users! If the site's secure areas are so easy to come around, then the website is very badly designed.

Don't blame the attacker, blame the programmer / site owner.




Why not (actually I'm using httpd.conf too) ? It has no/small effect on performance, it's easy to maintain and it gives me what I want.




Web statistics are ment for the site owner, not for everyone. If you put them publicly online, then everyone (including competitors, spammers etc) has a possibility to take advantage of the data they contain. Don't blame the attacker, blame the person who put stats online...

2K you seem very defensive


There are alot of websites out there which are put together by topic experts but not web experts. These people use systems which are easy to use and do have "control panels" which are password protected. Talk to them about ports and hacking and they'd have no idea. So, blame their selection process for choosing a system which is hackable!

I would like to think that my article and posts do actually put the responsibility back onto the site owner.
I don't say "hunt down the bad site" or even "block the bad site".
Infact I don't even recommend getting to know who the bad site is.
You SHOULD know who the good sites are if you're posting a top 10 referrers list.
And your stats (which may be blind, rather than secure) should be coded in a "safe" way.

Both of these actions are the responsibility of the site owner and don't expect anything from anyone else.

Sarah

I think it "experience provided cynicalism".




Security is as good as it's weakest link. Sad but true, this is generally the end user who has a weak /default username/password, or who hasn't read the documentation that comes with program.

However, it's alarming to see "dummy applications" (including many SEO applications) spreading the net. For example, seeing how many people trust non-secure form-based input or referal data is alarming. So in some extend it's also the programmers fault when they "make usability instead of security".




Keep your friends close, your enemies even closer is an old and good wisdom. Carefullnes is however required - getting your website under DoS-attack by an angry hacker isn't fun (trust me on this one, I've been there ;)