Sun 2 Sep 2007
Spammers and Attacks on Your Stats
Posted by tel under spam/attacks
I learned something very disturbing yesterday and this morning did something about it pronto. I thought it would be important to share this with you so your website doesn’t become an unwitting vehicle for spammers’ links.
Most webmasters are well aware of the nuisance spammers are by leaving spam comments on their blog posts in a vain attempt to get backlinks for their own junk sites. Mostly we can stop them dead in their tracks by forcing all comments into moderation before they can be published, as well as the software already in place in most blog software to make all links rel=”nofollow”, meaning that the search engine spiders will not follow links back to the originating site, therefore no backlink.
From a webmaster’s point of view, if the search engines do find any links to pornographic or other banned sites, it can reflect badly on your own site’s ability to achieve a decent page rank and in some cases, where there are many links to banned sites, could end up getting your own site into trouble - even banned itself. So you really, really do not want any links to banned or porn sites.
But there is a more insidious method the more high-tec spammers are starting to use to place follow-able links back to their sites from your self-hosted blog or website. And if you don’t plug that gap, they will take advantage of it for their own ends.
Most of us don’t bother to password protect our site stats files like webilizer, or awstats because we never thought it was necessary. Well, spammers figured out that they could launch an attack on these unprotected files and place their links in there and we’d never know… until our host suddenly shut us down for all the links to banned sites!
There is a way to tell if you’ve already been targeted by spammers in this way. In your webilizer stats, you can see lists of referring urls - hits on your site etc. They should all be from friendly sources. But if you spot an unusually large amount of referrals from a particular site or IP that you don’t recognise, then check it out. It could be one of those spammers accessing your stats file - the more hits, the more links they will have placed.
Bad news.
The first thing you need to do (and should do this whether you’ve been attacked or not) is to password protect your stats files. To do this, go into cPanel and click on “Password Protect Directories”. You’ll see a list of all the directories on your host. You need to find the directory called “tmp”. In there are all your stats files. You can place a password on each individual stats file - webalizer, awstats etc. That’ll keep the spammers out of there.
If you have been attacked, then you need to contact your host and tell them what you believe has happened and what they suggest you can do about it. There is a file called “dns_cache.db” that stores all IPs that have visited your site but it is not easily editable.
Stay vigilant and stay safe!
Terry Didcott
THE HONEST WAY
September 3rd, 2007 at 4:16 am
Can we have a link exchange .
I will link to u from megaupload-tips-tricks-hacks.blogspot.com (abt 180 uniques per day)and can you link back to simple-tricks.blogspot.com
September 5th, 2007 at 5:34 pm
I will be happy to exchange links as soon as I see my link on the page you said it would be on!
Terry
February 15th, 2008 at 12:39 pm
[...] that contain sensitive files - I believe I posted about that way back sometime, ah here it is: Spammers and Attacks on Your Stats, where I outlined what to do to protect your server [...]