Tracking referrer spam

I noticed in my Shortstat logs that much of my referrer spam comes from a single IP address. In one instance, five domain names spawned from the same IP address, which originated from a DSL connection in Germany. Most likely, this is due to a spammer who got his hands on a zombie and used the connection as a relay to deliver spam to my server. However, it might just be a really stupid guy who didn’t even bother to cover up his steps.

In any case, I’ve also noticed that in the last few months, the spammers have been getting smarter. Most of the spam for a single domain now comes from multiple IP addresses from multiple countries. This makes banning by IP virtually impossible. Of course, you can use Apache to block referrer requests by the domain name — the method I’m currently using.

It’d be nice to see a central referrer spam blacklist develop, much like MT-Blacklist. Until that happens, I’m going to rely on filtering out the sites myself using mod_rewrite. Juju has written a Perl script to clean up existing server logs.