[SOLVED] Referrer Spam buttons-for-website.com
-
- Forum User
- Posts: 71
- Joined: Mon May 07, 2012 9:37 am
- Location: Zurich
[SOLVED] Referrer Spam buttons-for-website.com
Hello,
Google Analytics is increasingly reporting hits from buttons-for-websites.com. It seems to be similar to semalt.com (referrer spam), which gets blocked by ASL rule 393766.
Can you add buttons-for-website.com so it gets blocked or can I do it myself?
Kind regards
-Stephan
EDIT: corrected referrer. It's called buttons-for-website.com (not buttons-for-websites.com)
Google Analytics is increasingly reporting hits from buttons-for-websites.com. It seems to be similar to semalt.com (referrer spam), which gets blocked by ASL rule 393766.
Can you add buttons-for-website.com so it gets blocked or can I do it myself?
Kind regards
-Stephan
EDIT: corrected referrer. It's called buttons-for-website.com (not buttons-for-websites.com)
Last edited by stephan-zrh on Thu Mar 26, 2015 3:02 am, edited 1 time in total.
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4152
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Referrer Spam buttons-for-website.com
Sure, can you send us the appropriate access logs and we'll get a rule out.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
-
- Forum User
- Posts: 71
- Joined: Mon May 07, 2012 9:37 am
- Location: Zurich
Re: Referrer Spam buttons-for-website.com
Thanks, here are some requests I found in access_log:
Is this what you need or any more records?
Kind regards -Stephan
Code: Select all
177.101.127.50 - - [28/Feb/2015:12:02:40 +0100] "GET / HTTP/1.0" 301 448 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
177.101.127.50 - - [28/Feb/2015:12:02:41 +0100] "GET / HTTP/1.0" 200 20486 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
177.84.109.86 - - [02/Mar/2015:14:17:54 +0100] "GET / HTTP/1.0" 301 448 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
177.84.109.86 - - [02/Mar/2015:14:17:56 +0100] "GET / HTTP/1.0" 200 20495 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
108.198.19.92 - - [04/Mar/2015:00:56:00 +0100] "GET / HTTP/1.0" 301 448 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
108.198.19.92 - - [04/Mar/2015:00:56:01 +0100] "GET / HTTP/1.0" 200 20478 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
77.162.179.155 - - [04/Mar/2015:22:20:59 +0100] "GET / HTTP/1.0" 301 448 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
77.162.179.155 - - [04/Mar/2015:22:20:59 +0100] "GET / HTTP/1.0" 200 20491 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
Kind regards -Stephan
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4152
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Referrer Spam buttons-for-website.com
For this kind of event, thats what we needed. Rule update for this went our last night.
If you run into any other cases, please let us know.
https://www.atomicorp.com/wiki/index.ph ... _Positives
If you run into any other cases, please let us know.
https://www.atomicorp.com/wiki/index.ph ... _Positives
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
-
- Forum User
- Posts: 71
- Joined: Mon May 07, 2012 9:37 am
- Location: Zurich
Re: Referrer Spam buttons-for-website.com
Thanks a lot!
-
- Forum User
- Posts: 71
- Joined: Mon May 07, 2012 9:37 am
- Location: Zurich
Re: Referrer Spam buttons-for-website.com
I just noticed that in the Rule it says buttons-for-websites.com. But the referrer is actually buttons-for-website.com (not websiteS).
I had it wrong in my original message.
Kind regards -Stephan
I had it wrong in my original message.
Kind regards -Stephan
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4152
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Referrer Spam buttons-for-website.com
Latest rules should cover both cases.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
-
- Forum User
- Posts: 71
- Joined: Mon May 07, 2012 9:37 am
- Location: Zurich
Re: Referrer Spam buttons-for-website.com
Thanks for your help!
I just noticed these entries in access_log:
210.4.115.212 - - [18/Mar/2015:07:39:15 +0100] "GET / HTTP/1.0" 200 12576 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
179.192.231.65 - - [18/Mar/2015:13:40:58 +0100] "GET / HTTP/1.0" 200 1538 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
Shouldn't these be receiving Status 403? The files in modsecurity.d/ are from this morning (18.3. 7:13), so should be up-to-date.
Kind regards
-Stephan
I just noticed these entries in access_log:
210.4.115.212 - - [18/Mar/2015:07:39:15 +0100] "GET / HTTP/1.0" 200 12576 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
179.192.231.65 - - [18/Mar/2015:13:40:58 +0100] "GET / HTTP/1.0" 200 1538 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
Shouldn't these be receiving Status 403? The files in modsecurity.d/ are from this morning (18.3. 7:13), so should be up-to-date.
Kind regards
-Stephan
-
- Forum User
- Posts: 71
- Joined: Mon May 07, 2012 9:37 am
- Location: Zurich
Re: Referrer Spam buttons-for-website.com
Now it's working:
119.94.118.161 - - [26/Mar/2015:07:22:20 +0100] "GET / HTTP/1.0" 403 188 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
37.77.122.42 - - [26/Mar/2015:08:43:30 +0100] "GET / HTTP/1.0" 403 188 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
Very cool. Thank you!
Kind regards -Stephan
119.94.118.161 - - [26/Mar/2015:07:22:20 +0100] "GET / HTTP/1.0" 403 188 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
37.77.122.42 - - [26/Mar/2015:08:43:30 +0100] "GET / HTTP/1.0" 403 188 "http://buttons-for-website.com" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"
Very cool. Thank you!
Kind regards -Stephan
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4152
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: [SOLVED] Referrer Spam buttons-for-website.com
You are very welcome!
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: [SOLVED] Referrer Spam buttons-for-website.com
Which ruleset are the rules for this sort of thing in?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: [SOLVED] Referrer Spam buttons-for-website.com
Please add 'success-seo.com'
Also part of semalt
Also part of semalt
Re: [SOLVED] Referrer Spam buttons-for-website.com
And here another one
videos-for-your-business.com
Also semalt.com
videos-for-your-business.com
Also semalt.com