My tiny little weblog has now been targeted for referer spam. That'll teach me to publish referers in the sidebar.

What I don't understand is the diversity of source IP addresses. Are they really users of www.gevasys.de, www.mod.gov.sk, and cair.res.in? Do they 0wnz0r those systems? Can they spoof source IP? Update: Todd, who was hit too, says that the hosts that accessed us were running open HTTP proxies.

I found a pattern to detect the spam, so for now I'm ok. Won't last though.

techbad
  2003-05-24 16:19 Z