Traffic at firsttube.com has grown steadily, for some reason, and the logs reveal it: we get a TON of traffic from search engines, and the most popular terms are surprising – sensitive readers beware – here are the terms that most frequently drive people here:

cumtube, red-tube, uporn, adult youtube, milf, gay tube, tube 8 and many more equally odd terms.

You know why? Because, in a shrewd move that search engines seem to love, I display links back to my referrers, thinking they are trackbacks. But when it’s not from Google, Yahoo, Live.com, or OSNews, it’s most often spam. Why? Because not only are we using the name “tube” in our title, but with each erroneous entry, we tell the search engine it’s a good thing by back-linking to that search. In short, I’m perpetuating the problem. As a result, dozens of spammers have begun issuing basic GET requests in the hundreds placing their sites in my referrer lists.

Some time ago, I began the battle by adding rel=”nofollow” to all outgoing links not added via the admin section. But alas, that wasn’t good enough, the spammer didn’t care, so I implemented a pre-check, whereby referrers are, via regular expressions, matched against a list of known crap. As of today, there are 36 terms that I actively filter. In time, this will be performance intensive, if it isn’t already.

Thus, a gateway. Now, *all* referring traffic goes into a temp table, and each entry must be approved. I wrote a nice tool to batch import, batch delete, or even approve based on certain filters, such as domain or term. As it matures and I get an idea of time, I will “whitelist” certain domains that can immediately post to the referrer table. In the meantime, I need to decide if I want to filter referrers with obscene unrelated terms or just leave them and let the magic run its course; after all, these are not “spam,” they are simply organic mistakes. An argument could be made that it’s interesting, and therefore, mostly the reason to post referrers, to see what terms and sites around the internet drive traffic to a site.

Anyway, spammers, take note: I gotcher number! Stop referrer spamming me! That means you , you stupid lyrics sites!

So, I had to issue these SQL statements to the database today:

DELETE FROM user_agent_table
WHERE (referrer LIKE 'http://mp3%' OR referrer LIKE '%mp3.com%')
 
DELETE FROM user_agent_table
WHERE referrer LIKE '%musicforum.org%'

Musicforum.org has some asshole posting all sorts of links that pass a GET variable with a firsttube.com URL in it, which appears to do nothing other than ping the page. So, effective immediately, we run a regex validator on referrers and will be doing a more frequent clean up.

Hear that spammers? Take your crap elsewhere.

I got a text message yesterday that said “Free Msg from Verizon Wireless: We have new calling plans for UNLIMITED text to anyone in the US. Requires new customer agreement. Call 877-256-XXXX. To opt out reply X.”

This type of message is not completely unseen on my phone network. I’ve gotten a few “notice”-type emails in the few years I’ve been with Verizon, so before I even really knew what I was doing, I quickly replied “X” and hit send. And then I saw it: “Sending message to 9000XXX03671″

I realized what had happened. I had just texted 900-XXX-0036. And unfortunately, 900 numbers can charge, according to Verizon up to $25 or more for this type of thing. I IMMEDIATELY dialed 611 to talk to Verizon. Much the same way that if I complain with American Express, they can withhold payment from a merchant, I wondered, can Verizon refuse to square up on what was obviously a spam text scam?

Yes and no, apparently. The helpful rep I spoke with, “Sarah,” told me she could “flag” my account for a follow up when the billing cycle ends, but the agents cannot see live data and couldn’t see a text message within the last few days, let alone minutes. She promised to credit me whatever the message cost.

So I asked her the same question I’m broadcasting now: “Why do cell phone companies allow incoming text messages from 1-900 numbers?” Even if they were limited to just replies it would be an improvement. What possible reason could I have for a 1-900 number to send me an unsolicited message?

Is this the future of cell phone? SMS spam from 1-900 numbers? This is very dangerous ground, and I see where it’s heading: advertising spam (which has already started), “verified” senders, block lists, and finally an option to accept SMS only from your contacts. A new age is upon us. May the people who perpetrate these scams rot in the blackest pits of hell.

But Verizon is going to take care of me this time, and I won’t get suckered again. The moral of the story is: don’t reply to text messages from people who aren’t your contacts, period.

–

Within seconds of hanging up with Verizon, I got another message from 900XXX003671: “Thank you. If you want to eliminate all future SMS informational and marketing messages from Verizon Wireless, reply Q.”

These 203 comments were generally grouped, about 30 to a group, with identical information. The name was some kind of drug spam (you know the typical Viagra, etc) and the IP was blank (which I may soon require to comment). But the odd thing: it was almost like it was custom written for my blog: the thread kept changing, the parent comment changed, the content changed, and it passed the captcha… or so it seemed!

So I changed my captcha. I think I might have found a bug in it whereby if your browser wouldn’t begin a session, it might pass the captcha. So that’s fixed. Plus I added several little checks to the comment page. It will not only reject lots of comment variants (all of which are unlikely to occur with real comments), it will actually ban some users automatically if certain strings are found, etc.

It’s kind of ironic that my last entry was on spam, and then my site gets spammed.

All were coming from different IPs. All had different user agents. All had different referer links. This is spam, pure and simple. It’s someone trying to piggyback off of my pagerank.

These are the jerks who spammed me:
theonlineslotsmachine .com
online-casino-special .com
adencitycasino .com
onterminsurance .com
ontermlifeinsurancerate .com
onslotmachinesonline .com
actoncasino .com
onusinter .com
iloanmortgageonline .com
scrail .net
ppplastic .com
mysteryclips .com
e-z-ly-treat-e-d .com
onhomecontentsinsurance .com

And that’s just a small slice of the pie.

I’ve removed all of the spam links I could find, added some tighter controls to try to avoid recording these faked headers, and also added ‘rel=”nofollow”‘ to the links, which means I still reward referrers with a link, but bots won’t follow them, so they get no pagerank bonus until I manually change it.

Trackback spam is going to be a big problem, particularly as people continue to use commenting engines that allow you to link your name to a URL. It makes sense to start posting fake comments just to get that link on a worthwhile website with a high pagerank. So combating this early will be important.

I’ve thought about some ways we might combat this, and was thinking that on OSNews, I might only light up your blog/homepage link if you have a positive “trust” level. Otherwise, it will be just plain text. Or maybe add the “nofollow” to links of untrusted users. Not sure yet.

Either way, trust me, though the subject may catch on with a different name, you haven’t heard the last of trackback spam.

This is common all over the internet. I, surely, do not propose to be smarter or more inventive than the designers of the internet. In comparison, my skillset is supremely dwarfed. However, I think everyone can agree, all of what has been adopted on the internet was done so without the knowledge that it would catch on so quickly and so intensely. Even the central protocol that powers the internet, IP, needs to be upgraded to a new version to accommodate the growth rate and security needs unforeseen by those who put the ball in motion 30-odd years ago.

That said, one nasty habit of interneteers has been to “jiggle” the current internet to fix problems as they arise. Of course, it’s impractical to create a new internet that does things properly. In addition, replacements are hard because getting everyone to switch over is an arduous and tedious process. But some problems simply don’t have simple or practical solutions, and the most obvious problem is spam.

Spam affects nearly everyone with an e-mail account. It’s been estimated that around 3% of all internet traffic is SMTP, or Simple Mail Transfer Protocol, the TCP port on which e-mail is sent. Further, this website reports that “Brightmail, an anti-spam software maker, reported that spam will account for 40 percent of e-mail traffic in 2003.” 40 percent! That’s nearly half of all e-mail transmitted! They also estimate that each piece of spam, at the least, takes about 4.5 seconds of our time. For the average person, simply receiving 10 pieces of spam a day takes, at the very least, a minute of their time. Multiply this times the many billions of messages sent out each day. And some of us are fortunate enough to receive up to 100 spam mails a day.

Read about recommended solutions to the spam problem and you’ll get the same few answers:

Honestly, that friggin ad follows me all over the damned internet. You’d think it was just that necessary, “Hey, buying a CD…why not pick up an X10 too?” “Say, checking your e-mail….need an X10 while you’re at it?”

Seriously, I need to know – who is buying these things?