The Latest: The most recent news from WordPress are posted here. If this subject is new to you, read what follows first.
* * *
This is an insider matter of no interest to those who don’t blog on WordPress, but it may be of interest to other WordPress bloggers. I’ve noticed an unusual increase in hits on this blog. WordPress helpfully provides addresses of “referrers” and the number of hits coming from each. Of late these have multiplied, but when I click through to see who might be sending referrals and in what context, I end up on sites that seem to have (1) zero relationship to subjects covered on LaMarotte and (2) do not show any kind of link either to LaMarotte or any of the posts on it. Indeed, clicking twice on the same address produces two different sites, each one advertising something else. If I went on clicking, no doubt other sites yet would show up.
This morning, for instance, I noticed 17 incoming hits from an address called malamkupertama.co.cc/blog.15-useful-wordpress-tips-to-make-your-theme-even-better.php. This address has taken me successively to a dieting site and then to Amazon.com. No entity called malamkupertama.co seems to exist on the web, not according to Google or Bing. There is a blog entry on 15-useful-wordpress-tips etc.—and it actually does presents tips. Eventually I discovered that the words malam ku pertama is Indonesian for the phrase “my first night.” The same referrer, by the way, also referred some 15 people to a post on my other WordPress site, Borderzone—which has a radically different scope. In both cases, of course, what actually came to the sites may not have been people at all, just little electronic bacteria doing their things. Somebody is messing around with the common good again!
Bloggers feel good when traffic suddenly picks up—but what if it is simply a scam to cause the blogger to click through to ads? The coherence of viewer statistics is thereby destroyed. These aren’t readers. These are algorithms designed to create phony hits, of no use anyone but producing phony emotions in those who get the seemingly real attention. I will attempt to notify WordPress of this and hope I manage to get through to someone human.
Anyone who knows something is welcome to comment—on this blog or by e-mail.
Added later: I discovered the way to report this sort of thing to WordPress. The link to their support site is here. They give you a form. Pick a topic from a list first. I chose the topic Traffic. Then answer their questions. If you want to report the same malefactor as I have, you can copy its long name from my site first.
Added January 31. The problem is morphing, and if WordPress has a fix to specific invaders, that fix is not generic. This morning’s invader on my site is jejakajambu.co.cc/blog.15-useful-wordpress-tips-to-make-your-theme-even-better.php. I’ve also learned that these referrer spams serve the interests of an outfit called adf-ly, an advertising server. A commenter to my follow-up posting, above, reports yet another version: kekasihgelapku .co.cc/blog.15-useful-wordpress-tips-to-make-your-theme-even-better.php.
Added February 1. Although yet another variant of the spam referrer surfaced today, as I’ve learned from comments, it did not show up on my site. The largest number of referrals on my site from a single source was 3.
Added February 2. Yesterday blogger joepzander reported another version, kakakphuru.co.cc and the all the rest of it. Today ranting rambler reports another one, adakukisah.co.cc etc. That one showed up on my site too. I’ll notify WordPress, hoping that they’ll eventually put on the big boots to stomp these guys out.
I learned from TimeThief in a forum (her site is here) that WP staff advise the following: (1) If you get one of these spam referrers, DO NOT click on the link. The spammer wants you to click through, and if he/she/it fails to get hits, that’s good for us and bad for him/her/it. (2) If you mention the spammer in a blog or comment, DO NOT use its full address; follow the abbreviated reference as in the paragraph above. (3) Notify WP staff when new versions appear. And (4) WP staff is working on a solution. Thanks to all of you who’ve taken the time to notify WP.
Added February 3. This is getting tedious. The new one today is kenabanlagi.co.cc. WordPress staff notified me that they want to hear about these. They remove them, but evidently only after having heard of them. Time elapses. My spammer yesterday was there all day long although my notification to WP took place in the morning.
What WordPress ought to do—a major undertaking—is continuously to search for a pattern on all blogs, thus, in this case, on the 15-useful-wordpress-tips-to-make-your-theme-even-better phrase. As soon as this pattern is found, the incoming should be removed. This should be automated. The spammer will then change the phrase, and so it will go on. Spy vs. Spy, it seems to me. If the sender cannot be identified by its originating electronic address—and only by blog users’ own eyes—this will never end. WordPress will always be hours behind and hit counts will continue to be inflated.
Added February 4. The intruder has morphed, big-time this time. The leading phrase is now takbisakah.co.cc/blog/. This is then followed by a very long string of other words, no longer the 15-useful-wordpress-tips etc. Expected something like that—as I said in my comments yesterday. Wearily, I’m about to report this to WordPress again.
Added February 5. WordPress staff (Mark) sent a message to all those who reported on the successive referrer spams. Mark’s comments in part follow:
Hi,
I am sending this to quite a few people so I apologise for the lack of a personal reply.First, thanks for reporting the full blog urls. These are blocked and you should not see them again.
This is a very hard problem to deal with and based on the last 5 years dealing with spam, here is what I think is happening:
1. A spammer finds a lax domain registrar or makes a deal with a less than scrupulous one.
2. Spammer buys a large number of sites
3. They then fill those spam sites with ads or possibly malware
4. Spammer then spams thousands of websites.
- so far he will have bought the domains using a program and put all the ads on using a program so the effort involved is tiny.
5. Spammer hopes people follow those links back to his site.
- because his costs so far are small it only takes a few purchases through ads to make money. If the site is serving malware then payment per successful infection is made.
6. Spammer then gives the domains back to the registrar within the accepted time-limit and gets a full refund.
- if you buy a domain through wordpress.com you can cancel within 2 days. A dodgy registrar might allow longer but it’s still a short amount of time. That’s why they move fast.
So it’s all profit.
Mark comments that operations of this type are outside of WordPress’ control and simply stopping the process—that they cannot do. “But we can and do block every domain that gets reported, and again thanks for doing so because it helps everyone else too.” The emphasis is mine.
I appreciated getting this message. The spammers also disappeared from my site.
Update on Feburaryn 12. This update also appears as part of Scam Follow Up. I have not had any more referrer spams since and including February 6. One commenter to my follow-up post (helmiismail42) claims to be the spammer. I forwarded his/her/its message to WordPress technical staff too.
Added March 4. The menace is back, this time it is called cinabeng and it carries the phrase “justin-timberlake-car-accident” in the incoming address. I’ve notified Word Press again.
Hi Arsen,
The exact same thing has been happening to me — from the same address, too. I stumbled upon your blog when I googled the address to see who was giving me all these extra hits.
The thing is, I only started blogging five days ago so I had no idea how many views was considered normal.
How disappointing that nearly half of my hits have been from, as you say, electronic bacteria!
Do send in all these links to WordPress support — I have been doing that and they have replied to keep reporting any suspect sites to them.
This is one of the sleaziest and frustrating scams going around the net.
This was a new one to me, just popped up today, and I found your post on it, so thanks for doing so.
I found your post through googling the “malamkupertama” blog after it raised similar suspicions for me. I had the same experience with this (fake) site, and it would be unlikely but great to see it taken down.
Happened the same with my blog. On a recent blog with the same adress as mentioned her. But in an earlyer blog with another adress. I was happy to see that this adress later on became hidden ( By WordPress support) But the number of hits kept including those falses.
Same exact address popped up on my referrers today too and that’s how I found your blog. Very frustrating!
Hi Arsen,
The same thing with our blog… It’s very frustrating!
There are any way to block malamkupertama?
We shall see. I’ve notified WordPress and given them the address of this post. They’ll see all the comments here. I’m sure they are as concerned as all of us are and will do something. If so, I will post something later under “Scams revisited.”
Just did the same thing and I suggest that everyone else with that problem does so as well. Let the WP staff know that there is a problem and one that is not only annoying one person.
I emailed wordpress about it and I’m no longer getting hits from malamkupertama. Did anyone else get this result? I don’t see any other positive comments.
Sorry, I just read the next post. Ignore my above comment.
Yep, another blogger here who found your blog when trying to find out what kind of scam that strange referrer is. It is happening to my blogs as well. If you are all about the click-rate, then I guess this is a welcome scam/spam. But as it muddies the numbers of your actual, real-life readers it is only one thing: annoying.
I have been experiencing the same thing..was happy that my hits are increasing…i did suspect something wrong and so i searched a bit about it and ended up here…do let us now if you understand how to block it…thanks!
I have 18 views today from malamkupertama. I also googled this thing and found your post.
Thanks for posting about this.
gdw
I have the same problem. I am emailing WordPress as well. Let me know if you come up with any solutions. Thanks so much.
I am also ‘victim’ of this Indonesian fraud site and and up at a website that is called ForTheLose.org. So it seems to be a problem still and is not being solved by wordpress.
Got a reply from WP staff, telling me they’d start filtering those results from my stats. Stats have been climbing normally since, nothing coming from that referrer anymore.
I got 26 hits on one blog post from this phantom referrer. I found your blog when I did a Google search. I also contacted support to notify them hits on my photo-blog.
Thank you so much! I’ve been trying to figure this thing out!
Yep same thing on my little blog
I’ve had the same experience as everyone else. I’ll be notifying WP. Times when I’ve contacted them before with problems they’ve always really been quick to take action.
Ditto all the above, thanks for this – I clicked on the link but once I saw the fishy-looking site, w/a full page ad, something told me not to click “skip this ad”…or anything else there. Bummer that something like this gets your hopes up (my hopes at least) that you’re “being discovered,” all for naught… Again, thanks for writing this up.
I must say I’ve also experienced what everyone else has spoken about and then come here when checking the validity of the site through Google.
[...] Scams [...]
Ditto, exactly the same has happened to me, although the spam site is now dead. Have taken your advice and e-mailed wordpress. Thanks for letting me know.
I have exactly the same problem. Few minutes ago I wrote a mail to wordpress-support and I hope they delete this website very soon.
Thank you for your post. I wondered why there has been more than 30 visitors to my blog, cause there are usually about 5 per day. While searching the website with google I found your blog-entry.
Thanks for researching and sharing this information. I was puzzled by the referrals to my blog from the same site.
My false hits are pouring in from this faked referrer
http://jejakajambu.co.cc/blog/15-useful-wordpress-tips-to-make-your-theme-even-better.php
I notified WordPress. Thank you for your tip.
[...] http://adarnay.wordpress.com/2011/01/29/scams/ [...]
My blog has also been struck by jejakajambu.co.cc/blog.15-useful-wordpress-tips-to-make-your-theme-even-better.php.
Dang, and for a moment there I was feeling awesome. 16 fake hits were sent my way in the few hours I was offline.
jejakajambu is the spam Flavor of the Day.
So frustrating!!!!!!!!!
Almost looking forward to tomorrow’s. At this rate we’ll all learn Indonesian by and bye.
why exactly is it bad? I mean what do they do?
Wait..? what I can’t wuite understand.. today.. when I came to see my site stats.. the views in my blog suddenly increased a lot that I I even got surprised..I saw the referrers and I saw the same URL you put.. I went to see what kind of blog it was..and how did he/she found my blog.. but.. not expectedly.. it was another thing that it isn’t even related from my blog and now I can’t even enter.. it only pops out the thing of amazon thing.. I can’t understand what is happening.. is it something really bad? can it affect something in my blog? ㅠㅠ?
are they really people that visits my blog or is it another thing..?
It seems to be an automated thing, Scarlet Warrior. They want YOU to notice the many hits. Then they want you to become curious, and to CLICK THROUGH to their site. That in turns counts, over there, as a click on an advertisement, thus they are trying to drum up traffic to their ads. Meanwhile YOUR user statistics get messed up. Electronic BACTERIA, not people.
What?!! aH!! is there any way to stop this thng or is it possible to change the site stats to the normality without counting the thing of electronic bacteria thing?
Thank you for the information!
Thanks so much for this information! I’ve got exactly the same problem getting significant referrer scam from the following sites for the last 4 days:
Monday, January 31, 2011 and Tuesday, February 1, 2011:
jejakajambu.co.cc/blog/15-useful-wordpress-tips-to-make-your-theme-even-better.php
Saturday, January 29, 2011 and Sunday, January 30, 2011
malamkupertama.co.cc/blog/15-useful-wordpress-tips-to-make-your-theme-even-better.phplivepage.apple.com
I reported it to wp support, too.
Rhyming Med Student:
Those two items disappeared for me too, but only after a day of creating nuisance hits. I reported to WP, so did lots of others. Just today (Feb. 1) six people have already reached WP Support from my site alone.
just wanted to chime in and say I’ve noticed this too. As a new blog I thought the hits were pretty fishy. I got 46 yesterday just from the one phony referrer, so I came to google and found you. Thank you for the detailed writeup!
new one: http://katakphuru etc. Perhaps it is better not to mentioon the full adress her because it can help more of this rubbish to rank up
Sorry to hear that. That one has not (or not yet) shown up on mine. I notified WP of both that invaded me.
I use Firefox with noscript so didn’t see their ads, but I also have been getting hits from this site. From what I gather they don’t install keyloggers/virus etc?…because I visited their site & freaking out a bit lol. Thanks for writing about this & clearing it up!
Thank you for posting this. As a new blogger, my pride started to leap when I saw all the visits. Then I realized that freaky address. I sent something to WP as you suggested.
Thanks for posting this as it is helpful to know.
Here is another one for you: http://adakukisah.co.cc/blog/15-useful-wordpress-tips-to-make-your-theme-even-better.php
The other links that were coming in to me seem to have been removed from my stats. That is I can still see the ‘amount of people referred’ by that link, but it does not list the link with it any more. It’s been put down as Other sources.
Hi all, same with me…. also reported to WP
Thank you — and all of you out there — who take the time to report to WordPress. Must keep the management involved — and informed!!!
Thank you so much for posting this and for the timely updates. I have been hit twice this week. I notified WP and they took care of it immediately.
Same thing happened to me — and, like some of the other posters, my blog is new, so I had no idea what was normal traffic. I really appreciate your posting on this, and your clear explanation (for us non-techies) about what’s going on!
Same issue is happening to me. Hope WP will provide a solution.
Thank you so much for your post! I, too, have been inundated with the adakukisah.co… “hits” and I couldn’t figure out the origin of the cryptic url. I’ll report them to the WP staff as you suggested.
I have a wordpress blog and I’m getting nailed, too…thanks so much for doing the research to get it resolved with wordpress…
maureen
I’m having this same problem and I’m so glad your post was here to shed some light. I’m majorly bummed that all my new “readers” don’t exist. I am reporting right now, thanks to your help!
thanks for posting this! I had 8 hits from the same scam before 8:00 this morning! Should have known 8 real people wouldn’t have been up that early…
[...] More information and comments on the co.cc referrer spam on the LaMarotte blog and on the WordPress.com search page [...]
Both links on this blog refer back to this post here.
They got me too. Same people. Thanx for your post.