I am a victim of HTTP Referrer attacks…
I look today at my statistics, trying to discover some strange URLs (maybe an attack, I recommend You to do it) or tracking Referrer of my visitors in order to see who is back linking me, or where someone is talking about me.
I found 201 referrer coming from a famous hardcore movie site, 201? this is not a hazard. Going there for the sake of truth (;-)) I found that they are offering free porn images, video and I immediately thought about
The famous "Free porn CAPTCHA Attack"
My site is powered by Joomla, and I have developed a CAPTCHA framework. A Capctha is a generated image containing some scrambled text, the idea is to require a human being to read it and so it prevent spammers from automatically generating million of comments, emails accounts,…
One way to crack CAPTCHA is to offer a free porn site which requires that the user key in the solution to a captcha — which has been inlined from my site for example — before he can gain access. Free porn images or video attract a lot of users around the clock and in many countries.
Solutions to block spammers: for a time
- Check HTTP Referrer when the user post his key, and avoid sites address containing sex, hardcore, … based on a dictionary -> the only drawback is that it is trivial to fake the HTTP Referrer,
- Inserting a supplementary text into the generated CAPTCHA image: "Do not enter text if the site is not waltercedric.com", this is done in one of my securityimages Plugin: Freecap but NOT in core 1.1 or HnCaptcha 1.0.
I will have to extends plugins which are not protected soon
It can also be a tentative of HTTP Referrer Spam
Firstly, the spammer creates a simple script that searches sites just like search engine bots do, but the only difference is that these scripts send a referrer header with their own site’s address.
Why to do this you may ask? My sites has its statistics page indexed by a number of search engines. This means that if the spammer can get his site listed in the stats page, then it will give this referrers site higher ranking in search engines too. This also allows that more search engines will crawl the link back to their site.
Solutions: Avoid publishing Your statistics page.
- I disable the links stats in the top menu of joomla, so I am sorry but nobody will be able to see it in real time.
- I add to the file robot.txt (root folder of your site) disallow stats in order to prevent further re-indexing of previous search engine.
- I add a file .htaccess to disallow new processing of that file so you I will need to enter a password to see that page.