Shalom, fh6whUq3NnsPfj8g3vr0gQO4Yyzf.com
So I got a wiki, not a big deal but still good for people to share information between them. A nice thing about wikis is that people can share information without actually signing in, their IP address is logged but in rest, they can do whatever they want. The bad thing about wikis is that people can do whatever they want, without signing in. Combine the bad and good and you get a controversy.
Wikis are the heaven of spammers and vandals, this is a known fact. Spam is a weird thing, but if the spammer links to an nonexistent domain, that's even weirder. This happened on the aforementioned wiki. After checking with a mysterious John, he had the idea to register the domain name and watch what happens, how many visitors the domain gets, how much AdSense revenue can one earn with such a domain and so on. Below you will find all the details.
The spammer
On the wiki the IP address of the spammer when the spammy content was placed was 114.80.67.252. This IP address was tracked back to China and seems to be used by the Shanghai Minhang Cancer Hospital.
The content of the spam was similar to:
yjfgv http://fh6whUq3NnsPfj8g3vr0gQO4Yyzf.comThe first part of the comment is much likely a variable unique for the site the comment was placed on and is used by the spammer for tracking which websites allow comments through without moderation.
When we first observed the link, Google knew about roughly 960-970 web pages where the string figured. At the time of this post Google knows about 49,000.
Traffic drill down
In the course of one week, the website received traffic mainly --obviously-- from referring websites. In total there were 6120 unique request. In 289 cases the HTTP response code was "304 (not modified)" which means that someone from that specific computer and browser already visited the website.
In 164 cases the user was referred from a WordPress admin back-end's Akismet spam viewer which means that some blog admins have the habit of visiting the URLs from the already caught spam.
From the total of 6120 unique requests 613 were referred by Live Mail and Yahoo! Mail. Since mailboxes weren't targeted by the spammer, this likely means that people received a notification from the publishing platform and clicked through from within the spammy mail. Noteworthy, that Gmail referred only one single visitor.
- 2010-04-11, 18:36 - 0 (website went online)
- 2010-04-12, 18:35 - 4515
- 2010-04-13, 18:37 - 798
- 2010-04-14, 18:38 - 318
- 2010-04-15, 18:16 - 185
- 2010-04-16, 18:31 - 168
- 2010-04-17, 18:31 - 136
User-Agent strings
- iPhone - 142
- Chrome - 330
- MSIE - 2104 (IE6: 677, IE7: 519, IE7:899)
- FireFox - 1053
- Opera - 90
- Blackberry - 33
- Safari - 302
- Android - 11
Crawler Visits
Yandex's crawler visited the homepage the first time at 11th of April at 2350 GMT. It was followed by Googlebot on 12th, 0045 GMT then Yahoo's Slurp the same day at 0625 GMT. The last was Archive.org's crawler, which visited the homepage on 16th of April at 1357 GMT.
In the one week test period none of Ask's or Bing's crawlers visited the homepage.
AdSense Stats
In one week the total earnings through AdSense was about 2 USD. The click-through-rates (CTR) were relatively normal for a page where are no other links to click.
Below is the AdSense drill down containing the date, number of clicks and CTR.
- 2010-04-11 0 0 (website went online)
- 2010-04-12 8 2.29%
- 2010-04-13 7 1.87%
- 2010-04-14 3 1.66%
- 2010-04-15 5 4.03%
- 2010-04-16 1 0.8%
- 2010-04-17 0 0%
Publishing Platforms
In the very first days of the domain, a list of publishing platforms on which the spammy comment appeared was compiled. 69 percent of the comments were left on custom coded guest books or blogs. The rest of the spam was left on some sort of well established publishing platform:
- WordPress - 15%
- Joomla - 3%
- Mediawiki - 2%
- Serendipity - 2%
- phpBB - 2%
- Other - 7%
posted by methode @ 3:03 AM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home