Monday, November 21, 2011

A New Kind of Spam: Hitbots?

I was going through the blog's traffic information and I found some really interesting trends that are leading me to suspect there's a new type of spam advertising making the rounds: hit-bots. Simple computer programs that point a browser at a website over and over again, generating hits. The idea, on a much higher scale, is the basis behind what's called a Distributed Denial of Service attack... on a lower scale though, it generates enough traffic to catch the attention of a curious website admin.


Figure One: Statistics Overview


Today, I had ten page views, which is a little unusual, since I haven't done anything today. The top traffic sources shown, which happened to be new on the page when I checked, were domar.ru, which is hosting some sort of political video, and aboutappleiphone5.com... which is clearly unrelated to anything I've done. And that's how it works. A number of hits are generated, they show up on my traffic sources, I take a peek once or twice a week to see where my traffic's coming from (so I know where to focus), and I see sights I've never heard of. Maybe I even click on a few to see what the ones with unreadable names are... and I get a glance at their advertising while I'm at it. Nifty, right?


Figure Two: Referring URLs by Hits Total (All Time)


And with special thanks to Cam over at A Woman's Place for all the traffic she's thrown me over the R. v. Effert commentary. Domar, Pu.gg, Blog.tk, and postring.tk, on the other hand, are just more of the same bots. They're bit players in the long run, but with the exception of Catholic Answers Forums (which I no longer frequent) and Facebook (which isn't listed), they're the only significant sources of traffic.

Figure Three: Pageviews by Country (all time)


And, as I sort of figured with domar.ru, the vast majority of the traffic dumped in is from Russia. The rest is from the US and Canada, mostly thanks to hits from CAF and from Cam, followed by Canada, which makes sense as I'm Canadian and my facebook friends are Canadian, as are my twitter followers.

I'm sure there was a point when I started this, but I have a roast in the oven. Other users might want to keep an eye on this too... these "junk hits" throw off all your other data like per-label and per-page hits. Useful, if you're trying to get a feel what people actually read. Unfortunately, there's no way to filter it out, but you can at least factor it in as a margin of error.

3 comments:

  1. I'd been wondering about that! I've been getting all these crazy hits from random marketing web sites all over the world, and when I went to the sites there was no link. Thanks for the explanation!

    ReplyDelete
  2. Admittedly, this is speculative... but the idea certainly fits the pattern.

    It's one of those things I'd probably have come up with myself if I cared more about marketing. :)

    ReplyDelete
  3. I have been seeing the same kind of pattern of hits. I have also been (for the first time in decades of computing) infected by a series of viruses, one of which was extremely difficult to remove. These may have arisen from my visiting these sites out of curiosity.

    I thought that I was safe in doing so because I was using Chrome rather than IE (which is more popular and thus more of a target) and I'm running Avast anti-virus, which has always been pretty good. Alas, Avast did NOT recognize the viral files once I found them by other means, though during a lengthy boot-up scan it did find compromised files in the Java cache.

    My conclusion is that visiting these peculiar sites can hit you with viruses or trojans, some of which may be so new that no anti-virus program knows of them. (One of them seems to have downloaded a file from a site that was registered just one week earlier, so this was a very new attack.)

    As time goes on I expect that these scoundrels will use names even less unusual than pu.gg or domar.ru and we'll start getting hits from sites like CuteKittensAreAwesome.com or whatever.

    ReplyDelete