Black Hat Tactics – Referrer Spoofing and Pay For Traffic Scams

Don't forget to tweet this post for a chance to win a $100 BestBuy Gift Card Time Left: | Details and Rules | |

If you run a website then you probably use one or more traffic analysis tools. Have you ever look at your logs and found a referring website that made no sense? You follow the referrer link back and find a page full of ads with no link pointing to your site at all? Well, you’ve been spoofed and while it doesn’t cause any harm to your website, it is annoying and causes false records in your traffic monitoring tools.

Why does this happen? Black hat marketers do this for a couple reasons. To generate traffic to either their website or a partner website, or the more creative black hats will use it to spoof directly to the advertisers on their website.

Traffic generation
You looked in your traffic logs, saw the mysterious link and followed it. Image that times 1 million… Even if only 1% of the webmasters check the referrer link, the spoofer will get tons of traffic. Spoofing a referrer is really easy with PHP using curl. Below is all the code you need to spoof 1 website. To extend, all you need to do is get a list of websites to hit. Loop through the list. Or, better yet, make a very simple code spider, or download an open source one, put the below code in it, and let it spider the internet all night. When the spider finds a domain name, it hits it with the fake referrer.

$host = 'http://spoofvictim.php';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $host);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_AUTOREFERER, false);
curl_setopt($ch, CURLOPT_REFERER, "http://mattdunlap.org/cool_links.php");
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_HEADER, 0);
$result = curl_exec($ch);
curl_close($ch);

CPM Scams
Another tactic is to generate clicks on CPC campaigns. You start a website and sell advertising on it based on CPC (cost per click) or CPM (cost per thousand impressions). For example you sell a banner on your website for $7 CPM, so for every 1,000 visitors that see that banner you get $7 from the advertiser. The website owner then turns the spoofer on and generates page views on the page where your banner is visible. You have to use proxies for this to be truly effective to also create different IP’s and they randomize the spoof referrers, but you get the point. In your records it looks like you banner had loaded thousands of time.

Buying Traffic for your Website
This is really not smart, especially when you buy something outrageous like 1 million visitors. You will see ads like this all over Ebay for around $10. There are many ways to do this, from viruses on computers to spoofing to pop-unders and the result is always the same. Your traffic reports will go up, but you will get no sales. Not only will you get no sales but your server will probably go down while they nail it with fake traffic. I wanted to see what this was all about so I bought one on Ebay. I started the campaign and minutes later my server is getting huge chunks of traffic. Every minute I’m getting 200 visitors and the site goes down and I shut it off about 5 minutes later… WOW, what happen. No matter how big a network you have, there is no way to send 200 visitors to a website through pop-unders or virus clicks. This had to be an automated script. Looking on Ebay now I would say 99% are like this, and, I bet there are scripts you can buy to do it, probably on Ebay too.

In summary, if you see a mystery referrer in your web stats, oh well? just move on. If you are a website owner looking to advertise on third party websites, make sure you get full disclosure for traffic including demographics, and not just traffic stats provided by the website owner. Basically don’t take his word for it. Check Alexa, compete, or if it is a large website comscore