Referrer Botnet | 2017 Feb 25

      No Comments on Referrer Botnet | 2017 Feb 25

This botnet’s purpose is to add referrer links to your Google Analytics, in the hopes that the webmaster or site owner will click on the link. They will then be exposed to an internet virus. Please do not click on any referrer spam link, as it is dangerous. I always copy the link and paste it into Google search first, to see if the site is dangerous.

Important is the fact that all these requests do not care about what information is returned from your site. All they care about is logging the referrer info, which has nothing to do with the originating IP. Therefore the originating IP can be spoofed. Note that Microsoft’s IP is included in this list. These botnets can really burn up your server bandwidth, as they do return, so banning them is crucial.

That being said, more than half of this list I had already banned. Overall they represent a bad group of host providers, harbouring scraper bots and worse, so there’s no harm in banning the whole shebang.

They all have a common user agent:
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 CachedNet CachedNet CachedNet CachedNet CachedNet Digital Energy Za Digital Energy Za Digital Energy Za QUADRANET QUADRANET NETIRONS EONIX Colocrossing Nodes Direct Microsoft

Leave a Reply

Your email address will not be published. Required fields are marked *