Recent Topics

b2evolution.net thinks I am Referrer Spam

Started by on Jun 30, 2006 – Contents updated: Jun 30, 2006

Jun 30, 2006 15:57    

This morning I clicked on the b2evolution logo in the Admin of my blog at wtnh.tv. I was greeted by the following page:

403 Forbidden
Please stop referer spam.

We have identified that you have been refered here by a known or supposed spammer.

If you feel this is an error, please bypass this message and leave us a comment about the error. We are sorry for the inconvenience.

If you are actually doing referer spam, please note that this website/b2evolution no longer records and publishes referers. Not even legitimate ones! While we understand it was fun for you guys while it lasted, please understand our servers cannot take the load of all this cumulated spam any longer... Thank you.

I'd like to know how and when my site became tagged as referrer spam. Is it because I send too much stuff to antispam.b2evolution.net? Who should I contact to get my site's name cleared?

Jun 30, 2006 16:30

No one is ever banned or blocked because they report too many spammers. Trust me: it doesn't work that way at all. You can NEVER report too much!!! I just visited http://wtnh.tv/blogs/index.php and clicked on the "powered by" link to b2evolution.net and got the correct page. In other words I didn't see the "you're a spammer" message. So you're not blocked, but you saw what you saw so let's figure that out.

The antispam utility blocks traffic if ANY part of the URL matches something in the antispam database. So for example if "foobar" is banned and you click a link from "http://domain.com/blogs/index.php/foobar_is_spam" the blacklist will block that visit. Therefore what PROBABLY happened is that somewhere in the URL of the page you were on there was a banned term. Possibly after using your antispam utility? Sometimes a banned word becomes part of your URL, so visiting immediately after that would make it think you were a spammer. Try going to your back office and verifying that the address bar doesn't have too much extra stuff in it. Like go to your back office then your 'edit' tab, then click the link to b2evolution and see what you get.

By the way the antispam central database isn't the same as b2evolution.net's local antispam list. Funky I guess, but they actually live on different servers. Someone with permission to on b2evolution.net has to report spammers and ask for the latest update - just like everyone else.

(moved since this post isn't about getting spammed)

Jun 30, 2006 18:50

(moved since this post isn't about getting spammed)

Sorry about that, EdB. My brain went on vacation for a moment.

I didn't think it could be from reporting too much, but I tossed that one out there anyway.

What I found weird was that I got the message after opening the b2 link in a new window from the /admin/b2antispam.php page.

Since this came from the admin page, I searched the blacklist for "admin". While I did not find that word listed, I was shocked to find a referer hit for "admin.wtnh.tv".

06/20/06 10:25:30 pm admin.wtnh.tv 205.139.9.146 News Channel 8/UPN9 Blog /blogs/

Interesting, in that I have no such subdomain. More interesting, according to ARIN the IP address traces back to another company we have a client/host relationship with, but they are NOT the host for our blog site.

I was using Opera 9 when this referer message appeared. I went to Firefox for a second test at the admin login page. The link to B2 opened fine. I then logged in on Firefox and went to antispam.php page and tried opening the link in a new window. Again, no problem.

Perhaps this was a one time only occurrence. Sure was a weird one.

Jul 04, 2006 21:59

I'm getting this very same message the past week or so. I receive an e-mail when someone leaves a comment or trackback. I click on the link in the e-mail to edit/delete.
Edit/Delete: http://myblog.com/admin/b2browse.php?blog=01&p=1668&c=1

I receive this page:

403 Forbidden
Please stop referer spam.

We have identified that you have been refered here by a known or supposed spammer.

If you feel this is an error, please bypass this message and leave us a comment about the error. We are sorry for the inconvenience.

If you are actually doing referer spam, please note that this website/b2evolution no longer records and publishes referers. Not even legitimate ones! While we understand it was fun for you guys while it lasted, please understand our servers cannot take the load of all this cumulated spam any longer... Thank you.

Also, please note that comment/trackback submitted URLs will be tagged with rel="nofollow" in order to be ignored by search engines.

I have to click on "bypass this message" to get to the page where I can ban/delete the person's comment.

p.s. I use Firefox.

Jul 05, 2006 00:49

Same thing applies, assuming you're using 1.6: if any part of the URL is in your local antispam list you'll be deemed a spammer. In this case it could be a word in the title of the post the visitor commented on, or it could be that you've accidentally 'banned' your own domain name.

You will have to use the "filter" feature on the antispam tab to try to figure out which part of the URL you click on is causing your installation to think that you are a spammer, then unban that particular keyword.

Jul 05, 2006 02:02

The blog version says: b2evolution 0.9.1

I'm only a user with permission level 5, and the admin of the blogs has had computer difficulty the last month or so, and hasn't been around to answer questions or address the problem of the increased spam. I've also been getting a message that the centralized blacklist has been moved, so all I've been able to do is blacklist locally.

Just need to wait until the admin is available to address the problem, since there probably isn't anything I will be able to do about it. Quite annoying. But thank you for your help.

Jul 15, 2006 15:37

I'm still having no luck tracking this down. When you say "if any part of the URL is in your local antispam list you'll be deemed a spammer." How much of a word am I looking for, for example blog is part of the domain name so I have to go and unban every instance where blog is part of a banned word or domain? That would be a huge job and then when central spam list is downloaded I'd have to do it all again? It seems like there should be an "allowed list". This is like hunting for a needle in a haystack.

Jul 15, 2006 16:12

The bug that tripped the antispam list if a keyword was part of the URL only existed in version 1.6, so with 0.9.1 you won't have that problem.

The keyword list is an exact match to part of a string. In other words if "pornblog.com" was in the keyword list it would not match "niceblog.net" but would match "fetish.pornblog.com" or "pornblog.com/fetish.html".

If you unban a keyword that came from antispam central you will NOT receive that keyword again. It doesn't work that way. It gives you new keywords since your last update. It doesn't give you older ones, and it doesn't remove keywords that are no longer in the central database.

Provide a link to your blog please, because from my side it's not exactly a needle in a haystack. More like shooting in the dark ;) 0.9.1 was a very stable release. This bug simply didn't exist, so the only possibility is that b2evolution.net has a keyword that matches your domain name.

Jul 17, 2006 20:14

EdB, I sent you a PM regarding this the other day, since the problem seems to be related to my e-mail, and I didn't want to list my e-mail address on a public forum. Thank you.

Jul 18, 2006 22:53

Aha! I found it. google.com was locally blacklisted. So when I clicked on a link from gmail, it was giving me the referrer spam thing.


Form is loading...

multiblog engine – This forum is powered by b2evolution CMS, a complete engine for your website.