A curious case of spam traffic

Very odd — my web stats are showing a _huge_ number of referrals coming via searches from over the last day or so. What’s strange is that in each case, the search terms and other query parameters are identical — all that differs is the referring subdomain (e.g., my.url.com, company.url.com, no.url.com) and the claimed IP address of the person doing the searching, which is different with every query. When checked against a geoIP database, most of the visiting IP addresses seem to be allocated to Saudi Arabia or Iran, but the occasional one comes through that claims to be from the UK or USA.

Given the frequency and similarity of the referring URLs for each request, I think I’m probably safe in guessing that the IP addresses are being spoofed.

I just wish I knew why… All the queries are directed to one page, and Akismet’s spam filters aren’t picking up any unusual commenting activity on there.

The only other thing I can think of is that someone may be attempting some form of click fraud activity on the CPC ads on that page. For as long as that remains an option, then for obvious reasons I won’t divulge which page is under attack (and through which search keywords).

Author: Scott Matthewman

Formerly Online Editor and Digital Project Manager for The Stage, creator of the award-winning The Gay Vote politics blog, now a full-time software developer specialising in Ruby, Objective-C and Swift, as well as a part-time critic for Musical Theatre Review, The Reviews Hub and others.