Very odd — my web stats are showing a
huge number of referrals coming via searches from
http://url.com/ over the last day or so. What’s strange is that in each case, the search terms and other query parameters are identical — all that differs is the referring subdomain (e.g., my.url.com, company.url.com, no.url.com) and the claimed
IP address of the person doing the searching, which is different with every query. When checked against a geoIP database, most of the visiting
IP addresses seem to be allocated to Saudi Arabia or Iran, but the occasional one comes through that claims to be from the
UK or USA.
Given the frequency and similarity of the referring URLs for each request, I think I’m probably safe in guessing that the IP addresses are being spoofed.
I just wish I knew why… All the queries are directed to one page, and Akismet’s spam filters aren’t picking up any unusual commenting activity on there.
The only other thing I can think of is that someone may be attempting some form of click fraud activity on the CPC ads on that page. For as long as that remains an option, then for obvious reasons I won’t divulge which page is under attack (and through which search keywords).
Tagged as:
analytics,
click fraud,
Computing,
IP spoofing,
referrer,
spam,
url,
web traffic
