More referrer spam stuff. As Mark states in the comments here, it seems that the referrer-spamming is using real browsers run by real people — no bots, no proxies.
The spammers create HTML pages which contain an IMG tag, using one of our
pages in the SRC attribute. This causes the user’s browser to attempt to
download the page — giving the correct referrer URL — but it’s not
particularly visible to the user — since it’s a HTML page, not an image. All
they’re likely to see is a ‘broken image’ icon, and more likely the image is
hidden anyway using a hidden div or
width=0 height=0 attributes.
http: //pb. xxxconnex. com/pb.phtml? d=aporndomain.net &sc=EXPN &ip=9999999999 &c=preview
I would bet these guys,
xxxconnex.com — or one of their customers — are
the ones behind the referrer-spamming as a result. Their WHOIS info states
Admin, Domain [email protected] 1E Braemar Ave Unit 19 Kingston 10, WI N/A JM 876-357-8404
Interestingly, that phone number and address also shows up in ROKSO as well, listed under domain registrations controlled by the ‘Dynamic Pipe / Webfinity / Python Video’ spam gang, ie. one of the biggest sources of porn spam out there. They’re diversifying it seems!
Based on some suggestions on Kasia’s weblog, I think I now have a good comeback — still working on this though.