Russian referrer spam abusing the Huffingtonpost brand for profit

trackback-spam-250x250

The age old practice of referrer spamming recently came up on both Reddit and HackerNews. For those unfamiliar with the technique, referrer spam is the practice of using black hat techniques to make your site show up in Google Analytics for various sites, baiting a click from the person checking it.

This is far from new, but it was taken to new highs (or lows…) by a certain Russian named Vitaly A. Popov and his site, darodar.com.

Since the Google Analytics identifier is a string, one can generate all of the existing ones in use. When a page is loaded with the same analytics identifier as the one that you use, the page generated will show up in your stats. The spammer doesn’t even need to know the URL of your website — pinging your identifier on their own page is enough. Hence the referrer spam — generating millions of these identifiers is fairly trivial.

Why would anyone do this? For money, of course. If you click on any of Mr. Popov’s spammed links, you will be redirected to either Amazon, eBay or AliExpress through an affiliate link — routed through his website, which is aptly named IloveVitaly.com.

Perhaps you won’t be buying anything now. But if you make a purchase with the same computer within a given time frame, Vitaly will receive a commission on that transaction.

And since he’s targeting website owners to bait the clicks, there is quite a chance that someone who receives his tracking cookie makes regular purchases on one of these websites — say, business owners or dropshippers.

If you’re thinking that this can’t scale, think again. SimilarWeb shows that one of the domains, Darodar.com is clocking over a million monthly visitors:

Darodar

If you search for the WHOIS information on these domains, you will see that Mr. Popov’s URL-s are everywhere. They’re all over the internet in “How to block referrer spam” articles. And he’s quite public about what he’s doing (spotted on a blog comment):

Vitaly_comment

But what does this have to do with Huffington Post?

Mr. Popov added a new twist to the referrer spam practice: he registered the hulfingtonpost.com. The practice is the same, webmasters worldwide are seeing this domain show up in their traffic sources. And at a first glance, who wouldn’t be eager to check if they’ve been mentioned on the Huffington Post?

Following the link we arrive not on the news site, but again on Amazon or AliExpress:

Hulfingtonpost_redirect

Interestingly, Mr. Popov is not banned by either of these affiliate programs — he’s still bringing traffic, as defined in their terms and conditions. Anti-spam clauses usually cover e-mail marketing campaigns. But I wouldn’t be surprised if an individual review of his case will lead to terminating his affiliate agreement at some point in the future.

In the meanwhile, the practice will continue as long as he’s making money. He has at least 31 domains associated with the scheme, baiting clicks from website owners to drop his affiliate cookies.

The Huffington Post might also push for legal action to seize the domain, as this could be considered an abuse of the trademark. Time will tell.

In the meanwhile, you can remove this referrer spam from Google Analytics. Go to the referral exclusion list in your account, and add the domains hulfingtonpost\.com, darodar\.com, etc. — all of Mr. Popov’s domains. Or, simply create a hostname-based include filter and restrict things to the domain(s) you actually operate.

Leave a Reply

Your email address will not be published. Required fields are marked *