Login to download the latest version of Mint and your favorite Pepper, purchase additional licenses, or post in the Forum. Don't have an account? Create one!
I face some faked searches via Microsoft Live Search.
In the ‘Searches’-Pane, I’ve got searches for cipro and xenical, both pharmacy products, both via search.live.com.
There are not many like these searches, I just wonder, which trick is used to find my page in relation with thos search words.
Anybody else looking at faked searches?
Funny, I just checked in here after searching the web about this issue and this is the most recent post. So far, this is what I gather:
Theories are either
I’m guessing the latter. It’s driving me nuts — I’m curious to find out what’s going on.
I’ve seen this a few times too in my stats… Would also be interested in stopping it.
Are any of you hosted with Dreamhost and affected by their recent security breach/spamming issue?
Three or four odd searches have showed up in my logs over the past month or two. When the first one hit, the quick Google search provided a site (now long forgotten) which explained these were the MS optimizing their search results database. That seemed plausible to me.
I’m not on Dreamhost, Shaun.
Here are a couple discussion threads about the searches… webmasterworld.com/search_engine_spiders/3265931.htm webmasterworld.com/search_engine_spiders/3339379.htm
Not on Dreamhost, either.
Just curious, has anyone tried to contact MS about this?
Shaun, I am not hosted on Dreamhost.
rmedek, it’s just the same link format here.
Newest searchwords are ‘BMW’ and ‘zyrtec’.
If I follow one of thelinks, I get a live.com page not found error.
I’m getting bombed with this again, much worse than the first time to the point where they’re outnumbering my valid visitors. They’re changing their IP addresses, but all start with 65.55.165 (bl2sch1082019.phx.gbl).
It went away by itself the first time. Anyone figure out a way to stop this?
p.s. I’m not on Dreamhost.
I’m working on a solution right now. As referrer spam this doesn’t make any sense. Are you guys seeing comment spam with similar content? I wonder, if you have public logs accessible somewhere (outside of Mint) if these spammy search referrers would contribute to the PageRank of any of your pages that have comments with similar spammy content. Or if that is at least the thought behind this seemingly useless tactic.
In the meantime, if you are using auto.php to add the Mint JavaScript include you can add the follow inside the if conditional:
(isset($_SERVER['REMOTE_ADDR']) && preg_match('/^65.55.165.d{1,3}$/', $_SERVER['REMOTE_ADDR'])) ||
Okay, the latest version of Mint has a new Ignore IPs advanced Preferences with 65.55.165.* included as a default. You can remove previously recorded gunk using the following query (changing the visit table name to match your installation)
DELETE FROM `mint_visit` WHERE `referer` LIKE 'http://search.live.com/result.aspx%'
Thanks a lot for addressing this issue, Shaun.
Hopefully the latest version of Mint will be enough to stop it. The strange thing I noticed is that the same and similar IPs would visit, but without keyword searches, like a direct visit. I knew they were still spam though, cause most original visits are always from “spammy” keyword searches.
p.s. I haven’t noticed any comment spam that’s related to these keywords.
I guess I’m late to this party. Starting yesterday I’ve been getting lots of hits from bl1sch4084116.phx.gbl. The IP addresses vary between 65.55.109., 65.55.110., and 65.55.232.*.
I don’t see an “Ignore IPs advanced preference” to eliminate this bot from my stats. I’m currently at 2.07 Default Pepper.
It’ll be this weekend before I have a chance to update my Mint installations, is there any way to stop counting *.phx.gbl short of a upgraded installation?
Thanks, Mark
You need to use the advanced query command.
I’m with Mark. It looks like Microsoft expanded its IP range. Thanks for the fix.
I have this problem with increasing frequency from several of the above IPs…in what part of the prefs pane do I exclude IPs? I tried putting them in the default pepper exclude referrer area…
nevermind. found the advanced prefs. I am a dope.
Um, okay, so I see the Advanced Preferences, but there is no “Save” button and just clicking Done doesn’t save my changes…. how do I save?
Sorry, apparently it was saving… I opened up a new browser window and the new settings were there. Perhaps a browser caching issue?
I’ve been seeing something similar. In the search results pane I see tons of hits for this: http://search.live.com/results.aspx?q=s … &form=QBHP
The search term ‘subscribe’ doesn’t seem likely to be a hot one, and I don’t rank for it — must be referrer spam of some sort.
How do I determine the IP addresses these are coming from? I could just block those listed above, but I thought it might be worth targeting the right ones.
If you have the Secret Crush pepper installed (may also require User Agent 007), you should be able to click the little magnifying glass in the Referrers panel and it will take you to the Crushes panel that displays the IP.
I am also having this problem and just excluded :
65.55.165.* 65.55.110.* 65.55.109.* 65.55.232.*
how do you separate multiple ips? with a comma or space?
You must be logged in to reply. Login above or create an account
