How to: Stop Semalt Referral Spam

Recently, a company called “Semlat” has software bots crawling websites all over the world. They state that you can remove yourself from their list, but so far I’ve not heard of anyone actually getting off the list. They claim to be an SEO company, but their practices of getting to the top are somewhat black hat.

6976481_orig

Even worse, they are no longer the only ones. The list of “companies” that do this has grown huge in just the past month! A partial list of these companies is:

  • buttons-for-website.com
  • 7makemoneyonline.com
  • darodar.com
  • semalt.com
  • ilovevitaly.co
  • myftpupload.com
  • econom.co
  • iskalko.ru
  • ilovevitaly.ru
  • ilovevitaly.com
  • o-o-8-o-o.ru
  • o-o-6-o-o.ru
  • cenoval.ru
  • priceg.com
  • cenokos.ru
  • seoexperimenty.ru
  • gobongo.info
  • vodkoved.ru
  • adcash.com
  • websocial.me
  • cityadspix.com
  • luxup.ru
  • ykecwqlixx.ru
  • superiends.org
  • slftsdybbg.ru
  • edakgfvwql.ru
  • socialseet.ru
  • screentoolkit.com
  • savetubevideo.com
  • There is some speculation that these bots are also looking for weaknesses on sites to exploit. Even if it’s not true, it’s still a good idea to block them because it messes up Google Analytics reports and puts an unnecessary load on your server.

    There are a number of ways to block these, or filter out their traffic. But the best two methods both involve adding fields to the .httaccess file on your server. Do this by:

    1.) Log into your host’s cPanel.
    2.) In the Files section, click on the File Manager icon. (you may have multiples)
    3.) Check the box for Document Root for and select the domain name you wish to access from the drop-down menu if there is more then one.
    4.) Click the box that says “Show Hidden Files (dot files)” – this is the critical step
    5.) Click Go.
    6.) Scroll down to .htaccess in the list of files.
    7.) Highlight and click copy at the top of the screen
    8.) Type in .httaccess.back and hit enter (this creates a backup, just in case)
    9.) Highlight .httaccess and click “edit” at the top of the screen
    10.) Paste one of the two following sections of code into the file, typically at the bottom.
    11.) Click Save
    12.) Access your site in a separate browser or browser window to make sure you can still access the website. If you can, all is good. If not, edit .httaccess again and remove that parts you just added.

    Code #1

    – this is a bit less elegant but is very direct:


    SetEnvIfNoCase Referer semalt.com spambot=yes
    SetEnvIfNoCase Referer buttons-for-website.com spambot=yes
    SetEnvIfNoCase Referer darodar.com spambot=yes
    SetEnvIfNoCase Referer 7makemoneyonline.com spambot=yes
    SetEnvIfNoCase Referer ilovevitaly.co spambot=yes
    SetEnvIfNoCase Referer myftpupload.com spambot=yes
    SetEnvIfNoCase Referer econom.co spambot=yes
    SetEnvIfNoCase Referer iskalko.ru spambot=yes
    SetEnvIfNoCase Referer ilovevitaly.ru spambot=yes
    SetEnvIfNoCase Referer ilovevitaly.com spambot=yes
    SetEnvIfNoCase Referer o-o-8-o-o.ru spambot=yes
    SetEnvIfNoCase Referer o-o-6-o-o.ru spambot=yes
    SetEnvIfNoCase Referer cenoval.ru spambot=yes
    SetEnvIfNoCase Referer priceg.com spambot=yes
    SetEnvIfNoCase Referer cenokos.ru spambot=yes
    SetEnvIfNoCase Referer seoexperimenty.ru spambot=yes
    SetEnvIfNoCase Referer gobongo.info spambot=yes
    SetEnvIfNoCase Referer vodkoved.ru spambot=yes
    SetEnvIfNoCase Referer adcash.com spambot=yes
    SetEnvIfNoCase Referer websocial.me spambot=yes
    SetEnvIfNoCase Referer cityadspix.com spambot=yes
    SetEnvIfNoCase Referer luxup.ru spambot=yes
    SetEnvIfNoCase Referer ykecwqlixx.ru spambot=yes
    SetEnvIfNoCase Referer superiends.org spambot=yes
    SetEnvIfNoCase Referer slftsdybbg.ru spambot=yes
    SetEnvIfNoCase Referer edakgfvwql.ru spambot=yes
    SetEnvIfNoCase Referer socialseet.ru spambot=yes
    SetEnvIfNoCase Referer screentoolkit.com spambot=yes
    SetEnvIfNoCase Referer savetubevideo.com spambot=yes
    Order allow,deny
    Allow from all
    Deny from env=spambot

    New SPAM bots can be added easily to this list by just cutting and pasting the domain name.

    Code #2

    – Little more elegant. This is the one I went with. It is provided by Perishable Press.


    # 5G:[WordPress]

    RedirectMatch 403 /\$\&
    RedirectMatch 403 (?i)/\&(t|title)=
    RedirectMatch 403 (?i)/\.(bash|git|hg|log|svn|swp|tar)
    RedirectMatch 403 (?i)/(1|contact|i|index1|iprober|phpinfo|phpspy|product|signup|t|test|timthumb|tz|visit|webshell|wp-signup).php
    RedirectMatch 403 (?i)/(author-panel|class|database|manage|phpMyAdmin|register|submit-articles|system|usage|webmaster)/?$
    RedirectMatch 403 (?i)/(=|_mm|cgi|cvs|dbscripts|jsp|rnd|shadow|userfiles)

    This second version should work a little better since instead of blocking the bots, it gives them an official 403 not found. That should keep the bots from hitting your site at all in the future and reduce load even more.

    Since I’ve implemented this method, I have seen Semalt (and all the others,) go away completely. I still get an occasional iffy one but it’s not as bad as the 10-15 (per a site) I was getting before.

    Do you have another solution that works better? Please comment below!

    Warrant of Arrest SPAM email

    Warrant of Arrest SPAM

    The Spammers are starting to get pretty hardcore and innovative. The FBI is going to arrest me if I don’t send $98 to Lagos, Nigeria to initiate the transfer of $10.5 million dollars to my bank account. Keep in mind that the FBI would not be involved with international money crimes. And even if they were, doing what is suggested below is still a crime in the US.

    Please do not fall for this.

    “Anti-Terrorist and Monetary Crimes Division
    FBI Headquarters In Washington, D.C.
    Federal Bureau Of Investigation
    J. Edgar Hoover Building
    935 Pennsylvania Avenue, NW Washington, D.C. 20535-0001

    Attention: Beneficiary

    This is the final warning you are going to receive from me, do you get me? I hope you understand how many times this message has been sent to you.

    We have warned you so many times and you have decided to ignore our e-mails or because you believe we have not been instructed to get you arrested and today if you fail to respond back to us with the payment details below, then we would first send a letter to the MAYOR of the city where you reside and direct them to close your bank account until you have been jailed and all your properties will be confiscated by the FBI, CIA and other enforcement agency. We would also send a letter to the company/agency that you are working for so that they could get you fired until we are through with our investigations because a suspect is not supposed to be working for the government or any private organization.

    Your ID which we have in our database have been sent to all the crimes agencies in America for them to inset you in their website as an internet fraudsters and to warn people from having any deals with you. This would have been solved all this while if you had gotten the CERTIFICATE ENDORSED AND STAMPED as you were instructed in the e-mail below. This is the federal bureau of investigation (FBI) am writing in response to the e-mail you sent to us and am using this medium to inform you that there is no more time left to waste because you have been given a mandate. As stated earlier to have the document endorsed, signed and stamped without failure and you must adhere to this directives to avoid you blaming yourself at last when we must have arrested and jailed you for life and all your properties will be seized and bank account will be confiscated too.

    You failed to comply with our directives/instruction and that was the reason why we didn’t hear from you, as our director has already been notified about you get the process completed yesterday and right now the WARRANT OF ARREST has been signed against you and it will be carried out in the next 48hours as strictly signed by the FBI director. We have investigated and found out that you didn’t have any idea when the fraudulent deal was committed with your information’s/identity and right now your ID is placed on our website as a wanted person, I believe you know that it will be a shame to you and your entire family because after then it will be announce in all the local channels that you are wanted by the FBI.

    As a good Christian and a Honest man, I decided to see how i could be of help to you because i would not be happy to see you end up in jail and all your properties confiscated all because your information’s was used to carry out a fraudulent transactions, i called the EFCC and they directed me to a private attorney who can help you get the process done and he stated that he will endorse and stamp the document at the sum of $98 usd only and i believe this process is cheaper for you.

    You need to do every possible thing today and tomorrow to get this process done because our director has called to inform me that the warrant of arrest has been signed against you and once it has been approved, then the arrest will be carried out, and from our investigations we learnt that you were the person that forwarded your identity to one impostor/fraudsters in Nigeria when he had a deal with you about the transfer of some illegal funds into your bank account which is valued at the sum of $10,500,000.00 only.

    I pleaded on your behalf so that this agency could give you till July 6, 2012 so that you can get this process done because i learnt that several e-mails has been sent to you without getting a response from you. Bear it in mind that this is the only way that i can be able to help you at this moment or you would have to face the law and its consequences once it had befallen on you. You would make the payment through western union money transfer with the below details.

    NAME: DURU VINCE

    ADDRESS: LAGOS, NIGERIA

    TEXT QUESTION: BETTER

    ANSWER: BEST

    AMOUNT: $98

    Senders Full Name:

    Sender Full Address:

    Direct Phone Number:

    MTCN:

    Send the payment details to me as stated above and make sure that you didn’t hesitate making the payment down to the agency by today so that they could have the certificate endorsed, signed and stamped immediately without any further delay. After all this process has been carried out, then we would have to proceed to the bank for the transfer of your compensation funds which is valued at the sum of $10.500,000.00 usd which was supposed to have been transferred to you all this while.

    Note: All the crimes agencies have been contacted on this regards and we shall trace and arrest you if you disregard this instructions. You are given a grace today to make the payment for the document after which your failure to do that will attract a maximum arrest and finally you will be appearing in court for act of terrorism, money laundering and drug trafficking charges, so be warned not to try anything funny because you are been watched.

    Expecting your anticipated- Co-operation.

    Yours in service,

    Robert S. Mueller
    FBI DIRECTOR”

    Website Design SPAM

    Website Design SPAM

    This morning I get a SPAM email from olena@bid-high-therank.com

    The email reads:

    “Hi,

    Hope you are doing well.

    I am Olena, Business Development Manager. We are online marketing firm based in India.

    I was surfing through site from your domain and came across yours Website: www.hamell.net I have been observing various changes in trends in the
    industry and the types of sites other players in your domain are using.

    The field has grown since you last updated your website as per available records in Domain tools. There are a lot more advanced and user friendly websites which appeal to the consumer.

    A website determines the brand of a firm in the online world.

    We have special offer which you may like to avail.

    Do let me know if you are willing to discuss a possible redesigning/redevelopment of your website and I can send you more details on the packages/action.

    Kind Regards

    Olena

    Post: – Business Development Manager
    Reply Me:- olena@bid-high-therank.com

    Note: Though this is not an automated email, we are sending these emails to all those people whom we find eligible of using our services. To unsubscribe from future mails (i.e., to ensure that we do not contact you again for this matter), please send a blank email at.removemejustplease@gmail.com. ”

    Here’s what their website looks like:

    That’s right, their site is totally blank. My website is obviously really terrible if a web design company with a blank website thinks they can make mine better.

    Worst recruiting email of the week

    Worst recruiting email of the week

    from: sandra.washburn@insphereis.com (I’m assuming this is a mail serve address for sending emails and collecting replies)

    ——-
    Good Afernoon,

    We are seeking sales associates for our growing office. Successful candidates must be highly motivated, have proven

    leadership abilities, customer service attitude and integrity. A desire for professional development, a willingness to learn and

    exceptional people skills are essential to this position. We offer strong potential for growth and advancement.

    Our culture can be described as highly energetic and fast-paced.

    This requires each individual on our core team to be self-motivated and self-directed. We are solution-oriented and always

    focused on results. Promotions are from within and based on performance, not seniority!

    Qualifications:

    . Ability to work in an independent environment.

    . Driven by achievement and financial rewards.

    . Financially stable.

    . Proven success driving business results.

    Regards,

    Andrea Bailly
    Office Assistant

    InsphereISSM

    (503) 246-5260
    andrea.bailly@insphreis.com

    ——

    Areas of failure
    1.) No information about who the company is.
    2.) Email address in signature is spelled wrong.
    3.) “Office Assistant”?
    4.) Their website has an annoying autoplay video that stutters badly. Even after letting it cache.
    5.) Trying to recruit sales people from the IT crowd, a group of people who tend to have a lot of money and time already invested in their careers.

    Over all, not quite as bad as American Income Life but much worse then the other 15 emails I’ve gotten from Insurance Companies looking to hire sales reps.

    Funny WordPress spam comments

    Funny WordPress spam comments

    The spam comments I get in WordPress are sometimes hilarious. Other times you’re just wondering what was going on. Here are some samples:

    I have little time.

    I offer to…

    I’d like a single to Paris, please.

    On the contrary.

    Exclusive delirium, in my opinion

    Would you like some coffee?

    Can you tell me the way to Oxford, please.

    I`d rather go to the cinema

    I’d like a packet of biscuits, please.

    I hope you enjoyed the party.