Referrer Spam from Rankscanner.com
On Wednesday, July 8, 2015,
rankscanner.com appeared in my Google Analytics referrer list for the first time. Because of previous investigations into malicious referrer spam, I did not immediately go to the web site. I did a domain lookup with Tcpiputils and found that the site was registered in Denmark on September 15, 2013 and updated in August of 2014 by Rune Jensen. Most of the referral spam comes from domains that were issued in the last few days or weeks, and which are registered using domain registration privacy services.
I next did an IP address lookup on Tcpiputils and found out that the domain is hosted by Gearhost in Englewood, Colorado. The server is not on a block list for malicous domains and only has one host listed on an email spam blocklist; this is not unusual for a multi-hosting server. None of the domains look to be associated with other referral spammers.
Next, I looked at the referral path in Google Analytics:
/Domain/mooresoftwareservices.com which is a URL that does not exist on my web site. Clearly, this is not a real referral, and is a machine-generated URL intended to get past some of the basic referral spam checking, since most referral spammers point to the root page of a web site.
Next, I went to the web site in FireFox’s private mode, and was presented with a data entry box where I could enter my domain name and sign up for search word analysis or something like that.
I decided to filter the domain out of my Google Analytics.
Removing rankscanner.com from Google Analytics
rankscanner.com to my Google Analytics filters as described in Removing Referral Spam from Google Analytics, the best article on the topic that I have found. There are a number of articles about adding redirects or allow/deny code to
.htaccess. These don’t necessarily work and can open some serious security holes if incorrectly implemented.
There is no way to really tell how many sites are getting hit by this referral spammer, but you can use Google Trends to get an understanding of how frequently web masters query Google looking for information on this site. The figures below show the relative frequency for searches on “referral spam” and “success-seo.com” respectively. At this writing, the second figure does not have enough data to be populated, but experience shows that about a week after this writing, Google will have enough queries to populate it.
Fixing the Problem
My first reaction in addressing referral spam was to add a line to .htaccess to block these spam referrals (see http://www.htaccess-guide.com/deny-visitors-by-referrer/ for a description of how to do this) but with more research, it turns out these referrals weren’t referrals to my site at all, but were insertions of fake referrals into my Google Analytics reports. As was the case with
darodar.com, the clear intent is to cause webmasters to go to an unfamiliar site when they see a reference in their Google Analytics reports. Whether the motivation is to generate traffic to their site or to cause webmasters to visit a site that will download malware is unknown.
Based upon the instructions in Removing Referral Spam from Google Analytics, I checked the hostname on the referrals, and all showed “(not set)”–a clear sign that no one ever touched my site and that these were inserted into Google Analytics to get me to click
social-buttons.com to generate traffic or download malware onto my computer.
Removing Referral Spam from Google Analytics provides a good description of the problem and some solutions. Understanding and eliminating referrer spam in Google Analytics gives another good description of referral spam and a programmatic solution that is appropriate for plug-in developers but not for administrators of WordPress, Joomla and other content management system (CMS) based sites.
An alternative is to switch to self-hosted Piwik for your web analytics; if you do this, it will be immediately clear that the vast majority of Google Analytics referral spam is of the spoofed variety rather than the crawler variety. Piwik does not have the advertising integration nor does it have the demographic information, but for many small-traffic sites it can provide much more information. See Using Piwik as an Alternative to Google Analytics on this web site for more information on why Piwik might work for you and how to implement it.
Useful Commands and Web Sites for Investigating Referrers
For investigating a referrer, here are some useful commands and web sites:
- TCPIPutils is a great site for looking up data on an domain or IP address
- For domain registrations, the command line
whois social-buttons.comis very convenient as is https://www.whois.net/
- For IP lookups,
dig social-buttons.comis convenient, as is http://ip-lookup.net/index.php
- Better Business Bureau
- To view a site in character mode so that malware doesn’t get downloaded, use
curl -L. These are commonly installed on Linux machines, but will require additional software on Windows and OS X, as discussed below.
- To look up a lot of information on an IP address in one place http://www.tcpiputils.com/browse/ip-address will give you a lot of information quickly.
Command Line Utilities
To use the
curl commands on Windows and OS X, you will need to install additional software:
- On Windows, install Cygwin and add the
- On OS X, install MacPorts and add the
Cygwin and MacPorts have many additional command line and graphical utilities that make life easier in Windows and OS X.
For more information on referral spam, see
- Social-buttons.com Referral Spam
- Best-seo-solution.com Referral Spam
- justprofit.xyz Referral Spam
- Get-free-social-traffic.com Referral Spam
- Video--production.com Referral Spam
- Rankscanner.com Referral Spam
- Success-seo.com Referral Spam
- Videos-for-your_business.com Referral Spam
- Semaltmedia.com Referral Spam
- 100dollars-seo.com Referral Spam
- Written by Bruce Moore
- Hits: 3537
Trackpoint Keyboards Never Die
To those who have never used an IBM Trackpoint keyboard, this post will seem silly and perhaps even obsessive. To those who have used one and love them, this post will feed your addiction. Not having to move your hands off of the keyboard is a huge productivity boost–Upgrading and Repairing PCs on Google Books indicates that users are 20% more productive with a Trackpoint keyboard. I have three model M13 keyboards (how many people know the model of their keyboard) with Trackpoints, and unfortunately the cable insulation on all three has degraded to the point that the cable has to be in just the right position or the mouse goes haywire. I decided to start looking for a place to repair or replace them.
The first site (www.clickykeboards.com) that I found listed a used black M13 for $275. That is not a typo. $275 for used keyboard that is 17 years old. I know that getting these repaired or replaced will be a lot more than your average keyboard from a consumer electronics store, but $275 seems a little high, even if the keyboard is a rare stealth black one.
My next stop was Unicomp, Inc. which was spun off from IBM/Lenovo and manufactured the original keyboards under subcontract to IBM. Unicomp still makes new keyboards with the same buckling spring design that gives the keyboards the distinctive clicky feel and which lasts longer than 19 years (my keyboards are 1996 models). Unicomp makes a lot of stock designs and will even custom make one if what you need is not available in stock. Most of the models are about $100, which is a reasonable price for keyboard that will outlast a half-dozen PCs.
They even make the Spacesaver M model with keys customized for OS X. Although I love Apple’s Magic Trackpad touchpad, I’m not a fan of their keyboards–they look great, but the Apple keyboards are not the best for typing, and Apple’s wireless keyboard will not work for some system maintenance tasks–you have to have USB keyboard for some recovery and configuration functions.
Unicomp also makes replacement cables, but unfortunately not for the integrated cables on my M13s. I will have to send them back for a $60 repair–a lot for a repair, but a good investment for a keyboard that I will use for another 20 years.
Trackpoint Keyboard Repair Experience
I sent three M13 keyboards to Unicomp, Inc. for repair, and was impressed with the quick turn-around. The Fed-Ex ground notice showed that my keyboards arrived at Unicomp on Wednesday the 23rd at about 1:00 in the afternoon, and they were shipped out on Monday the 27th at 7:00 AM. I can’t think of any repair where I've gotten two business-day turn-around. The like-new keyboards arrived mid-day on the 29th, looking, working and feeling like they were brand new.
After using an old keyboard without a Trackpoint, I’m really glad to have them back.
- Written by Bruce Moore
- Hits: 3300
Demo on Purchasing Stolen Credit Cards
I recently attended the Southwest Graduate School of Banking (SWGSB) alumni program and went to a half-day session on cyber security. This was not your father’s session on cyber security. The morning session was largely the normal material presented well. The afternoon was a demo of how easy it is for criminals to operate anonymously using phony social profiles, dumb phones purchased with cash and The Onion Router (TOR), and how easy it is to purchase card skimmers and other hardware necessary for credit card theft. Previously, I thought that it took a fair amount of technical sophistication for criminals to purchase stolen credit card and other identity information; how wrong I was. I know very few people who do not have the intellectual capacity to quickly master the techniques required to turn themselves into effective cyber and/or credit card criminals.
Although it is likely that someone performing this line of criminal activity would eventually mess up something and tie their anonymous identities to their real person, it would be very labor intensive (and expensive) for businesses and law enforcement to track all of the points of contact to find the point where the individual made the slip-up. The relatively low cost of stolen card numbers is a clear indication that there is ample supply of stolen information. Although I’m not going to cancel all of my credit cards, I will start to use cash at restaurants, and will start looking for retail computers that are still running Windows XP–which went out of support last year and is now a cyber criminal’s delight. I was very surprised when I saw the Windows XP logo on a machine at a restaurant in the Arts District last week.
As a society, we are woefully unprepared from a cyber security perspective.
- Written by Bruce Moore
- Hits: 2565
Demonstration of Interactive Graphics Using rgl
A picture is worth a thousand words, or perhaps ten thousand. One of R’s strengths is the ease of generating easy to use and understand graphics and visualizations. At a recent meeting of the DFW Data Visualizations and Infographics Meetup, I gave a 15 minute demonstration of R as part of the demo night for several data visualization packages, including D3, Tableu, R, a tool developed by the Dallas Morning News, and MicroStrategies. For my demonstration of R, I reviewed a few graphics and visualization techniques in R that are unusual in comparison to the other graphics tools being demonstrated:
- Sweave, odfWeave, and Knitr as ways to generate combined text and graphics where the text can use values generated on the fly in the code. This is very helpful when creating reports where the numbers change depending upon the data set used.
- The package ggplot2 in general and the use of the ggthemes package to change the look and feel of a plot. This capability is very useful when you need to generate the same plot for muliple style guides.
- The ggmap package for generating contour maps of arbitrary data–in this case Dallas Police Department call data.
- The rgl package for creating interactive graphics. Rgl is unusual in that it allows multiple intersecting surfaces to be generated easily.
There are many examples of ggplot graphics elsewhere on this web site, so I’m not going to include an example of ggplot graphics here. I do not have any examples of rgl generated visualizations, and feel it would be useful to include one here. The rgl package is one of the few packages that allow you to easily include intersecting surfaces, for example the parabola and intersecting plane shown in the visualization below.
The rgl package allows you to export the graphic item for web use in three files–one
.html file, one
.js file, and one
.png file; the
The chart below is interactive; use your mouse to rotate and flip the graphic to see the intersecting surfaces more easily.
Drag mouse to rotate model. Use mouse wheel or middle button to zoom it.
Object written from rgl 0.93.986 by writeWebGL.
- Written by Bruce Moore
- Hits: 3735
Opting out of Browser Tracking
Recently, a friend described how creeped out he was when his laptop broke and he started sharing a computer with his wife; he started seeing ads about women’s clothing and she started seeing ads about stereo systems. He hadn’t realized just how targeted the advertising on the web really is.
If you want to get scared about your current privacy settings, go to the Panopticlick website run by the Electronic Frontier Foundation, an online privacy organization. If you automatically log in to Google from the Google Chrome browser, you are definitely identified uniquely and can be tracked at a level far more detailed than anything the NSA can widely (or perhaps legally) do.
The article that follows is aimed at some ways to get somewhat better privacy on the web, opt out of some tracking, and to at least suppress some of the ads that you see in your browser. This article is far from a secure/anonymous browsing discussion; this is just a discussion of settings to reduce the commercial ad tracking and displays that are creepy and annoying. If you are interested in secure/anonymous browsing, you will need to do a lot more, but recognize that according to some of the Snowden revelations, reading about this will get you on an NSA watch list as described in NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance.
The sections that follow describe how to avoid some of the commercial tracking that is common on the Internet.
Step 1: Use Multiple Browsers
For sites where I have to log in like Gmail, Facebook and other social media sites, I use Chrome with settings that allow these sites to work. For everything else, I use Firefox, so that Google, Facebook and other social media sites don’t have access to the history and browsing information on the other sites that I visit.
Step 2: Opting out of Google Analytics
Google Analytics is the easiest analytics engine when it comes to opting out. All you need to do is go to Google Analytics Opt-out Browser Add-on and install the browser add-on that Google has written to opt out. There is a version of the add-on for all of the major browsers.
Step 3: Installing a Tracking Blocker
Google Analytics is not the only tracking software that web sites use; for everything else you will need one or more additional tracking blocker add-ons for your browser. For everything else, you will need a generic blocking add-on. I have been happy with Blur (Formerly DoNotTrackMe) from Abine. There are certainly others, but this one has been supported for several years. I have not used any of the premium features and cannot give an evaluation of the premium features. I don’t use the password saver or email blocker at this point either.
How to prevent Google from tracking you lists some other tracking blockers that appear to be quite useful.
Step 4: Installing an Ad Blocker
Next, you will want to install an ad blocker to get rid of some of the annoying ad displays. I’ve used Adblock Plus for several years. By default it allows ads that are not truly annoying, as many web sites are supported by ad revenue, but it does block the ads that are truly annoying and allows you to configure what is displayed.
Step 5: Use a Non-tracking Search Engine
Most search engines (including Google and Bing) give you a unique ID and track all of your searches through that ID. DuckDuckGo is a search engine that purports not to track your searches. It is generally pretty good, and for some queries I get more useful search results than from Google and Bing, though this largely depends upon the topic of the search.
Step 6: Tighten up Privacy Settings in Firefox
In your browser settings, there are several things that you can do to improve privacy. Most current browsers have a setting that tells web sites that you do not want to be tracked; whether the site honors this is voluntary, so you cannot depend upon it.
Most browsers have a private mode that deletes any history of your session when you leave the browser, preventing sites from interrogating the history of sites that you have visited. It is less convenient in some ways–you have to explicitly bookmark pages that you want to come back to rather than searching through history, but I have come to use this mode by default. If you use this for a while, you will learn just how much the search engines tailor searches based upon the history that your browser stores.
You should also disable third-party cookies. This setting used to stop almost all tracking, and will stop some tracking by advertising firms, Google Analytics and other vendors now use site-issued cookies to allow tracking in browsers where third-party cookies are disabled.
Step 7: Tighten up Privacy Settings in Chrome
If you use Google Chrome as your browser, there are some other privacy settings that you may wish to learn; Chrome has several privacy defaults that give away a lot of information that you may not want to give away. The first is whether you are logged in to Chrome and/or Google. If you are logged in, all of your activities can be tracked with absolute precision and detail. Even if you are not logged in, using the various web services for resolving navigation errors and for predictive search terms sends information on your browsing directly to Google. Depending upon how concerned you are, you may wish to disable these web services, as shown in the instructions below. How to Optimize Google Chrome for Maximum Privacy has a good description of all of the options.
To get to the Google Chrome Privacy Settings, open up Settings, and then go to the bottom, and click on the tiny print for “Advanced Settings” as shown in the figure below.
In the Advanced Settings, uncheck the boxes that you want to disable as shown in the next figure.
Tightening up on cookies in Chrome requires clicking on the “Content” button under Privacy Settings. Here, you will make similar preference changes, but note that the wording for the settings is sometimes backwards from the wording for similar settings in Firefox–in Firefox, you uncheck a box to block/disable third party cookies, but in Chrome you check a box to block/disable third-party cookies.
Step 9: Change Your Google Account Settings
Within Google, you will probably want to be aware of the information that is collected, and some of the settings that can alter this. Go to to look at some of the information that is collected. You may wish to opt-out of interest-based ads under the “Ads” section of the settings.
- Written by Bruce Moore
- Hits: 3373