Selling Webmaster Tools by Spamming Webmasters

Selling Webmaster Tools by Spamming Webmasters

Webmasters are increasingly troubled by referrer spam. Let alone the unsolicited traffic and the garbled visitor statistics, the real damage is done to the victims SERP position.


Referrer spam is a form of spamdexing – spamming the index service that determines rank. It is most easily explained with a simplified example:

Bob operates a website. His visitor’s logs are used to inform him what kind of guests come and which site referred them. The logs are in HTML format, with the referrer websites appearing as links.

On the other hand, there’s the search engine. It ranks the validity of a website to a search word, qualifying the SERP positions, according to how many links refer to the site.

This is where referrer spam comes in to exploit the world-wide-web. It logs into the site, specifying the referrer as the site which the spammer is interested to promote. These links (to the spam-promoted site) get processed by the search engine crawler and the patron of the spamming establishment enjoys a much higher ranking than it deserves.

Search engines, to protect overall validity of results, employ a strict policy when suspecting spam. They discard the information mined by the crawler from the spammed site and punish that site: lower rank or even blacklisting!

Semalt LLC is a company offering webmaster tools. Their leading product is SEMALT, defined by them as a “webmaster analytics tool”. The quality of said tool is irrelevant to the discussion. What is being brought to your attention is their chosen way to compete in this market.

If one googles: “webmaster analytics tool”, SEMALT actually makes it to the first page. How does a small company, offering technology one can get for free and doing extremely little to explain their functional advantages, get on the same results page as Google’s own analytic tools?

The answer is simple and has something to do with the first three paragraphs of this article.

Semalt has been caught red handed while operating a massive botnet of computers infected with the SoundFrost virus utilized unscrupulously to lead more than 290,000 compromised computers around the world to visit websites and spam the visitor’s logs.

Semalt have went to great lengths to ensure their scheme is successful. The compromised machines have demonstrated a sophisticated method of spamming. Such that, specifically, is able to circumvent the standard on-site protection measures and, on a larger scale, behave in a way that prevents search engines from detecting a botnet-like activity.

Semalt's MO - Referrer Spam Campaign


Source: Incapsula

Semalt’s malicious technology is based on JavaScript application, crawling the web, finding websites with public visitor’s logs, all while carefully simulating human-like browsing patterns, in order to fly under the radar of security processes.

Amazingly, Semalt have the audacity to confirm their botnet activity and requiring victims to actively opt out of Semalt’s attack. This is a trap. Spammers love it if they can verfiy their resources attack a living target. The victim only pleases them, if he confirms his viabiity (and gullibility) by submiting an unsubscribtion request.

The right thing to do is deny them their value. If the target of the attack does not log in the semalt address (, they don’t manage to steal page rankings and then, they don’t have a spam service to sell.

Semalt has now become an exclusion by default in many crawlers. In addition, admins with the sufficient skills have provided ad hoc protection to their sites. Luckily, some of these tools have made it out to the public. However, it is a matter of time until Semalt finds a way to beat this too. E-commerce entrepreneurs who prefer to chase customers, not spammers naturally go for an intensively maintained security package. Website security professionals are already blocking Semalt in their stock configuration.

Photo Credit: Sean MacEntee

Comments are closed.