Spam comes in may forms.

I had been noticing some odd traffic appearing in my referrer logs from “buttons-for-website.com”, and a few other places. Odd, I thought, but I wasn’t too concerned.

A client recently asked me about it, since similar traffic was starting to appear in their analytics for a brand new site. I did a little bit of research, and it turns out that this is actually a spam attack.

Basically, the spammer hits your site and sets a referrer header containing a url and their spam message (keywords + another url, usually). Since a small percentage of sites make their referrer logs public (either deliberately or through misconfiguration), when these are indexed, they can be used to game the search engine of the site they’re trying to boost.

Stopping the spam with mod_security

I don’t like spammers, and it was starting to make my logs (and those of my client’s) a little noisy. So, I decided to do something about it. So, using mod_security, I added a couple of simple rules, which would drop the traffic where the referrer contained certain keywords.

Simple, but effective:

SecRule REQUEST_HEADERS:Referer "^https?://(www\.)?buttons\-for\-website\.com/?" \
        "phase:1,log,deny,status:503,msg:'Referer spam'"

SecRule REQUEST_HEADERS:Referer "^https?://(www\.)?simple\-share\-buttons\.com/?" \
        "phase:1,log,deny,status:503,msg:'Referer spam'"


... etc... 

This seemed to put an end to the worst of it.

I also noticed that a few spammers were posting with obvious spam keywords in the referrer header, so I added a similar rule to block those for good measure:

SecRule REQUEST_HEADERS:Referer "(viagra|phentermine|cialis)" \
        "phase:1,log,deny,status:503,msg:'Referer spam'"

SecRule REQUEST_HEADERS:Referer "(poker|casino|holdem)" \
        "phase:1,log,deny,status:503,msg:'Referer spam'"

Testing

To test your rules, you can use curl to hit your site and send a triggering referrer, e.g.

 curl --referer https://button-for-website.com/

Or

curl --referer https://example.com/poker

Hope that helps!

Yesterday there was a little bit of excitement in the digital rights world caused by an amendment to the Digital Economy bill proposed by a Tory and Liberal peer.

The justification of the amendment does make some good points – particularly about bringing any action under the control of the courts rather than just requiring the secretary of state’s say so.

As Lord Clement-Jones points out, the de-politicising of the process is important.

None of this matters of course, because the writing is on the wall for the rights industry. Unfortunately for us its clear they’re going to make a fight of it, which will likely leave us saddled with some very damaging and poorly written laws which will make it increasingly difficult to run a UK based buisiness.

The only thing that is left is to learn from the mistakes they made. Here are some harsh truths…

If your business model relies on digital things being hard to copy, it’s doomed.

The key issue here is one of basic economics. When it is just as easy to make a million copies of something than it is to make one, then the supply of that resource essentially becomes infinite and the unit price of the resource that the market is prepared to support drops to zero.

I’m not making any moral commentary here, but when something is no longer scarce it will be seen as free by the majority of people. Technical and legal restrictions put in place in an attempt to introduce scarcity artificially are going to be resented and are doomed to fail.

Theft is a meaningless concept in such a context, because how can you steal something which is infinitely available?

The only way to handle this situation is to innovate and add value somewhere else – people are still willing to pay for quality, novelty and convenience for example.

The black market is still the market.

Worse still, it is much more competitive (thanks to its lack of regulation) and responsive to consumer demand.

Lets look at Russia as an example:

In Russia, outside of the major cities, it is actually impossible to buy a legal copy of a CD or DVD – due in part to Russia’s perceived reputation on piracy creating an unwillingness for rights holders to provide their product there. There is still the demand of course, which the black market has stepped in to fill, and as a result you can go into a store on the high street and buy pirated CDs, DVDs and software just as you would buy legal copies here.

Not only does the black market provide a product where the traditional market refuses to, it actually provides a better product.

You can buy box set DVDs of films and TV series where none are normally available, entire back catalogues of an artist on a single CD in MP3 format, multiple DVD quality films on a Blueray disk and more.

Worse still for the rights holders, the price point is competitive enough to make it more attractive than downloading and certainly more attractive than importing a legal version, even after you factor in the relative earning power of the average Russian consumer.

This is similar to the current online situation – if I want to watch Caprica for example, I can either wait and hope it becomes available on DVD or shown on TV some time in the future, or I can watch it on channel Bittorrent. There is no legal way for me to get access.

Even when legal online access is provided, it’s product is often substandard when compared to the pirated version – low quality, DRM locked or with a built in expiry date. It is also, in many cases, harder to get hold of – requiring special software, registration and only offer a limited selection of products.

Which brings us to the real rub…

If the customer’s path of least resistance is not the one that gives you money, your business model is doomed.

Human nature is to follow the path of least resistance and this is something you’re not going to change, ignore this at your peril!

Do I click a button and have access to the latest episode of my favourite show in a few minutes? Or do I wait – perhaps forever – for it to be available on TV or in the stores?

Do I buy and re-buy a DRM locked version of my music for each device I own, or do I bittorrent a pirated version which will always work?

Do I go out in the rain to stand in a crowded store in order to get a single album, or do I bittorrent an artist’s entire back catalogue?

When I like some of my friends music, do I write down the name and go to the store, or do I give my friend a pen drive and get a copy right there?

Until a simple and convenient way to provide access to an equivalent or better quality product legally is available, the pirated version will always win.

So in conclusion..

As I said before I’m not making a moral statement here, and I am not calling for copyright to be abolished. Neither am I necessarily stating what should come next.

What I will say is that the current problems besetting the creative industry are not to do with the industry itself – people will always listen to music, watch films, use software and view great works of art – it is a problem with the current business models being used, combined with a lack of will to innovate.

The often bizarre legislation put forward as a solution all seem to be trying to retain the intellectual property status quo, but that isn’t to say that the concept of copyright is flawed – copyright is still a useful tool once certain realities are realised.

We should be encouraging business to embrace the new landscape and innovate, because while people are still wanting to listen to music, watch films and use software, there is still money to be made.

However, no amount of legislation will prop up a failing business model indefinitely, no matter what lobbyists will have you believe – just ask the French button makers. In a free market, business models are not something society or government should be in the business of protecting and they should be permitted to fail.

This is not the first time a technical innovation has rendered an entrenched business obsolete, and I’m sure it will not be the last.