How to spot spammers stealing server space

Filed under: Contributed Column,Print,Technology | Tags:

Yes, it’s still happening and it’s worse than ever — spammers break into your company’s Web server and set up little robots that generate thousands of pages of spam links without you ever knowing it. The consequences for businesses are huge; once the links are discovered on the Web and traced back to your company’s URL, your company’s email gets blocked by spam filters so you can’t email in a useful way anymore. Your company also receives penalties in the search engines, blocking your content from searchers and potential customers. They also hog so much server space that your Web company site slows down and eventually breaks.

It’s a really big deal. So let me show you how to spot it because the robots are sophisticated enough now that they don’t trip off the virus/malware scanning software you’ve got on your server.

How often do I see spam bots? Um. They are on almost every server I’ve ever looked at in the last 20 years.

First: Locate the problem

The spam bots on your server are relentless promoters of their content, which means they are highly optimized for search. Therefore, here’s the best way to find them — Go to Google Webmaster Tools — If you don’t have an account, set one up. It’s very important to do this, and it’s free. Google.com/webmastertools

In Webmaster Tools, go to the menu item “Links to Your Site” and look at the report “Your Most Linked Content” Do you see a lot of URL suffixes that you don’t recognize? Do they look like this: /fairlady-vanilla-salt-toradora/ if so, then you’re in for some fun. Copy the suffix and add it to your URL so it looks like this http://www.yourcompany.com/fairlady-vanilla-salt-toradora/. Then hold your breath because you’re about to smell some spam.

The reason you need Webmaster tools (instead of just Google Analytics) is that the robots hide their links from Google Analytics — they make their links look like “direct traffic” or “Unspecified” so you don’t notice the traffic they’re generating on your site.

Second: Sanitize your server

Once you’ve confirmed that you have a spam bot on your server, go into your FTP client and look in the main files on your server (this is called the ROOT) — don’t look deep inside file folders, your spam bot will appear right after you login. You’re looking for a file that’s called “Comedic” or something that has a file name you don’t recognize. When you open the folder it will appear blank but don’t let that fool you. Delete the file right away. If the file can’t be deleted, ask your hosting provider to do it — many times the spam bot protects itself from being deleted by changing the folder permissions so the site admin can’t modify or delete it. Then go to your HTAccess file and restore your settings. Spam bots need to change your HTAccess file settings in order to operate. If you don’t know what your HTAccess folder settings should be, your host provider can help you.

Finally, change all of the passwords associated with your website. These include passwords for FTP, CPANEL and your website content management system. And please, change them to something that is difficult to guess. Most of the sites I’ve seen with Bots are weakly protected with passwords that are just regular words without numbers or symbols in them. Create a new, unique, difficult password and force yourself to use it. It’s a good idea regardless.

Once your spam bot is gone, you’ll see a drop in website traffic, but don’t worry about that. The traffic you’re losing wasn’t really meant for you anyway. On the flip side, you’ll see an increase in the delivery rate of your email and your ability to rank well in the search engines. It’s a worthwhile exchange, to be sure.

Marci De Vries is president of MDV Interactive, a web consulting firm in Baltimore. Reach her at marci@mdvinteractive.com.