bigfinder – another perfect match for the filters
One would think a search engine has a vital interest in not becoming a nuisance to webmasters if it tries to advertise paid listings for websites. In this case, any form of Black Hat SEO directed at potential webmasters should immediately backfire. And if someone does opt for Black Hat SEO, then one would probably do it right in order not to endanger one’s money backend. Neither can be said about an outfit calling themselves bigfinder.de, which were hitting my blog this morning from an ip range I must have overlooked (probably because no flavour of abuse had originated from there). Anyway, time to put up some evidence from the logfiles:
83.133.125.202 – - [16/Jan/2009:06:18:34 +0100] www.nodepet.com “GET / HTTP/1.0″ 200 42235 “-” “-”
83.133.125.202 – - [16/Jan/2009:06:18:35 +0100] www.nodepet.com “GET / HTTP/1.0″ 200 42235 “-” “-”
83.133.125.202 – - [16/Jan/2009:06:18:41 +0100] www.nodepet.com “GET / HTTP/1.1″ 200 42235 “http://www.BigFinder.de/” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de)”
83.133.125.202 – - [16/Jan/2009:06:18:41 +0100] www.nodepet.com “GET / HTTP/1.0″ 200 42235 “-” “-”
83.133.125.202 – - [16/Jan/2009:06:18:42 +0100] www.nodepet.com “GET / HTTP/1.0″ 200 17642 “-” “-”
83.133.125.202 – - [16/Jan/2009:07:00:39 +0100] www.nodepet.com “GET / HTTP/1.1″ 200 17642 “http://www.bigfinder.de/index.php” “T-Online Browser (Windows NT 5.1; U; de)”
83.133.125.202 – - [16/Jan/2009:08:04:08 +0100] www.nodepet.com “GET / HTTP/1.1″ 200 17642 “http://www.bigfinder.de/index.php” “Mozilla/3.01 (compatible;)”
As you can see, the bot does not look for robots.txt, constantly changes its user agent string and leaves fake referrers pointing at bigfinder.de. To me, this looks like referrer spam with badly falsified browser strings and the target sitting on the same address as the bot:
olliver@bunkiten:~$ host www.bigfinder.de
www.bigfinder.de has address 83.133.125.202
So who are bigfinder.de and what is their mission? According to http://www.bigfinder.de/ueber.php some firm called projectnet run by Gert Kambartel is behind this operation. Their goals look quite interesting (as in peculiar):
Vorbei sind die Zeiten der “Ranking-Olympiaden” !!!
Bei BigFinder.de gibt es kein Ranking mehr. Hier hat jeder Eintrag die gleiche Chance, gefunden zu werden. Die Einträge werden gemäß der eingegebenen Suchworte per Zufall ermittelt. Das heißt, daß keine Einträge mehr für “ewig” auf den vordersten Plätzen stehen. Jeder Eintrag wird statistisch gesehen genau so oft angezeigt, wie die anderen, egal, wie “groß” oder wie “bekannt” eine Seite ist.
(source: http://www.bigfinder.de/ueber.php)
This translates to:
Gone are the days of “ranking olympics” !!!
At Bigfinder.de a ranking no longer exists. Here, each entry has the same chance of being found. Entries are randomly determined according to the given keywords. That is, no longer are results on top positions “eternally”. Each entry is, statistically seen, displayed as often as any other, no matter how “large” or “known” a site is.
The notion I dislike is that there is some elite hogging up the search engines and this would be the only reason for some sites not to be found in search engines. Also this begs the notion of each site delivering the same degree of relevance for a search query, which is of course far from reality. Quite unsurprisingly, under http://www.bigfinder.de/mieten1.php you can find the bait for a guarantueed listing:
Können Sie sich vorstellen, in der größten und bekanntesten Suchmaschine auf Platz 1, 2 oder 3 zu stehen? Sie würden eine ungeahnte Menge an Besuchern auf Ihre Webseite bekommen. Davon träumen mit Sicherheit Millionen von Webseitenbetreibern, die alle etwas auf ihrer Webseite anzubieten haben.
(source: http://www.bigfinder.de/mieten1.php)
translation:
Could you imagine being listed at first, second or third position in the largest and best known search engines? You would get an inconceivable amount of visits to your website. Surely that is something millions of webmasters who offer something on their website are dreaming of.
Obviously, this is based on the notion that top ranking for any keyword results in a lot of traffic. High traffic only applies to top positions for highly competitive terms and even that does not automatically mean a high conversion rate for commercial websites. And there lies the core of the problem: ultimately it is the website and its content that matters.
And finally:
Und genau so funktioniert die Top-Positionierung bei BigFinder.de.
Sie mieten einen oder mehrere für Sie wichtige Suchbegriffe für je 10,00 EUR/Jahr (zuzgl. 19,00 % MwSt.)! Jedesmal, wenn dann ein User nach diesem Begriff sucht, erscheint Ihre Webseite auf einem der Plätze 1-3 in der Trefferliste.
(source: http://www.bigfinder.de/mieten1.php)
translation:
And this is how top-ranking at bigfinder.de works:
You rent one or several search terms that matter to you for Euro 10.00 per year (incl. 19.00 % VAT)! Each time a user is looking for this term your website will appear on one of the top three positions in the results returned.
So as a summary, bigfinder.de wants to make people believe that sponsored and organic search results are identical and top rankings in any search engine automatically result in lots of traffic. There is also the implication that each site is of the same quality and can convert traffic to sales equally. To me, this is clearly aiming at easily gullible folks with little knowledge about how the web actually works. Furthermore, there is a financial incentive for this “search engine” to leave phony marks in webmasters’ server logs.
Looking more closely, I wonder why the search engine has to prominently display the amount of domains and supposed number of concurrent visitors on its pages:
13.491.148 Domains, 169 Besucher online
(this is what it claimed at 10:38 h CET)
Combine this with the hourly fake visits and you cannot exclude the possibility that someone is trying to artificially inflate one’s relevance by means of fake numbers and visitors. This is something regulars of a major SEO forum in Germany have been wondering about for a while, too:
I once contacted this guy via email. This guy was snotty and proud of his peculiar site.
I sent him a list of prohibited sites. Since then, I no longer received “pseudo requests”.
translation by me, original source: BigFinder replaces OttoSuch (in German only)
Hello,
I own a homepage and noticed in my web statistics that some visitors originated from bigfinder.de. I then went to their site and rented several keywords for 10 Euros a year.Now there are more “visitors” who reach my homepage via BigFinder. However, I suspect that BigFinder’s clicks on my site are automatically generated.
Not a single customer came to me this way. Via Google there are several regularly. I assume that this is technically feasible without any effort. But does anyone of you know more about that? Do other users suspect manipulation, too?
Does anyone know anything helpful about it?
translation by me, original source: Bigfinder Search Engine (in German only)
Like I wrote in my introduction: In case this is really a scam, it would be rather silly to have all requests originated from the same ip address as the official website and use badly faked browser strings. On the other hand, there is still a huge market of technically challenged and easily gullible webmasters who might end up paying the rent without getting anything in return. However, I don’t know whether it is a scam. There is merely some evidence suggesting that this search engine is intentionally planting fake referrers and there is a financial incentive for doing so. Additionally, there seems to be some kind of agreement that this engine does not result in real human visits, but even this might be the result of a biased sample.
What I do know, however, is that this bot exhibits an inacceptable behaviour and as it does not obey robots.txt there is no other way to opt out except of denying access to one’s website (or entire server).
Whois suggests the following about the ip range:
inetnum: 83.133.96.0 - 83.133.127.255
netname: LNCDE-GREATNET-NEWMEDIA
descr: Greatnet New Media.
country: DE
admin-c: FL1331-RIPE
tech-c: FL1331-RIPE
status: ASSIGNED PA
mnt-by: LNC-MNT
mnt-lower: LNC-MNT
source: RIPE # Filtered
person: Frazzetta Lindner
address: Greatnet New Media
address: Brentenstrasse 4a
address: D-83734 Hausham
address: Germany
phone: +49 1805 47328638
fax-no: +49 1805 444894696
nic-hdl: FL1331-RIPE
abuse-mailbox: abuse at greatnet.de
mnt-by: LNC-MNT
source: RIPE # Filtered
Greatnet is a German hosting outfit offering everything from websites to colocation, so they are safe to block without accidentally locking out human visitors. Plus you never know whether at some point in the future scrapers or web spammers will make this place their home and so the best prevention is to block first and make exceptions later.
Apache users on shared hosting may like to add
Deny from 83.133.96.0/19
to .htaccess or httpd.conf
Dedicated server owners may instead prefer to get rid of the noise altogether:
iptables -A INPUT -s 83.133.96.0/19 -i eth0 -p tcp -m tcp --syn -j REJECT
or the BOfH variant:
iptables -A INPUT -s 83.133.96.0/19 -i eth0 -j DROP
6 Comments »
Leave a comment
Posting comments requires Javascript to be turned on.
Thanks for the extremely thorough information on these guys. I have noticed them crawling my site (or at least hitting the home page) and the referrer intrigued me. It looked like a misconfigured bot or possibly a malicious bot but I just wasn’t sure. Now I am sure.
David,
Thanks for your comment. It appears strange to me that even Australian sites are targetted by this rather poor excuse for a search engine. On the other hand, if the goal is to collect backlinks via forged referrers (there still may be plenty of people running vulnerable referrer lists or statistics with unrestricted access), the tactics don’t seem to be that strange.
In all fairness though, I have to state that the opt-out process was fairly painless. I approached them via their contact form, got a response via their ticket system (not even arguing my point about their fake referrers) and haven’t seen them ever since. I don’t know, however, how well their English is (the lack of translations may give a hint or two about what could be expected).
O.
Thanks for this great information, Olliver. I’ve seen these people in my server logs also, and did not know how to deal with them!
Chloe,
Real search engines have their own address ranges (if you check whois for the ip address), often with a properly set PTR (reverse DNS entry, ip -> hostname), and try to avoid pissing off webmasters for they know that once they’re blocked their research and business opportunity will be rather limited.
So someone posing as search engine and crawling from some anonymous data centre will always have a credibillity problem from the start. In this age of webspam/junk 2.0 it has become quite common to deny access to one’s websites from ip addresses belonging to hosting companies, especially when these are dressed up as human visitors. Fortunately I get frequently hit by compromised webservers automagically probing for known exploits, because that keeps my deny-list current ;-)
O.
Thanks for the info! These guys are now BLOCKED!
I’m sure you’re right, Olliver, I don’t think they would care much where a site is hosted. Backlinks are backlinks after all.
IP addresses can be very misleading. Although I am Australian and my website was hosted in Australia at the time of that comment, I actually live in London.
I used work for a London company whose website was partially hosted in Canada and later, another whose websites were hosted on the AOL network and showed up as being hosted in America, even though some of them were in London and some were in Germany.