Caught it. Finally caught it. The hardest part about catching who exactly is doing what is when they know how to be invisible to trackers but still show up on blogger stats. Blogger stats are the vaguest stats I've ever seen in my life, but dang they actually see the incoming, so I can't fault them at all. I went through the Brazil and Ukraine things and laughed, this one has been a great big pill and I've finally got it nailed down now. I've been able to confirm that it began immediately after embedding a javascripted paper.li widget into Pinky blog, which meant their sharing code was vulnerable. This isn't the first big media site I've linked to and been cyber spammed out my eyeballs behind the scenes. If you guys think spam emails are bad, you've never seen bot swarms pinging back from legit companies who don't have a clue how to secure their sites and get hacked like crazy without even knowing it, and their clients get swarmed just for linking them. Yes, I was a paying client, was being the operative word.
This hacker who's been pinging me over the last year is definitely based in France, confirmed taking over my stats for months, and since the beginning of this year I've been watching 6 posts in particular pull in 50 hits a week each, over and over, like on a regular schedule. I never could nail the referrals until today because they were always mixed in with regular incoming. This morning in the wee hours I caught a loner, and all the rest was already in place.
This is about hash merge redirects. I don't think it affects you guys at all, but it seriously skews my statistics. Basically, hackers will use fairly innocent app sites like streamsend to set up redirects to a cover site that looks like porn but is REALLY a scalp site that hijacks personal info off your device. I've been able to compile a list of apps being used to hash redirects and they all go back to the same site, which no one would ever find on a search engine (big red flag that it's not really porn).
So why in the world would hackers like this be working so hard to get into Pinky blog? Well, my email address is like my phone number or social security number, a unique identifier that opens a great big door all over my medias. My blog fleet is only as secure as the host I choose, and that's pretty much why I've been sticking with blogger. They do most of the dirty work keeping the sewage cleaned out behind the scenes (they trash the spam for me, I normally don't see most of it), and these hackers are looking for ways around a really tough security system.
Why is this a big deal? Because my stats boomed. I want to know if those are real readers, right? Well, about a third of my readers at ~very particular times~ are fake. The rest of you are still real. I really did experience a reader boom, but it's been a little bit inflated lately for some reason. I couldn't help noticing they took the bait I put out awhile back and immediately fixed their bot to crawl instead of remaining static, so someone actually is paying attention. Hello, Someone. You Suck.
It's all good. We're both laughing.
All pix in this post were previously used and linked on Pinky blog, so I'm not linking them today.
How about something fun while I get busy?
