31 {{ upvoteCount | shortNum }}
31 {{ upvoteCount | shortNum }}

visitors from an xurl redirect what is it?

by captivereef
26 replies
I have been getting alot of hits from an xurl redirect to one of my sites. Interestingly enough my clickbank sales have dropped to almost nothing. Not sure what an xurl is or what to make of it. The visitors from these redirect stay on for much longer then the normal visitor.

Here is an example of one of the urls

http://146.185.250.135/?xurl=http://...rlgoeshere.com

should i be worried or is this normal?
#redirect #visitors #xurl
  • Profile picture of the author maheshr
    Now these days I am also getting lot of visits from xurl visitors from the same ip s



    I searched in many forums and lot of google searches, couldn't found what is it and wher it comes?

    Can anyone tell as about them? will them affet search engine rankings?
    Signature
    How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
    {{ DiscussionBoard.errors[5148780].message }}
    • Profile picture of the author Wilde
      Is the IP always the same? http://146.185.250.135

      Also the xurl bit is a variable used by some sort of script on that ip. The ip lookup for that is in Russia. It could just be some sort of affiliate rediret
      Although looking at some of the results in google is your site selling a clickbank product?

      Search this in google /?xurl=http://
      {{ DiscussionBoard.errors[5148932].message }}
      • Profile picture of the author maheshr
        Sir, thank you for helping me.

        The IP of the visitors are always diferent, us ips. but the refferal link shows same ip. I am getting around 100 visits per day from them. the reffreal links always begins from

        83.133.124.250, 146.185.250.210 and 76.73.39.226

        No, I am not selling any clickbank products. I saw in statcounter forum, many users are also facing same issue. but none knws any clue. I also found some xtreme tracking users having same visits in google search.

        Its realy weired. How o get rid of it?
        Signature
        How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
        {{ DiscussionBoard.errors[5149060].message }}
        • Profile picture of the author Wilde
          If you want to get rid of it depending on your website probably the best way would be to setup a .htaccess rule to block any referrer with the /?xurl=http:// in it.

          Is the url at the end of the referrer yours? Or something different?

          It looks like it is somekind of bot don't think it is xrumer but there are others. That is either looking for commenting opportunities, referrer spam, or something similar.
          {{ DiscussionBoard.errors[5149347].message }}
          • Profile picture of the author maheshr
            The refferal link looks same as the thread starter listed link except the end of the url is my website. But if we click the referral link, it won't go anywhere. In many forums peoples are asking same questions, but none seems answered. Everyone facing the exact problem, getting visits from same xurl refferals.

            I am wondering, will it cause any damage to my website or search engine rankings.

            Thank your for your help
            Signature
            How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
            {{ DiscussionBoard.errors[5149477].message }}
  • Profile picture of the author Wilde
    Do you have access to the servers log files? If so see what they are doing while they are on the site. Also speak to your host to see if they are having any problems. How many hits are we talking about? Did your other traffic go down? Or is this extra traffic.
    PM me if you don't want it public.
    {{ DiscussionBoard.errors[5149626].message }}
    • Profile picture of the author maheshr
      Originally Posted by Wilde View Post

      Do you have access to the servers log files? If so see what they are doing while they are on the site. Also speak to your host to see if they are having any problems. How many hits are we talking about? Did your other traffic go down? Or is this extra traffic.
      PM me if you don't want it public.
      yes, i have access to log files. I have checked it. I think they are hitting most of the images(gif, png and jpg). The most visited url is /pngfix.htc . My website don't have a page like that, I think its the png fix image file. Second most visited url is the homepage. The xurl refferal r visiting that 2 pages frequently.

      I am getting around 100 hits per day, I am getting other traffic as usual before. This is extra traffic.
      Signature
      How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
      {{ DiscussionBoard.errors[5149787].message }}
      • Profile picture of the author Wilde
        You say it is mostly images that they are coming to? It could be a hotlinking redirect to your images? If it is mainly images it could be a image scraper for a automated site builder or for a image site somewhere. Maybe put a watermark on the images with your site url. There are many things it could be to be honest.

        Or you could do some research about .htacces and block anything that comes to your site with "/?xurl=http://" in it. Afterall it's useless traffic anyway. Keep an eye on your log files for a while to see what if anything has changed. If it persists speak to your hosts, they should be able to help.
        {{ DiscussionBoard.errors[5150070].message }}
        • Profile picture of the author maheshr
          Originally Posted by Wilde View Post

          You say it is mostly images that they are coming to? It could be a hotlinking redirect to your images? If it is mainly images it could be a image scraper for a automated site builder or for a image site somewhere. Maybe put a watermark on the images with your site url. There are many things it could be to be honest.

          Or you could do some research about .htacces and block anything that comes to your site with "/?xurl=http : //" in it. Afterall it's useless traffic anyway. Keep an eye on your log files for a while to see what if anything has changed. If it persists speak to your hosts, they should be able to help.

          Yes, some hits are into some gif and png images. almost half hits coming to front page. I tried to edit .htaccess. but still geting hits from them

          What is confusing is

          I got around 3 visits from Ip Verizon Internet Services(USA)(173.57.43.176)

          refreal link is

          146.185.250.210/?xurl=http : //146.185.250.210/uKU2Rs3x5w5Jz8O39ed914db04dbf93aad8dcdfca251705706 A&xref=http : // my domain

          in the next minute got another 3 visitors from Bell Canada (70.27.73.182)

          146.185.250.210/?xurl=http: // 146.185.250.210/fKN1K68P627M4Du417b3bf53ecd330b1488036555ce5c29705 x&xref=http: / /my domain

          so, everytime referral ips are same except the encrypted middle part. But IP s of the visitors are always different, some times different country. WHile cliking the reffreeals it won't go anywhere. so how can they use my images?
          Signature
          How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
          {{ DiscussionBoard.errors[5154438].message }}
  • Profile picture of the author NPOPromote
    blacklist those specific IP addresses using either cpanel or a security software.

    otherwise, a fun thing to do is not block the sites and let them steal your images. what they are essentially stealing is usually not the image itself, but a link to the image. wait for a few days, then do a rename of the images on your site. use the same names for the old images, but replace them with pictures that say "I STOLE THIS PICTURE FROM [your site]"

    this is also something you can do to people who copy blog posts - just insert a tiny .gif or .jpeg file, then do the same tactic a few days after you've uploaded it.
    {{ DiscussionBoard.errors[5150218].message }}
    • Profile picture of the author maheshr
      Originally Posted by NPOPromote View Post

      blacklist those specific IP addresses using either cpanel or a security software.

      otherwise, a fun thing to do is not block the sites and let them steal your images. what they are essentially stealing is usually not the image itself, but a link to the image. wait for a few days, then do a rename of the images on your site. use the same names for the old images, but replace them with pictures that say "I STOLE THIS PICTURE FROM [your site]"

      this is also something you can do to people who copy blog posts - just insert a tiny .gif or .jpeg file, then do the same tactic a few days after you've uploaded it.

      How to blacklist those IP s since every visitors are coming from different Ips? , only the refferal url is the same
      Signature
      How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
      {{ DiscussionBoard.errors[5154448].message }}
      • Profile picture of the author Wilde
        "How to blacklist those IP s since every visitors are coming from different Ips? , only the refferal url is the same"

        Exactly, you can't which is why I didn't suggest it. You would have to be watching your stats 24x7 to spot them straight away.

        Best thing is to do it with .htaccess and block anything coming to your site with that snippet in it. It isn't too hard but if you are not sure speak to your host and ask them to do it at the firewall level.

        Changing images name is also a good one but if your site is large or not templated, or has a large amount of images, it is also not practical. If your site is php based then there is a script kicking around the internet to protect your images. I have used it on a couple of image heavy sites where people were quite paranoid about them. It kind of acts as a intermediary and serves the images through the script.
        {{ DiscussionBoard.errors[5155583].message }}
        • Profile picture of the author maheshr
          Originally Posted by Wilde View Post

          "How to blacklist those IP s since every visitors are coming from different Ips? , only the refferal url is the same"

          Exactly, you can't which is why I didn't suggest it. You would have to be watching your stats 24x7 to spot them straight away.

          Best thing is to do it with .htaccess and block anything coming to your site with that snippet in it. It isn't too hard but if you are not sure speak to your host and ask them to do it at the firewall level.

          Changing images name is also a good one but if your site is large or not templated, or has a large amount of images, it is also not practical. If your site is php based then there is a script kicking around the internet to protect your images. I have used it on a couple of image heavy sites where people were quite paranoid about them. It kind of acts as a intermediary and serves the images through the script.

          I tried .htaccess, used some codes. But none worked. Can we add only a snippet like "/?xurl=http" in .htaccess file? I tried a .htaccess code tool, it only alows to add a comple domain name or ip address.


          My website is a small 10 page html only website, selling a work at home ebook. The home page has only 4 added images (ofcourse many images like header, side bards, background etc).

          My domain is 3 years old, not changed any scripts or layouts recently. Its topic is work at home. I think I am geting these kind of xurl refferals since 2 months.

          I have another domain with the same content, but it never got these kind of hits.

          I think its better to ask to the topic starter whether he solved it or not. But I can't PM bcoz am new to this forum.

          Once again thankyou for the great help
          Signature
          How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
          {{ DiscussionBoard.errors[5156330].message }}
  • Profile picture of the author Wilde
    Could really do with seeing the site and knowing more about it's history.
    How long have you had the domain?
    Has it recently been changed. Design, layout, scripts?
    Whats it's topic.
    {{ DiscussionBoard.errors[5155635].message }}
  • Profile picture of the author maheshr
    @Wilde

    Now I just checked the visitor activity in the cpanel. See what I found

    Visitor from UK Be Un Limited (188.221.239.92)


    My statcounter account shows, only 3 visits, total time spent 2 mins 16 secs ,refferal link is

    83.133.124.250/?xurl=http : //83.133.124.250/gZo33Crd6W3qjtU60ecd2a3b6a199c6c1c3bfcf7f3f0fb9206 x&xref=http : //my domain



    But my cpanel visitor log shows

    over 100 visits in 3 seconds from the same IP

    the first visit is from the above refferal url to my homepage

    then the rest of the visit's reffering url is my homepage


    they visited almost all image files, NOT any pages.

    except the first visit all other visits from same Ip visited

    /images/work-at-home-couch1.jpg
    /images/img0015.png
    /images/banner_bg.gif
    /images/cash.jpg
    /images/sideBar_bg2.gif
    /pngfix.htc
    etc

    (each image visited one time only except the image cash.jpg (was visited 2 times). In my homepage I am using cash.jpg in two places)





    so the same visitor(188.221.239.92) first visited my homepage from the xurl refferer. Then he used my homepage as reffering url to visit or use most of the images from my image folder.

    From yesterday I am using hotlink protection in cpanel(only my website can use the image now) but still am getting visits.

    So from the points above what are they?
    Anyone copying my site?

    Thanks in advance
    Signature
    How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
    {{ DiscussionBoard.errors[5156510].message }}
  • Profile picture of the author Wilde
    K, yes you can block with the snippet but you will need to use regular expressions in there, not the actual snippet.

    I don't suppose that you use the images on your site for anything like emails or even in your ebook? Do you have affiliate sales?

    To be honest it just looks like somekind of sniffer/phishing bot looking at your site. Keep an eye on your conversions and ftp logs to see if anything changes. If you
    {{ DiscussionBoard.errors[5156596].message }}
  • Profile picture of the author maheshr
    No, I don't use any special images. They are visiting evan the template border, buttons etc. No, I am not using affiliate system to sell.

    Since the visiting refferals always begins with 83.133.124.250, 146.185.250.210 and 76.73.39.226 and the encrypted part and the visitor Ip differ everytime, is any kind of malwares or programs visiting my site?

    Now I am seing lot of people complaing abt this problem in various forums, it seems avreyone started facing it very recently, is it any kind of new bug?
    Signature
    How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
    {{ DiscussionBoard.errors[5156664].message }}
    • Profile picture of the author ibacklinkpro
      Why is everyone worried about it... do you really have nothing better to do then to speculate and try to figure out why these new visitors are coming to your site, already deciding that they should be blocked because it looks weird? If you have time for that, you should be in IM. Unless you have very strong proof to support that this is a problem, ignore it do the important stuff, like writing a new blog post....
      Signature

      Here is How to Steal Your Competitor’s High PR Backlinks:
      http://www.warriorforum.com/warrior-...free-demo.html

      {{ DiscussionBoard.errors[5156703].message }}
      • Profile picture of the author Wilde
        @ibacklinkpro... Wow.. So it's ok for you to waste your time posting in threads where you have nothing constructive to say. But not for us to discuss what we like! Thanks for telling us what we should be doing with our time very much appreciated. Last time I checked you know nothing about me, nothing about my business and how I spend my time is absolutely nothing to do with you. If you don't like what is being discussed then... jog on to the next,

        This is not just "visitors" as you call it. This is some kind of bot, which could be harmless, could be a competitor spying on it, for backlinks etc..., could be leeching, could be many things. If you don't watch your site stats and you don't act on anyting suspicious then you could be heading for trouble.

        Personally I would block it, I block anything I find that does keyword scraping, content scraping, site monitoring or any other competitive intelligence. Why make it easy for your competitors. If it is only from those ip's then yes give it a try, monitor you stats etc.. to see how things go.
        {{ DiscussionBoard.errors[5157928].message }}
        • Profile picture of the author maheshr
          Originally Posted by Wilde View Post

          This is not just "visitors" as you call it. This is some kind of bot, which could be harmless, could be a competitor spying on it, for backlinks etc..., could be leeching, could be many things. If you don't watch your site stats and you don't act on anyting suspicious then you could be heading for trouble.

          Personally I would block it, I block anything I find that does keyword scraping, content scraping, site monitoring or any other competitive intelligence. Why make it easy for your competitors. If it is only from those ip's then yes give it a try, monitor you stats etc.. to see how things go.

          I started seo only 2 or 3 months ago and my website was in the 8 th page but 3 days ago it went to 15 th page thats why I started worrying. After seing the therard starter's comment like
          "Interestingly enough my clickbank sales have dropped to almost nothing." I started worrying more.

          one person is saying his sales are also went down

          see (remove the gap between dot and com, I have restrictions to post link in this forum because I am new here)

          sitepoint. com/forums/showthread.php?801570-wierd-traffic-sourceplease-help!

          forum.statcounter. com/vb/showthread.php?t=40711


          I couldn't block it because every time it has some unique encrypted part.


          Since seing its behaviour, it looks like any kind of automated programs or boats. But even google search can't get any results, so it looks like a new program. As you said if it is a boat or spy only I am Happy, otherwise....

          So am worried, whether I should change my domain or not.
          Signature
          How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
          {{ DiscussionBoard.errors[5158926].message }}
      • Profile picture of the author maheshr
        Originally Posted by ibacklinkpro View Post

        Why is everyone worried about it... do you really have nothing better to do then to speculate and try to figure out why these new visitors are coming to your site, already deciding that they should be blocked because it looks weird? If you have time for that, you should be in IM. Unless you have very strong proof to support that this is a problem, ignore it do the important stuff, like writing a new blog post....
        I am trying to figure out because if it is any kind of malware of fishing it will be veary dangerous to my website. I have many sites, but only one is affected with it. My site geting around 100 visits daily from 3 refferers since 2 months, what should I do now? sleep?

        I don't have proof to support that this is a problem because I am trying to figure it out. I was trying to find whether it is malware or phisting refferals or junk traffic only, if I find it is junk traffic then I can concentrate on link building as you said.

        What is the point of painting a boat when it is sinking?
        Signature
        How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
        {{ DiscussionBoard.errors[5158795].message }}
  • Profile picture of the author Wilde
    I don't normally post code on sites like this as it can end up confusing some, more than it helps but here goes. The following should block anything that comes to your site with xurl=http in the referrer string and should be put in your .htaccess file, make a backup of your existing one first.

    This sets a apache variable called xspam:
    SetEnvIfNoCase Referer ".*xurl=http.*" xspam

    This then checks if it's set or not and blocks access accordingly. Some of this you may all ready have in your .htaccess some you may not:
    <Limit GET POST PUT>
    Order Allow,Deny
    Allow from all
    Deny from env=xspam
    </Limit>

    The bolded line is the line that does the work, so if that above section is already in your .htaccess file then just put that line in there. After editing your .htaccess then it's always a good idea to restart your browser and check your site all through to make sure the pages are loading

    Try it and let me know if it works.

    P.S I haven't tried this as the only site I had that was getting these is now sold
    {{ DiscussionBoard.errors[5162802].message }}
    • Profile picture of the author maheshr
      As you said it is confusing.

      I have some knowledge about .htaccess so I can add the line Deny from env=xspam to .htaccess.

      Should I edit or add apache varibale? If so where should I add the following line

      SetEnvIfNoCase Referer ".*xurl=http.*" xspam

      Or should I just add Deny from env=xspam to .htaccess?

      Only that part is confusing, kindly guide me

      Once again thank you for the great help
      Signature
      How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
      {{ DiscussionBoard.errors[5163270].message }}
  • Profile picture of the author Wilde
    Both lines go in your .htaccess file.

    Make sure the Deny from env=xspam goes in the limit section of your .htaccess the other line can be put as far as I know before or after the limit section. Although I would put it before as it.... well, my preference
    {{ DiscussionBoard.errors[5163496].message }}
    • Profile picture of the author maheshr
      Originally Posted by Wilde View Post

      Both lines go in your .htaccess file.

      Make sure the Deny from env=xspam goes in the limit section of your .htaccess the other line can be put as far as I know before or after the limit section. Although I would put it before as it.... well, my preference

      I did it after I read them carefully. Since then I didn't got any vsisits yet...I think its working

      I will let you know after some hours....thank you so much
      Signature
      How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
      {{ DiscussionBoard.errors[5163562].message }}
      • Profile picture of the author maheshr
        Originally Posted by maheshr View Post

        I did it after I read them carefully. Since then I didn't got any vsisits yet...I think its working

        I will let you know after some hours....thank you so much
        After added the code I am still getting visits from them. But reduced, today got 25 visit instead of 80 to 100 per day day.

        Any idea what is happening?
        Signature
        How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
        {{ DiscussionBoard.errors[5169243].message }}
        • Profile picture of the author maheshr
          @Wilde

          I cannot PM you because I have restrictions, I am new here.

          Even after puting codes I was getting visits as before. So finally I changed my domain, I had another domain with same age so changed to that one. I think it is better to concentrate on seo in new domain than wasting our valuable time by following xurl refferals.

          Once agian thank you for helping me with your knowledge and tips.

          I will post if I found any information about xurl.

          thax
          Signature
          How To Grow Taller Naturally | Tinnitus Miracle Review | How To Get Rid Of Hemorrhoids
          {{ DiscussionBoard.errors[5178766].message }}

Trending Topics