Link Farming for Fun and Profit: Lt. Draper

From KaminskiWiki
Jump to: navigation, search

I bumped into a small link farm patch on Twitter today. It was more interesting than the typical "Trending Topics" spam we see so much, so I tweeted:

What a sophisticated Twitter link farm looks like: http://bit.ly/info/cVh4t - numeric fake people, lots of RTs, affiliate ID in long link. - Oct 7th

A friend asked, "say more! this is very interesting..."

So here goes.

The first contact was a notification of a Twitter follow -- Jolyn, aka @Sophie146. Here's what I got in my email:


Lfs20091007-001.png


(The broken image links are where my email client doesn't load images by default, to protect my privacy. See Loading Images in Email for why this is important.)

Jolyn/Sophie is immediately suspicious, because her name doesn't match her nick, and because she's following more people than are following her. (Although the ratio is not super-high -- she's been okay, if not great, at getting followers.)

Let's check @Sophie146's tweets:

RT @bernadine_rr Call Center Games - Performance Improvement. http://bit.ly/kTvv1
    
Obviously it would cost more.
    
That hasn't happened since Minority Report.
    
RT @arn_123 My Organic Food Garden - 75% Commission. http://bit.ly/RnK4y
    
RT @RobertGrer The Timeline and Business Plan: http://bit.ly/14GFF
    
Ausight World Importers Directory. http://bit.ly/2A4XNv
    
They put pipe bombs in toilets and wrote manifestos.
    
Credit where credit is due: http://bit.ly/Gkpey
    
Patriotism is easy to understand in America. It means looking out for yourself by looking out for your country. - Calvin Coolidge
    
Then maybe setting the options people have for healthcare should be taken care of by LOCAL GOVERNMENTS.
    
Things were not going well in Iraq3.
    
The same goes for this Obama nonsense.
    
RT @beth_jim Social Media Landscape: http://bit.ly/PkXLU
    
Our Launch Story: http://bit.ly/cVh4t
    
If this is a regular suspicion for someone, they need to re-evaluate how they use their computer. 

The tweets are a little random. Any one tweet looks okay, but taken as a whole, Jolyn isn't much of a conversationalist. Note that she does like to tweet links, though.

I took an arbitrary link to check out, http://bit.ly/cVh4t. To be careful, I added a plus at the end, http://bit.ly/cVh4t+, which tells bit.ly I want to preview the link, not go to it. bit.ly's information about the link includes:


Lfs20091007-002.png


Note the "idevaffiliate.php?id=133" long link -- someone named "id=133" is getting something when people visit this link.

Now, what are people on Twitter saying about this link?


Lfs20091007-003.png


The thing that sticks out for me here is the number of nicks that have numbers at the end, much like our Sophie146. Sure, there are real people who have numbers at the end of their nicks, but it's not super common on Twitter. It's a weird distribution to see a bunch of them in one place.

Nicks with numbers are used by people who generate lots of accounts, because it's an easy way to generate lots of plausible nicks -- just increment the number to get another unique one.

I think maybe all these are fake accounts. If so, it's more clever than usual to generate some that are non-numeric, too.

Checking out some of their tweets, here's @bobb_iq:

Are your products aligned with market needs?: http://bit.ly/35mfWX
    
RIM manages to sync the iTunes libraries to their Blackberries without any deception.
    
Are your products aligned with market needs?: http://bit.ly/35mfWX
    
RT @SebasRLester Dog Owners Speak Out. http://bit.ly/24WuLna
    
RT @WilliamErskine Event Planning - how to leverage social media to build hype: http://bit.ly/2vV8Kk
    
Green Card By Marriage Interview. http://bit.ly/12MNh5
    
And that people who treat them badly just for being Muslims will be rightly ostracized.
    
You'll soon know it's wrong.

Or @Eloy1231:

Family Child Care Business In Ten Easy Steps. http://bit.ly/15lXUL
    
Over a generation we will have socially re branded a word to revoke power away from theists.
    
I don`t make jokes. I just watch the government and report the facts. - Will Rogers
    
Uncle John's bathroom readers were the best.

Las Vegas Directory & Classifieds At LasVegasNevadaNV.com. http://bit.ly/2vXxFd

RT @arlinda_love The Secret To A Friendly Divorce. http://bit.ly/mCKgA

Destroying a USB peripheral because they don't want competition? That's not within Apple's rights.

RT @peterrage Sourcing engineers to build our product: http://bit.ly/FiUpQ

Their best animated movies came out of that musical era: The Little Mermaid, Beauty and the Beast, Aladdin, The Lion King.

Traffic through wikis: http://bit.ly/c0dxk

they weren't a bank, but they acted like a bank so they will be treated like a bank if this goes thru.

You get the idea. Frequent tweets, disjointed conversation, lots of bit.ly links. You can't see it in the pasted abstracts here, but all these users' tweets are marked as coming from the same Twitter client, TweetDeck. The fake users like to retweet amongst themselves, to make the links seem more plausible to humans, and the whole conversation seem more interesting to automated Twitter analyzers. I didn't check, but I wouldn't be surprised if they tend to follow each other, too (since Twitter has heuristics limiting the number of people you follow based on the number of people following you).

Let's check another of these bit.ly links at random. I chose http://bit.ly/FiUpQ+:


Lfs20091007-004.png


Lfs20091007-005.png


Again, created by ltdraper, and long link includes "id=133". Same sort of "conversations" on Twitter.

Yup, looks like a link farm.

So, who is "ltdraper"? A quick Google search turns up that he's a forty-something software developer / SEO expert who lives in North Carolina. He runs promote-my-site.com. "Lt. Draper" & "Don Draper" are his noms de plume; they come from the TV show Mad Men.

Here are some highlights from the web search:


Lfs20091007-006.png


Lfs20091007-007.png


Lfs20091007-008.png


So there you have it. To implement this link farm, Lt. Draper has set up a bunch of Twitter accounts, and uses them to tweet and retweet links shortened and masked through bit.ly. He pushes a lot of random but plausible tweets through each account, to make each of them look more like a real account. The tweets are marked as coming from TweetDeck, although we don't know if they really are; that's easy to fake. And finally, presumably there is some payoff to him or his customers as folks on the net click on the links in the link farm.

Lt. Draper, if you're reading this, congratulations on having a pretty fancy link farm operation. I don't begrudge small business folks making an honest buck, and I understand that you feel you're within your rights and system guidelines to farm links the way you do. But I'd have to say you're gaming the system, causing little annoyances to thousands of people, and helping to decrease the signal-to-noise ratio on the net.

Twitter or bit.ly, if you're reading this, let me know if you'd like some help with spam. I've been helping run Internet service providers for 15+ years, including security and anti-abuse operations, and I'm also a software developer and system administrator with extensive Internet protocols experience. I like untangling networks like Lt. Draper's and setting up automated filtering to make it harder or less lucrative.

-- Peter Kaminski 16:03, 7 October 2009 (PDT)

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox