Today some of our systems alerted us of some very interesting traffic, a series of requests that looked like this:
xxx.xxx.xxx.xxx osx.iusethis.com - [12/Sep/2006:16:42:01 +0200] "GET /app/iusethis/376 HTTP/1.1" 200 481 "http://www.mistatree.org/Shareware/iTunify/index.php" "Mozilla/5.0 (Macintosh; U; I
From various URLs at mistatree.org. A quick inspection revelead that mistatree had some javascript loaded on every page from http://www.mistatree.org/master/Hidden.js . Here's an relevant bit from that file:
setCookie("FirstVisit","false",1);
document.getElementById('mysticFrame').innerHTML =
"<iframe xsrc=\"http://www.linotype.com/redirect/89015/315/76885/\"style=\"visibility: hidden;\" border=\"0\" width=\"1\" height=\"1\" align=\"center\"></iframe>
<iframe xsrc=\"http://osx.iusethis.com/app/iusethis/376\" style=\"visibility:
hidden;\" border=\"0\" width=\"1\" height=\"1\" align=\"center\"></iframe>";
;
so, it seems that they are loading a couple of urls in a hidden frame on the first request you do. The first request is for linotype.com, not sure how that benefits them, but it seeems to be some sort of referrer scheme. The second link goes to the default url that's loaded when javascript is disabled on iusethis.com. It's pretty obvious why they do that bit.
Obviously, we would rather that the click counts came from actual users, rather than the software companies generating fraudulent traffic. That's why we've now installed a new fraud detection system, which will foil such attempts, and alert the user. Hopefully that will keep our generated data honest and interesting.
Even tho Mistatree did not actually benefit from this operation, the question remains. Would you buy shareware from such a company?
Shameful. :(
Have you asked Mistatree directly what the F that was?
sounds like grounds for eliminating their products form iusethis.
Amusing :D
NIce. Wonder how many other sites they planted that little surprise on.
Isn’t this just standard issue referral spam?