Author: W.De Groot (15 Sep 14 3:35am)
About 50% of the IPs that are clogging up my servers with referrer spam are not listed by HTTP:BL, for example this one:
a) many people report this referrer spammer
b) it was recently seen by the honeypot (1 week ago)
So I seems likely that it was in fact referrer spamming the honeypot, but its behaviour wasn't classified as "malicious".
What to do? Could the honeypot code be extended so that it checks for backlinks on the referrer url ? If not, increase threat rating?