What Is This?

This webpage is designed to help you learn if you have been infected with a particular type of spyware. Specifically, it checks for fake "referrer" information from your web browser. Where there's smoke, there's fire. If you're spewing bad referrer info, chances are you've got spyware problems.

What Is Referrer Abuse? How Do I Check For It?

When you click a link on one webpage to visit a second webpage, your web browser tells the second web page where you came from. It passes "referrer" information to the second web server. Once upon a time, this was useful. It told webmasters who was sending visitors their way. Now, it's an avenue for abuse.

It's very easy to fake referrer information. People have exploited this to hustle for money or harass people. It usually starts by installing software -- a new web browser, or spyware -- that changes your referrer info to whatever they want. Then, they can make it seem like you arrived from a website that they choose, so they can earn a commission for referring you to the second site. Or, they can exploit blogs and web traffic analyzers to display their phony referral links on websites, which means Google will find the links and put the spammer's site higher on its search results. You can see where this leads . . . .

The server logs at etree.org are full of this stuff. Here's a peek (with a few changes so you can't actually visit these folks):

That is what a web server log looks like. The referrer link is in red. Someone was viewing the entry for SHN #3869 (The Grafeful Dead, 06-09-1977). You can be sure that there is no link to free, lossless Grateful Dead soundboards from an online poker network.

How did this happen? Someone was using Crazy Browser, which is freeware that makes its money by selling referrer links to online sleeze merchants, in hopes of getting the poker URL onto websites, so Google can find it. Yippee.

So . . . Get To The Point!

This site shows you the referrer string that your browser is sending out. Do you remember the website you were visitng before you came here? You should see that listed below, if you clicked a link to get here. Or, if you came here by typing the URL into your browser, then you'll see "You have a blank referrer string" instead. If you're not sure, click this link to reload this page and the referrer should become http://www.goldey.net/check.php. If it doesn't, you may have a problem.

If you don't see something familiar (etree.org, furthurnet.org, goldey.net, etc.) don't panic. Some web browsers use special referral fields (like, if you use one of those free ISP services) and others always blank them out. But, if you see something that looks wrong -- especially sex, gambling, mortgages, wang expansion, etc. -- then you may have spyware installed that is creating fake referrer fields. Here's what you can do to get clean and avoid the problem: