Unexpected Increase of Traffic

On September 26th 2010 I noticed that traffic of my primary website, aqua-fish.net, got better. The increase was similar to previous increases caused by changes of algorithms in Google, so I was just surprised a little, but didn't care about it too much. Earnings haven't increased, so I assumed it's nothing special, perhaps some change in ranking of images or so. It wasn't anything unusual, so why to worry about it? However, on October 2nd 2010 after I received a report of possible DOS attack, I noticed an autosurf-like referer being present in the report, so just for curiousity I opened that URL and realised that it's really autosurf traffic. But I haven't paid for this traffic!

Analysis

After being shocked by this discovery I started analysing my website's logs and found out that a referer from thevaults.net is being sent to my site once every 5-10 seconds. It started on September 26th in the evening and continued until October 2nd. The traffic was aimed at my site's homepage and thanks to Google Analytics I was able to tell that referrers were "autosurf visitors" who weren't interested in browsing my website at all. However, in average they opened 1.16 pages per visit and some of them also clicked AdSense ads. Only a few, in fact less than 10. Google Analytics haven't tracked all visits from TheVaults.Net, but my AdSense account didn't show anything unusual. No extremes in regards of clicks or earnings. Immediately I configured my scripts to stop traffic from TheVaults.Net.

Writing to TheVaults.Net Customer Service

As it's mentioned on their website, it's a company based somewhere in Central Hong Kong, however I'd doubt about it. They also offer you contact them at mail@thevaults.net. So I drop them an email asking who has paid for that traffic. No response in 4 days! What's more, on October 6th my site was attacked, it was a DDOS attack. No damage has been done thanks to protection that works. I noticed plenty of Asia-based IP addresses to participate on this attack. For instance,

• 111.160.68.11
• 111.160.68.12
• 111.160.68.14
• 111.160.68.15
• 111.160.68.16
• 111.160.68.17
• 111.160.68.140
• 111.160.68.194
• 112.122.142.154
• 112.122.142.155
• 118.69.35.46
• 118.97.224.2
• 119.70.40.102
• 121.145.120.165
• 122.193.111.34
• 122.193.111.36
• 122.193.111.37
• 122.193.111.38
• 122.193.111.39
• 122.193.111.40
• 122.193.111.41
• 123.125.156.209
• 124.160.18.122
• 124.160.18.139
• 124.160.18.156
• 124.160.18.90
• 124.160.18.92
• 125.35.11.39
• 211.138.124.252

It's all very interesting as the site claims to be located in Asia. Although many US based IP addresses contributed to the attack too, I believe it's a part of misused computers.

Closer Look at TheVaults.Net and their so-called "Investment opportunities"

OK, let's analyse only one "Invest Plan". You invest $1000 and in 14 days you have $1400. That's totally impossible. Why wouldn't you or me invest into such a high profitable thing? Why wouldn't do so governments and big companies? Just because it's SCAM. It's a pyramid scheme where new "investors" pay old "investors". Moreover, they take money from stupid webmasters who hope to get some conversion with TheVaults.Net's stupid autosurf program. It's a SCAM, SCAM, SCAM and nothing else! Avoid buying traffic from TheVaults.Net and avoid "investing" money in such a questionable manner!

Conclusion?

The question remains... What asshole paid for traffic to my website??? I just hope that such a person will be dying of cancer for years in pain!!!