(6)
Six months ago, we reported that Microsoft Live Search was sending spammy types of referrals. Rogerd reports on WebmasterWorld that he's not seeing the same types of referrals we reported back in January, but he's finding some even stranger ones. For example, he saw a search for "computers" and this is a term he doesn't even rank for.
Other forum members report similar suspicious activity. As robzilla says, all hits have a referring URL that includes the variable "form=QBHP". After analyzing his logs, he says that the user agent is consistent across the board: "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)".
Is this another spam or quality check? We've yet to find out.
Forum discussion continues at WebmasterWorld.
Comments:
Michael Martinez
07/24/2008 07:33 pm
Microsoft uses different output forms for its search results. I suspect it's part of their testing and quality control processes, so that they can determine which data presentations work best for visitors. I would not be too concerned about the odd referrals. In fact, I'd even consider developing some content around those referrals to at least help people looking for something more relevant. They may remember a helpful site more than an irrelevant site.
CVOS man
07/25/2008 05:18 am
I have gotten this for over 6 months. Consistent queries1 word queries such as http:// search.live.com/results.aspx?q=templates&form=QBHP It is highly unlikely MSN is sending us real visitors.
izmir temizlik
07/25/2008 07:14 am
thank you...
Robzilla
07/25/2008 07:43 am
Well, they're definitely automated visits, not real visitors. Interestingly, they almost always follow shortly after MSNBot visits a particular page. A request is then made, coming from one of many IPs (all within the same range, even the same or a similar range as the MSNBot IP(s)), which grabs the HTML and external CSS file, if any, of that page, and then it stops. No images or scripts are requested, so this cannot be someone pulling up the site in a browser (even though the user-agent implies the contrary!). It's probably a quality check to unveil techniques like cloaking and hidden text. It seems they're only performing these on so-many keywords (all one-word, as far as I've seen).. probably the most popular, vulnerable or spammed search terms like "games," "computers," "cancer," etc. Like the MSN employee says, it's best not to block these requests, because you might risk getting thrown out of the index. As long as the form=QBHP variable appears in the referring URL, filtering them in your log analyzer shouldn't be a problem.
Michael Martinez
07/26/2008 08:04 am
We've been dealing with these form codes in our search services for over a year. I don't really have any data available that I can share to help shed light on the situation. I can only confirm that there has historically been more than one form code, and I have visually confirmed seeing these form codes in my own browser. People just don't seem to notice them.
halfdan
08/10/2008 04:34 pm
Hey, I just wrote a small tool able to analyse these automated queries. I noticed that the keyword might be the one with the highest rank in search queries. E.g. I got the keyword "google" for a automated visited page where this keyword occured. Google is definetely a top keyword and most likely the top keyword for the content on that page. You can find the script here: http://c0demonkey.com/blog/4/LiveSearch_Analysis Hope it's useful.