buttons-for-website.com

What is https://sharebutton.net/? This website doesn’t seem to be malicious ??

i think any webmaster should be aware of the potential danger of this bogus site. the main issue discussed in this post is how to block the crawler, which is absolutely ok. neither does the referral spam issue mean a concrete threat.

imho the danger is in the fact that a webmaster might be tempted to paste the offered code snippet into his site.

<script>
document.write('<script src="//sharebutton.net/plugin/sharebutton.php?type=vertical&u=' + encodeURIComponent(document.location.href) + '"></scr' + 'ipt>');
</script>

the snippet doesn’t do anything else but pointing to a code on src=”//sharebutton.net/plugin inserting share buttons, as shown on sharebutton.net, yet.

but hence the actual code is located on a distant server, it would be easy to replace it with another code – and this new code certainly would do something else but just showing nicely coloured share buttons. regarding the fact that the domain owner is disguising his identity via a who is service, to me it looks like an attempt to preparing a bot net or similar…

although german you might want to have a look at an article of mine trying to point out the backgrounds of sharebutton.net or buttons-for-website.com – i’m sure you’ll get the point!

https://www.website-go.com/artikel/block-buttons-for-website.php

from (old) europe merry christmas to all of you!

So like everyone else I spotted this referrer on my stats and came to this page in search of answers.

So this is the way I see it

The site knows that it is webmasters and developers viewing the stats

The buttons are very nice, easy to attach to any site and are tempting to use. . . but

Whilst they are not going to do damage today and they work as expected the issue is we know nothing of the owner of the site or of the domain, we don’t know the intentions are of the owner. The domain does not show the registrant details. The site has no terms of use, no contact details.

We also know the domain is for sale

So my advice is not to use the service because once the script gets a decent amount of installs on web sites the script can be changed to; lets say throw a pop up to a visitor, add invisible back links to sites or even redirect users to other sites.

So Users Beware

By the way, I forgot to tell you but you can use this code in htaccess:

SetEnvIfNoCase Referer buttons-for-website.com spambot=yes
Order allow,deny
Allow from all
Deny from env=spambot

It works! I looked at my logs and buttons-for-websites is now blocked. Can’t access my blog anymore. You can do the same for Darodar and Semalt. It works as well.

Source: https://www.sudorank.com/guide-how-to-block-buttons-for-website-com-referral-spam/

I also had some referrals and installed the sharebuttons briefly on a spare test site.
I am no expert but if you look at the site source code there is a line like this:
return ‘https://sharebutton.net/plugin/go.php
which somehow seems to redirect to 5 or 6 other sites when you click on the ShareButtons.
I have MOZ Tool bar on my browser and it shows in and outgoing links. When I clicked on the outgoing links on my test site with those sharebuttons installed i can see 5 outgoing links to casino and pharmacy type sites where where not there before so I think somehow this is connected to the sharebuttons Maybe they can do it so that if you click on the share button it DOES share on FB etc but at the same time it also generated traffic to those other sites?

Sadly, SHAREBUTTON.NET aka (Buttons-For-Website.com) is putting largely invisible links on your pages. I only see them briefly appear on the left side – only when scrolling up or down – Seems to be to gambling and casino type sites. Lord knows what else the javascript might be doing when someone, say, shares content and aren’t logged-in and prompted to connect…

It’s unfortunate cuz I’d like a SIMPLE floating sharing button to the top sites that matter like sharebutton does – without having to go through the convolutions and configurations and limitations of free vs paid buttons like more trustworthy services such as AddThis or ShareThis.

Is there some other trustworthy, free snippet of button code to post to Twitter, FaceBook, G+ without having to use more complex or paid button services?

Hi — Like many of us on this thread, I don’t use this plug-in, but got referral traffic from buttons-for-website.com, and this seems to be the definitive thread for this issue.

I just recently launched my site, and since watching the stats I’ve been getting exactly 1 referral from buttons-for-website.com, accociated with a page view from Brazil, every day.

At taghaboy’s suggestion, I activated Semalt Blocker (btw when you install it, it becomes “Semalt Redirect Manager” for some reason), and poof, no more daily referrals from buttons-for-website.com.

I’m a n00b, and this just seemed like the easiest thing to try. This works by re-directing.

But how is this strategy different from puda’s htaccess fix? I guess, problem solved, so no need to over-think, but would it be better to do puda’s fix?

Thanks much!

@davidsortof, you’re right. Problem solved. The difference between htaccess and plugin is just the method each uses to achieve the same goal.

Technically, htaccess is probably the better solution, as it happens server-level before any files are sent from server to client. The plugin uses PHP-based redirects to whisk away any referred traffic.

But, since they both have the same effect and the plugin is easier for you to set up, I’d say you’re done. Mission accomplished. Hope that helps!

thank you all for sharing the valuable info.

Regarding spam referral, thank you for sharing the htaccess code ??

Regarding the script: I am also a “victim” and have learnt a valuable lesson about pasting things quickly onto my website :/

In the best case scenario the script redirects to other sites when sharing and that is taken care of by removing the script. In the worst case scenario, the script may entrench itself and cause further problems even when the script is removed? Could this be possible? What can of “checks” should one perform?

Oh, and macgizmoguy, I found AddToAny just as easy and seamless, has WP integration and doesn’t make me nervous ??

@muttybay it is sufficient to remove the script from your webspace.

@tj Kelly, thanks much!

Unfortunately, a couple of days later, the buttons-for-website.com referrals continued. Weird that they stopped right away after installing the plug-in, but then returned. Makes me think htaccess is the way to go. No idea how to do that, but I’ll ask my hosting service.

@puda, @tj Kelly, & All —

My htaccess file has this inside it:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Where do I put puda’s fix? Right between
RewriteRule . /index.php [L]
and
</IfModule>?

Or, at the very top, before
# BEGIN WordPress
?

Ok I learned it’s either before or after the WordPress block. Thanks all!

Code:

# block referer spam
RewriteEngine On
RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com
RewriteRule ^.* - [F,L]

I recommend placing that code BEFORE the # BEGIN WordPress line.

More info here: https://mikepricetw.com/buttons-for-website/

Thanks TJ Kelly, that’s where I put it. But following @puda, I used this, which seems to be working for me, too:

SetEnvIfNoCase Referer buttons-for-website.com spambot=yes
Order allow,deny
Allow from all
Deny from env=spambot

Are these two different ways of accomplishing the same thing? Or are there any differences we should be aware of?