My encounter with a Liberty Reserve Ponzi scheme

My encounter with a Liberty Reserve Ponzi scheme
I keep track of web sites that link to my site. Some months ago I noticed many Russian sites in my referrer logs, in fact so many sites that they overwhelmed normal traffic. I soon discovered "referrer spam" which is spurious traffic created by promoters, commonly in the Ukraine, to improve Google rankings of clients based on the principle that many sites publish their referrer logs. I quickly learned the pattern used by most of these promoters and excluded them from my site. However I was unable to eliminate one spurious referrer suggesting that it used a more complex strategy. I excluded the IP number of this site which didn't help.

This site was a so-called "high yield investment program"


The site claimed "HYIP Liberty Reserve is bank established by Gibraltar offshore company and uniting the talented financial professionals who have long been operating in best investment markets worldwide." Many aspects of the site were highly professional, while others were naive. For example the language was not that of a native English speaker and there was no page enumerating bank officers. The interest rates suggest a Ponzi scheme where early investors are paid by later investments. The scheme ultimately collapses when later investors no longer accrue fast enough to pay earlier investors. The internet confirms that high yield investment programs are Ponzi schemes, but note that promoters diligently attempt to obscure the fact.

I can only surmise how the site in question worked. Based on the number of similar sites I presume it was a package purchased by the domain owner, likely from Liberty Reserve Bank. I presume the package inserts the domain name on many web sites controlled by the developer as well as software to accumulate referrers by other techniques including inserting the domain name into web logs through proxy sites. Publicity was extremely effective. Highhyip.com has over 400,000 Google hits and rose rapidly in Alexa ranking:


Payments were made through Liberty Reserve Bank of Costa Rica which is noted for the difficulty of tracing its transactions. A common feature of these sites is that they don't refund the initial investment. I presume this is (part of?) the profit.

I set out to eliminate the site which was an obvious fraud. I e-mailed the web host, Steadfast Networks, which suspended the site. The site quickly migrated to another host, an eleven2 reseller. I was unable to contact the reseller, but eleven2 cooperated in suspending the site. I also set about trying to get the domain name suspended. The domain has a history:


It is registered through Yahoo, which is a reseller for Melbourneit. Here I was less successful. Melbourneit refered me to Yahoo which I contacted 4 times. Each time it said it would look into the matter (canned response) but did nothing.

There are two serious problems in dealing with fraudulent domains. Firstly domain name sellers and resellers have inadequate fraud control policies. Secondly Google permits fraudulent sites to rise rapidly in internet ranking.