I downloaded the log file from the web server, and found many strange entries. Why is a statistics script called so terribly often? What do all the junk referrers do there? Looks like some mis-configuration of the Plesk software for managing IIS. Literally hundreds of times a day, http://cydas.org/plesk-stat/webstat/AWStats/cgi-bin/awstats.pl?framename=mainright&output=refererpages is called. This apge shows the referrer statistics for the web site - virtually none of them is related to Cytogenetics (that's what the web site is about). Most of them are dubious domains.
The statistics page does not show query parameters, as they are required for a good link to YouTube. But the logs show many referrals from YouTube (most of them say: "This video is no longer available because the YouTube account associated with this video has been terminated.", but one is still available and bears the title "Generateur de Code PaySafeCard - Gratuit Code PaySafeCard" - criminal content, I guess).
With a Google search (for "plesk awstats.pl framename=mainright output=refererpages"), I found some more web sites which are such infected, and fake "user profiles" or guest book entries which link to the statistics page.
What are your experiences with such a strange thing, how does this kind of hack work, and more important: how to prevent it?
[Edit 28 Feb 2014]The awstats.pl script provided a page with links - and everyone could add his favorite into this list: just send a GET request to any page of my site with a forged referer (any library for sending http requests allows for setting any referer), and it will then show up on the script page.
Why would you want to do so?
It is believed that you get a better rank with search engines when your site is linked from many other sites. And in fact, several "referers" contained "seo" (like Search Engine Optimization) in their domain/subdomain or page name. And many other sites were likely added by such SEO bastards.
Actually, back in 2010 a Russian web pharmacy was the first to massively use my site for that purpose.
But there is another group: they show "cheats" for games, provide links to cracked games, or even more criminal key generators. I guess they simply try to obfuscate their origin - my page is linked from somewhere, from here you get to a youtube video explaining their hack and showing a link to the next page to get the desired product.
Likely other uses are possible, but that's the idea I've come up with. Since I could not find any further information on the web regarding this type of hack / website misuse, I want to share this experience here, and ask other people for their ideas about this.[/Edit]
