Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 06-21-2004, 03:50 PM   #1
robfantasy
Confirmed User
 
robfantasy's Avatar
 
Industry Role:
Join Date: Jun 2002
Location: Medellin, Colombia
Posts: 6,445
paysite owners how do u prevent http_refferer spoofing

and is this a problem, discuss
__________________
Looking to speak w/ high volume nutra CPA affiliates or networks... msg me
robfantasy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-21-2004, 03:58 PM   #2
Namzo
Registered User
 
Join Date: Jun 2004
Location: Vegas baby
Posts: 83
There was an interesting discussion on this when referral spam started hitting blogs in January and the general consensus at that time seemed to be to block known offenders with a blacklist or else something to red flag a http request of zero kb if that makes sense.
Namzo is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-21-2004, 04:19 PM   #3
robfantasy
Confirmed User
 
robfantasy's Avatar
 
Industry Role:
Join Date: Jun 2002
Location: Medellin, Colombia
Posts: 6,445
im talking about knowing the exact URL to a plugin and spoofing a paying websites domain
__________________
Looking to speak w/ high volume nutra CPA affiliates or networks... msg me
robfantasy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-21-2004, 04:23 PM   #4
bhutocracy
Not making A Comeback
 
Industry Role:
Join Date: Dec 2001
Posts: 10,218
It is a massive problem.
You need a coded solution that changes the refs every hour automatically across the board.
bhutocracy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-21-2004, 04:25 PM   #5
notjoe
Confirmed User
 
Industry Role:
Join Date: May 2002
Location: Toronto, Canada
Posts: 5,599
Quote:
Originally posted by robfantasy
and is this a problem, discuss
Cookie/Token based system for passing off the surfer from server to server
notjoe is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-21-2004, 04:28 PM   #6
Namzo
Registered User
 
Join Date: Jun 2004
Location: Vegas baby
Posts: 83
Quote:
Originally posted by robfantasy
im talking about knowing the exact URL to a plugin and spoofing a paying websites domain
gotcha, please ignore my irrelevent post
Namzo is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-21-2004, 04:28 PM   #7
robfantasy
Confirmed User
 
robfantasy's Avatar
 
Industry Role:
Join Date: Jun 2002
Location: Medellin, Colombia
Posts: 6,445
cool im having a secure version built as we speak
__________________
Looking to speak w/ high volume nutra CPA affiliates or networks... msg me
robfantasy is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-21-2004, 11:38 PM   #8
Trax
[----------------------]
 
Join Date: Aug 2001
Posts: 14,486
interesting thread
there should be an easily available option

you can for example access every topbucks site spoofing /bonuscontent/ at the end of the/ members/ domain

That has been shared by surfers and leechers for months now.
Trax is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-21-2004, 11:44 PM   #9
Robertf
Confirmed User
 
Join Date: Feb 2004
Posts: 392
Have unique content, no need for plugins
Robertf is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-21-2004, 11:46 PM   #10
Volantt
Confirmed User
 
Join Date: Nov 2003
Location: Penguin vs Devil
Posts: 745
I have coded plug-in security for companies. And the only true way to secure a site and track bandwidth is a custom built apache module or zeus api..

Hit me up in ICQ, I might be able to point you in the right direction..
__________________
"Only the dead have seen the end of war." - Plato
"In the abscence of orders, go find something and kill it." - Erwin Rommel
"A man's worth is no greater then the worth of his ambitions." - Marcus Aurelius
Volantt is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-22-2004, 12:58 AM   #11
skillfull
Confirmed User
 
skillfull's Avatar
 
Industry Role:
Join Date: Apr 2003
Location: Quebec Calisse
Posts: 4,716
<?php
$USERIP = getenv("REMOTE_ADDR");

if (!strchr($USERIP, "Your IP Here")) {
echo "<hahahahahahahahaalert('Sorry, you are not allowed access');window.location='localhost/plugin/sorry.php';</hahahahahahahaha";
exit();
}
?>
__________________
mind at underdark dot cc
SEO Analyst
Thunder-Ball.net - Member
skillfull is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-22-2004, 06:25 AM   #12
notjoe
Confirmed User
 
Industry Role:
Join Date: May 2002
Location: Toronto, Canada
Posts: 5,599
Quote:
Originally posted by Volantt
I have coded plug-in security for companies. And the only true way to secure a site and track bandwidth is a custom built apache module or zeus api..

Hit me up in ICQ, I might be able to point you in the right direction..
Nice load of shit. There are MANY ways to secure sites without modules being created.
notjoe is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 06-22-2004, 06:30 AM   #13
Project-Shadow
Confirmed User
 
Industry Role:
Join Date: Feb 2003
Posts: 7,340
I'd say .htaccess but thats not really feasible when talking about plug-ins.

Having a unique key generated each time the refferal page is loaded is something I have yet to try.

E.g.

Visitor 1 -> your site -> plug-in gateway [unique key generated AOS*ndaod82noand2] -> Sent to plug-in

I'm not quite sure how this would work server side, because kron jobs every few seconds would put a bit of a strain on the server.
Project-Shadow is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.