paysite owners how do u prevent http_refferer spoofing - GoFuckYourself.com

robfantasy · 06-21-2004, 03:50 PM

and is this a problem, discuss

Namzo · 06-21-2004, 03:58 PM

There was an interesting discussion on this when referral spam started hitting blogs in January and the general consensus at that time seemed to be to block known offenders with a blacklist or else something to red flag a http request of zero kb if that makes sense.

robfantasy · 06-21-2004, 04:19 PM

im talking about knowing the exact URL to a plugin and spoofing a paying websites domain

bhutocracy · 06-21-2004, 04:23 PM

It is a massive problem.
You need a coded solution that changes the refs every hour automatically across the board.

notjoe · 06-21-2004, 04:25 PM

Quote:

Originally posted by robfantasy
and is this a problem, discuss

Cookie/Token based system for passing off the surfer from server to server

Namzo · 06-21-2004, 04:28 PM

Quote:

Originally posted by robfantasy
im talking about knowing the exact URL to a plugin and spoofing a paying websites domain

gotcha, please ignore my irrelevent post

robfantasy · 06-21-2004, 04:28 PM

cool im having a secure version built as we speak

Trax · 06-21-2004, 11:38 PM

interesting thread
there should be an easily available option

you can for example access every topbucks site spoofing /bonuscontent/ at the end of the/ members/ domain

That has been shared by surfers and leechers for months now.

Robertf · 06-21-2004, 11:44 PM

Have unique content, no need for plugins

Volantt · 06-21-2004, 11:46 PM

I have coded plug-in security for companies. And the only true way to secure a site and track bandwidth is a custom built apache module or zeus api..

Hit me up in ICQ, I might be able to point you in the right direction..

skillfull · 06-22-2004, 12:58 AM

<?php
$USERIP = getenv("REMOTE_ADDR");

if (!strchr($USERIP, "Your IP Here")) {
echo "<hahahahahahahahaalert('Sorry, you are not allowed access');window.location='localhost/plugin/sorry.php';</hahahahahahahaha";
exit();
}
?>

notjoe · 06-22-2004, 06:25 AM

Quote:

Originally posted by Volantt
I have coded plug-in security for companies. And the only true way to secure a site and track bandwidth is a custom built apache module or zeus api..

Hit me up in ICQ, I might be able to point you in the right direction..

Nice load of shit. There are MANY ways to secure sites without modules being created.

Project-Shadow · 06-22-2004, 06:30 AM

I'd say .htaccess but thats not really feasible when talking about plug-ins.

Having a unique key generated each time the refferal page is loaded is something I have yet to try.

E.g.

Visitor 1 -> your site -> plug-in gateway [unique key generated AOS*ndaod82noand2] -> Sent to plug-in

I'm not quite sure how this would work server side, because kron jobs every few seconds would put a bit of a strain on the server.

06-21-2004, 03:50 PM	#1
robfantasy Confirmed User Industry Role: Join Date: Jun 2002 Location: Medellin, Colombia Posts: 6,445	paysite owners how do u prevent http_refferer spoofing and is this a problem, discuss __________________ Looking to speak w/ high volume nutra CPA affiliates or networks... msg me

06-21-2004, 04:19 PM	#3
robfantasy Confirmed User Industry Role: Join Date: Jun 2002 Location: Medellin, Colombia Posts: 6,445	im talking about knowing the exact URL to a plugin and spoofing a paying websites domain __________________ Looking to speak w/ high volume nutra CPA affiliates or networks... msg me

06-21-2004, 04:28 PM	#7
robfantasy Confirmed User Industry Role: Join Date: Jun 2002 Location: Medellin, Colombia Posts: 6,445	cool im having a secure version built as we speak __________________ Looking to speak w/ high volume nutra CPA affiliates or networks... msg me

06-21-2004, 11:46 PM	#10
Volantt Confirmed User Join Date: Nov 2003 Location: Penguin vs Devil Posts: 745	I have coded plug-in security for companies. And the only true way to secure a site and track bandwidth is a custom built apache module or zeus api.. Hit me up in ICQ, I might be able to point you in the right direction.. __________________ "Only the dead have seen the end of war." - Plato "In the abscence of orders, go find something and kill it." - Erwin Rommel "A man's worth is no greater then the worth of his ambitions." - Marcus Aurelius

06-22-2004, 12:58 AM	#11
skillfull Confirmed User Industry Role: Join Date: Apr 2003 Location: Quebec Calisse Posts: 4,716	<?php $USERIP = getenv("REMOTE_ADDR"); if (!strchr($USERIP, "Your IP Here")) { echo "<hahahahahahahahaalert('Sorry, you are not allowed access');window.location='localhost/plugin/sorry.php';</hahahahahahahaha"; exit(); } ?> __________________ mind at underdark dot cc SEO Analyst Thunder-Ball.net - Member

06-21-2004, 03:58 PM	#2
Namzo Registered User Join Date: Jun 2004 Location: Vegas baby Posts: 83	There was an interesting discussion on this when referral spam started hitting blogs in January and the general consensus at that time seemed to be to block known offenders with a blacklist or else something to red flag a http request of zero kb if that makes sense.

06-21-2004, 04:23 PM	#4
bhutocracy Not making A Comeback Industry Role: Join Date: Dec 2001 Posts: 10,218	It is a massive problem. You need a coded solution that changes the refs every hour automatically across the board.

06-21-2004, 11:38 PM	#8
Trax [----------------------] Join Date: Aug 2001 Posts: 14,486	interesting thread there should be an easily available option you can for example access every topbucks site spoofing /bonuscontent/ at the end of the/ members/ domain That has been shared by surfers and leechers for months now.

06-21-2004, 11:44 PM	#9
Robertf Confirmed User Join Date: Feb 2004 Posts: 392	Have unique content, no need for plugins

06-22-2004, 06:30 AM	#13
Project-Shadow Confirmed User Industry Role: Join Date: Feb 2003 Posts: 7,340	I'd say .htaccess but thats not really feasible when talking about plug-ins. Having a unique key generated each time the refferal page is loaded is something I have yet to try. E.g. Visitor 1 -> your site -> plug-in gateway [unique key generated AOS*ndaod82noand2] -> Sent to plug-in I'm not quite sure how this would work server side, because kron jobs every few seconds would put a bit of a strain on the server.