paysite owners how do u prevent http_refferer spoofing
 

and is this a problem, discuss

There was an interesting discussion on this when referral spam started hitting blogs in January and the general consensus at that time seemed to be to block known offenders with a blacklist or else something to red flag a http request of zero kb if that makes sense.

im talking about knowing the exact URL to a plugin and spoofing a paying websites domain

It is a massive problem.
You need a coded solution that changes the refs every hour automatically across the board.

Cookie/Token based system for passing off the surfer from server to server

gotcha, please ignore my irrelevent post :glugglug

cool im having a secure version built as we speak

interesting thread
there should be an easily available option

you can for example access every topbucks site spoofing /bonuscontent/ at the end of the/ members/ domain

That has been shared by surfers and leechers for months now.

Have unique content, no need for plugins :Graucho

I have coded plug-in security for companies. And the only true way to secure a site and track bandwidth is a custom built apache module or zeus api..

Hit me up in ICQ, I might be able to point you in the right direction..

<?php
$USERIP = getenv("REMOTE_ADDR");

if (!strchr($USERIP, "Your IP Here")) {
echo "<hahahahahahahahaalert('Sorry, you are not allowed access');window.location='localhost/plugin/sorry.php';</hahahahahahahaha";
exit();
}
?>

Nice load of shit. There are MANY ways to secure sites without modules being created.

I'd say .htaccess but thats not really feasible when talking about plug-ins.

Having a unique key generated each time the refferal page is loaded is something I have yet to try.

E.g.

Visitor 1 -> your site -> plug-in gateway [unique key generated AOS*ndaod82noand2] -> Sent to plug-in

I'm not quite sure how this would work server side, because kron jobs every few seconds would put a bit of a strain on the server.