Content Providers/Paysite Owners: Google is referring people into your members area - GoFuckYourself.com

notjoe · 02-09-2003, 07:13 AM

Dont believe me?

I found someone pushing my content this way and it blew my mind that google could refer users into any members area (based on mod_rewrite.

http://httpd.chello.nl/~m-koster2/google%20spoof.htm

check it out.. Im sure this technology isnt new as i remember a few programs using something simular in a program to get access to everyone's content.

lEricPl · 02-09-2003, 07:53 AM

Wow.

It worked.

goBigtime · 02-09-2003, 08:15 AM

Why anyone would base their security solely on the easily spoofable http_referer is beyond me. Actually I guess its because its easy to implement.... but still, its worthless when it comes to people/software like pornasaur etc.. and now google :P Crazy.

If your doing this and need some ideas (and have a little money to spend for a solution) ICQ me sometime and we can probably come up with something for you.

SR · 02-09-2003, 08:30 AM

Correct me if I'm wrong but isn't XXXMovieMart from Morpheus?
It's linked on the bottom of that page.

notjoe · 02-09-2003, 08:36 AM

Quote:

Originally posted by goBigtime
Why anyone would base their security solely on the easily spoofable http_referer is beyond me. Actually I guess its because its easy to implement.... but still, its worthless when it comes to people/software like pornasaur etc.. and now google :P Crazy.

If your doing this and need some ideas (and have a little money to spend for a solution) ICQ me sometime and we can probably come up with something for you.

It isnt too hard to filter it out with some work.. people just need to keep a closer eye on their shit ;)

Took me 2 lines of code to deal with this and now i get some more free traffic out of it ;)

goBigtime · 02-09-2003, 08:43 AM

Quote:

Originally posted by notjoe

It isnt too hard to filter it out with some work.. people just need to keep a closer eye on their shit ;)

Took me 2 lines of code to deal with this and now i get some more free traffic out of it ;)

Yap. Good work

So post the 2 lines of code and help everyone out

Libertine · 02-09-2003, 08:45 AM

Just about every avs site can be entered with little to no effort.

duroflex · 02-09-2003, 08:49 AM

Quote:

Originally posted by goBigtime

Yap. Good work

So post the 2 lines of code and help everyone out

I know I want it. Bring on the magic code! Were all waiting for it!

goBigtime · 02-09-2003, 08:54 AM

Here let me suggest a more permanent solution for content providers having this problem.... of course I'll try to work in something of our own (see post above)...

I guess the problem with content/stream providers is they cant (until now) really password protect their streams using mod_auth since having only a u/p would probably be more dangerous than just using the http_referer for protection.

I think this might be a better solution... use both!
Use passwords AND referrer based protection. The password would change daily/hourly or whatever you prefer, and the whole process of assigning new u/p sets for your clients would be automated & transparent to them.

This would put an end to services like pornasaur and anyone hacking in solely with http_referrers, at least when they are targetting your service.

We can code up a solution like this for you for the low low price of

one meeelion dollars.

Paypal Only Please.

notjoe · 02-09-2003, 09:01 AM

Quote:

Originally posted by goBigtime
Here let me suggest a more permanent solution for content providers having this problem.... of course I'll try to work in something of our own (see post above)...

I guess the problem with content/stream providers is they cant (until now) really password protect their streams using mod_auth since having only a u/p would probably be more dangerous than just using the http_referer for protection.

I think this might be a better solution... use both!
Use passwords AND referrer based protection. The password would change daily/hourly or whatever you prefer, and the whole process of assigning new u/p sets for your clients would be automated & transparent to them.

This would put an end to services like pornasaur and anyone hacking in solely with http_referrers, at least when they are targetting your service.

e can code up a solution like this for you for the low low price of

one meeelion dollars.

Paypal Only Please.

something like this already exists, mod_ticket, however the problem becomes forcing your clients to use it. You could come up with something pretty easy is all your clients have php installed, but what if they dont.

goBigtime · 02-09-2003, 09:05 AM

Quote:

Originally posted by notjoe

something like this already exists, mod_ticket, however the problem becomes forcing your clients to use it. You could come up with something pretty easy is all your clients have php installed, but what if they dont.

They don't need php installed. But yeah, you would need to force your clients to use new link urls for your content, thats about it.

Its probably not a big deal to your clients when you tell them that this is a major upgrade thast will prevent them from having their feeds accidentally disabled (pornholio style) or getting charged for excessive bandwidth usage on their account due to referrer based hacking.

Anyway our solution would be pretty user friendly.. just link codes ;)

02-09-2003, 07:13 AM	#1
notjoe Confirmed User Industry Role: Join Date: May 2002 Location: Toronto, Canada Posts: 5,599	Content Providers/Paysite Owners: Google is referring people into your members area Dont believe me? I found someone pushing my content this way and it blew my mind that google could refer users into any members area (based on mod_rewrite. http://httpd.chello.nl/~m-koster2/google%20spoof.htm check it out.. Im sure this technology isnt new as i remember a few programs using something simular in a program to get access to everyone's content.

02-09-2003, 08:15 AM	#3
goBigtime Confirmed User Join Date: Nov 2002 Posts: 7,761	Why anyone would base their security solely on the easily spoofable http_referer is beyond me. Actually I guess its because its easy to implement.... but still, its worthless when it comes to people/software like pornasaur etc.. and now google :P Crazy. If your doing this and need some ideas (and have a little money to spend for a solution) ICQ me sometime and we can probably come up with something for you. Last edited by goBigtime; 02-09-2003 at 08:31 AM..

02-09-2003, 08:45 AM	#7
Libertine sex dwarf Join Date: May 2002 Posts: 17,860	Just about every avs site can be entered with little to no effort. __________________ /(bb\|[^b]{2})/

02-09-2003, 08:54 AM	#9
goBigtime Confirmed User Join Date: Nov 2002 Posts: 7,761	Here let me suggest a more permanent solution for content providers having this problem.... of course I'll try to work in something of our own (see post above)... I guess the problem with content/stream providers is they cant (until now) really password protect their streams using mod_auth since having only a u/p would probably be more dangerous than just using the http_referer for protection. I think this might be a better solution... use both! Use passwords AND referrer based protection. The password would change daily/hourly or whatever you prefer, and the whole process of assigning new u/p sets for your clients would be automated & transparent to them. This would put an end to services like pornasaur and anyone hacking in solely with http_referrers, at least when they are targetting your service. We can code up a solution like this for you for the low low price of one meeelion dollars. Paypal Only Please. Last edited by goBigtime; 02-09-2003 at 08:57 AM..

02-09-2003, 07:53 AM	#2
lEricPl Confirmed User Join Date: Dec 2002 Location: FL Posts: 1,062	Wow. It worked.

02-09-2003, 08:30 AM	#4
SR Confirmed User Join Date: Jul 2001 Location: The Netherlands Posts: 2,239	Correct me if I'm wrong but isn't XXXMovieMart from Morpheus? It's linked on the bottom of that page.