how to handle spoofed referers? - GoFuckYourself.com

msg · 11-07-2003, 12:09 PM

I have password hackers spoofing the refering url and getting past all my .htaccess files..

Any ideas what I can do to stop them??

Phoenix66 · 11-08-2003, 01:24 AM

You need more advanced protection. What is it you have there? Paysite or AVS?

You may need to use .htpasswd along with .htaccess to protect your whole member area (including images ans clips) with passwords (not forgetting to wipe those passwords that were stolen) or you may need to track the surfer session, if you can't use .htpasswd due to some compatibility reasons. Again it can be done in two ways - you can use server scripts, which require damn good knowledge of server side script programming or some money to buy a ready script, or you can make this using php, which also requires some knowledge. Basically, tracking user's session with PHP is not that hard, but you need to restrict all direct downloads and pass all content requests through some king of php hub. Wich is honestly not too complicated as well, but you gotta understand how to do this.

JDog · 11-08-2003, 01:26 AM

Is it for a plugin type thing? you could use a door/key solution or other's & cookie auth!

jDoG

11-07-2003, 12:09 PM	#1
msg Confirmed User Join Date: Mar 2002 Location: South Fl. Posts: 293	how to handle spoofed referers? I have password hackers spoofing the refering url and getting past all my .htaccess files.. Any ideas what I can do to stop them??

11-08-2003, 01:24 AM	#2
Phoenix66 Confirmed User Join Date: Oct 2002 Posts: 823	You need more advanced protection. What is it you have there? Paysite or AVS? You may need to use .htpasswd along with .htaccess to protect your whole member area (including images ans clips) with passwords (not forgetting to wipe those passwords that were stolen) or you may need to track the surfer session, if you can't use .htpasswd due to some compatibility reasons. Again it can be done in two ways - you can use server scripts, which require damn good knowledge of server side script programming or some money to buy a ready script, or you can make this using php, which also requires some knowledge. Basically, tracking user's session with PHP is not that hard, but you need to restrict all direct downloads and pass all content requests through some king of php hub. Wich is honestly not too complicated as well, but you gotta understand how to do this. __________________ Adult Niche Traffic Exchange

11-08-2003, 01:26 AM	#3
JDog Confirmed User Join Date: Feb 2003 Location: Canby, OR Posts: 7,453	Is it for a plugin type thing? you could use a door/key solution or other's & cookie auth! jDoG __________________ NSCash now powering ReelProfits.com ALSO FEATURING: NSCash.com :: SoloDollars.com :: ReelProfits.com :: BiminiBucks.com :: VOD PROGRAMS COMING SOON: Greedy Bucks :: Vengeance Cash NOW OFFERING OVER 60 SITES CONTACT :: JAMES SMITH :: CHIEF TECHNOLOGY OFFICER :: ICQ (711385133)