Content Providers/Paysite Owners: Google is referring people into your members area
 

Dont believe me?

I found someone pushing my content this way and it blew my mind that google could refer users into any members area (based on mod_rewrite.



http://httpd.chello.nl/~m-koster2/google%20spoof.htm

check it out.. Im sure this technology isnt new as i remember a few programs using something simular in a program to get access to everyone's content.

Wow.

It worked.

:eek7 Why anyone would base their security solely on the easily spoofable http_referer is beyond me. Actually I guess its because its easy to implement.... but still, its worthless when it comes to people/software like pornasaur etc.. and now google :P Crazy.


If your doing this and need some ideas (and have a little money to spend for a solution) ICQ me sometime and we can probably come up with something for you.

Correct me if I'm wrong but isn't XXXMovieMart from Morpheus?
It's linked on the bottom of that page.

It isnt too hard to filter it out with some work.. people just need to keep a closer eye on their shit ;)

Took me 2 lines of code to deal with this and now i get some more free traffic out of it ;)

Yap. Good work :thumbsup

So post the 2 lines of code and help everyone out :winkwink:


http://www.yaf.org/publications/Posters/Capitalism.jpg


:)

Just about every avs site can be entered with little to no effort.

I know I want it. Bring on the magic code! Were all waiting for it!

Here let me suggest a more permanent solution for content providers having this problem.... of course I'll try to work in something of our own (see post above)...

I guess the problem with content/stream providers is they cant (until now) really password protect their streams using mod_auth since having only a u/p would probably be more dangerous than just using the http_referer for protection.

I think this might be a better solution... use both!
Use passwords AND referrer based protection. The password would change daily/hourly or whatever you prefer, and the whole process of assigning new u/p sets for your clients would be automated & transparent to them.

This would put an end to services like pornasaur and anyone hacking in solely with http_referrers, at least when they are targetting your service.


We can code up a solution like this for you for the low low price of

http://images.worth1000.com/hosted/p...6UN-drevil.jpg

one meeelion dollars.


Paypal Only Please.

something like this already exists, mod_ticket, however the problem becomes forcing your clients to use it. You could come up with something pretty easy is all your clients have php installed, but what if they dont.

They don't need php installed. But yeah, you would need to force your clients to use new link urls for your content, thats about it.

Its probably not a big deal to your clients when you tell them that this is a major upgrade thast will prevent them from having their feeds accidentally disabled (pornholio style) or getting charged for excessive bandwidth usage on their account due to referrer based hacking.

Anyway our solution would be pretty user friendly.. just link codes ;)