paysite owners how do u prevent http_refferer spoofing

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • robfantasy
    Confirmed User
    • Jun 2002
    • 6445

    #1

    paysite owners how do u prevent http_refferer spoofing

    and is this a problem, discuss
    Looking to speak w/ high volume nutra CPA affiliates or networks... msg me
  • Namzo
    Registered User
    • Jun 2004
    • 83

    #2
    There was an interesting discussion on this when referral spam started hitting blogs in January and the general consensus at that time seemed to be to block known offenders with a blacklist or else something to red flag a http request of zero kb if that makes sense.

    Comment

    • robfantasy
      Confirmed User
      • Jun 2002
      • 6445

      #3
      im talking about knowing the exact URL to a plugin and spoofing a paying websites domain
      Looking to speak w/ high volume nutra CPA affiliates or networks... msg me

      Comment

      • bhutocracy
        Not making A Comeback
        • Dec 2001
        • 10218

        #4
        It is a massive problem.
        You need a coded solution that changes the refs every hour automatically across the board.

        Comment

        • notjoe
          Confirmed User
          • May 2002
          • 5599

          #5
          Originally posted by robfantasy
          and is this a problem, discuss
          Cookie/Token based system for passing off the surfer from server to server

          Comment

          • Namzo
            Registered User
            • Jun 2004
            • 83

            #6
            Originally posted by robfantasy
            im talking about knowing the exact URL to a plugin and spoofing a paying websites domain
            gotcha, please ignore my irrelevent post

            Comment

            • robfantasy
              Confirmed User
              • Jun 2002
              • 6445

              #7
              cool im having a secure version built as we speak
              Looking to speak w/ high volume nutra CPA affiliates or networks... msg me

              Comment

              • Trax
                [----------------------]
                • Aug 2001
                • 14486

                #8
                interesting thread
                there should be an easily available option

                you can for example access every topbucks site spoofing /bonuscontent/ at the end of the/ members/ domain

                That has been shared by surfers and leechers for months now.

                Comment

                • Robertf
                  Confirmed User
                  • Feb 2004
                  • 392

                  #9
                  Have unique content, no need for plugins
                  ....

                  Comment

                  • Volantt
                    Confirmed User
                    • Nov 2003
                    • 745

                    #10
                    I have coded plug-in security for companies. And the only true way to secure a site and track bandwidth is a custom built apache module or zeus api..

                    Hit me up in ICQ, I might be able to point you in the right direction..
                    "Only the dead have seen the end of war." - Plato
                    "In the abscence of orders, go find something and kill it." - Erwin Rommel
                    "A man's worth is no greater then the worth of his ambitions." - Marcus Aurelius

                    Comment

                    • skillfull
                      Confirmed User
                      • Apr 2003
                      • 4716

                      #11
                      <?php
                      $USERIP = getenv("REMOTE_ADDR");

                      if (!strchr($USERIP, "Your IP Here")) {
                      echo "<hahahahahahahahaalert('Sorry, you are not allowed access');window.location='localhost/plugin/sorry.php';</hahahahahahahaha";
                      exit();
                      }
                      ?>
                      mind at underdark dot cc
                      SEO Analyst
                      Thunder-Ball.net - Member

                      Comment

                      • notjoe
                        Confirmed User
                        • May 2002
                        • 5599

                        #12
                        Originally posted by Volantt
                        I have coded plug-in security for companies. And the only true way to secure a site and track bandwidth is a custom built apache module or zeus api..

                        Hit me up in ICQ, I might be able to point you in the right direction..
                        Nice load of shit. There are MANY ways to secure sites without modules being created.

                        Comment

                        • Project-Shadow
                          Confirmed User
                          • Feb 2003
                          • 7340

                          #13
                          I'd say .htaccess but thats not really feasible when talking about plug-ins.

                          Having a unique key generated each time the refferal page is loaded is something I have yet to try.

                          E.g.

                          Visitor 1 -> your site -> plug-in gateway [unique key generated AOS*ndaod82noand2] -> Sent to plug-in

                          I'm not quite sure how this would work server side, because kron jobs every few seconds would put a bit of a strain on the server.

                          Comment

                          Working...