Re: [tlug] detect fake HTTP referrer

["Nguyen Vu Hung" <vuhung16plus@example.com>]

2008/1/16, Attila Kinali <attila@example.com>:
> > "http://aoclife.ddo.jp/aoc/recs/";
> >
> > got no referrers !
>
> That does not mean anything. Referers are optional and need
> not to be set.
>
Yes, some hosting sites block "hot linking", or "hot download", that
means, you have to visit that site and click a link to download. We
can also do this with mod_rewrite ,while this can be bypassed if you
set Referer [1] which is easily done with Perl, PHP or wget.

> > Total traffic of TheLegionClan_AoC_Pack1_1582_Games.zip is 7.7TB.
>
> Wow! In what timeframe did you reach those 7TB?
In 2.5 months.

>
> > I think that some website has put a link to that file, set referrer to
> >
> > "http://aoclife.ddo.jp/aoc/recs/";
> >
> > so that the request looks "normal". They are stealing my traffic.
>
> I'm not an expert in HTTP, but i doubt that this is possible.
> Referers are a client side thing and just some info for the
> server where they are comming from.
No.

For example, aocgroup.com.ar[2] with my permission, create a list that
includes links to *all* for files under /aoc/recs. If you don't set
Referer, we will not able to know where the traffic comes from. That's
why we call it "traffic stealing".

> over hours, all comming from  a couple of IPs from
> the same subrange. It usualy ends with me setting an
> iptables rule to block that region completely.
> Yes, i know it's mean and it's not a real solution,
> but i don't really have the time and the motivation
> to find ways how to specificaly filter out misbehaving people.

I can't do that - in fact it is impossible -  because my site serves world-wide.


[1] http://en.wikipedia.org/wiki/Deep_linking
[2] http://www.aocgroup.com.ar/main.php?go=aoclife

-- 
Best Regards,
Nguyen Hung Vu ( Nguyễn Vũ Hưng )
vuhung16plus{remove}@example.com
An inquisitive look at Harajuku
http://www.flickr.com/photos/vuhung/sets/72157600109218238/