grahamstewart

My only problem was I didn’t want to pay for the server, bandwidth, and maintenance of the content, then supply it for free and on top of that have to edit my log so I could see % of referrals without scrolling the browser to the right. Once my little light bulb went on and I realized all I have to do is change the HTTP_REFERER before the log is written, by biggest problem went away in theory. But how much stuff can one do for free?

However, I do think that doing it that is really Jr. program-ish and I would have to wonder about other routines in the software.

I still think your shooting yourself in the foot just to make a statement. (or "Cutting off your nose to spite your face" as my mum used to say)

God knows it wouldn’t be the 1st time. (GRIN)

They may have only looked at an article this time, but presumably they read it so their awareness of your site has been raised. Next time they return they may be a customer.

They haven’t yet. I’ve seen this for about 2 years now I think.

I think the thought process was that the various privacy programs (e.g. AdSubtract) replace the referer string with space characters.

Maybe, but then that thought process would have been wrong... ;)

My log files show spaces in referers as spaces just fine. I would have to convert them to "+" myself if I wanted to see them that way. This means that our culprit really sends literal "+" characters.

The other thing is that it creates a very unique signature of "XXXX:+++....". It's extremely unlikely that several software packages would go and write this very peculiar leading "XXXX:" when modifying a referer string.

The only reasonable conclusion is that we're talking about exactly one program.

Just for the sake of completeness, here's the referer types that I see in my logs:

- "http://www.example.com/" (standard case)
- "news://www.example.com/" (usenet reference)
- "file://some/path/" (local file reference)
- "-" (no referer sent, either a crawler, a typed in URL, or filtered by a firewall)
- "" (empty referer sent by some broken crawler)
- "8" (an arbitrary number, sent by some broken crawler)
- "www.example.com/" (incorrect referer sent by some broken crawler)
- "/somewhere/on/my/site.html" (relative referer apparently sent by several IE versions or a broken crawler mascerading as such)
- "about:blank" (apparently caused by a bug in mozilla)
- "bookmarks" (sent by NS4 Mac)
- "Webster://Internal/StatusPage" (you know who)
- "[unknown origin]" (some firewall)
- "Field blocked by ... (http;//www.example.com/)" (another firewall)
- "Blocked by ... (www.example.com)" (yet another firewall)
- "XXXX:+++++++" (our culprit)

Thanks for the info bird.

Okay so its not that. It is in fact some stupid program using plus signs. And while I agree that this is a pretty bad practise I still don't think the users of this program should be punished for it. After all, if it is a privacy program, then the marketing speak probably just says it 'blocks secret information sent to websites by your browser'. It probably won't say exactly what is blocked or how.

jim_w: I sympathise that you robbed when someone reads your content with no intention to buy. But unless these people are actually causing you problems then I definitely think your second option, of changing the referer field yourself, is the best way to go.

I definitely think your second option, of changing the referer field yourself, is the best way to go.

Agree, it just took me a while to figure it out, and talking to ppl here helped me discover it.

I sympathise that you robbed when someone reads your content with no intention to buy

It’s not a case of taking content. As I said, it is a case of causing me additional work that I shouldn’t have to do. It’s an efficiency issue.

Unless someone can produce a program that does this type of referrer, I think it is a script kiddie program sniffing for some type of exploit.