Welcome to WebmasterWorld Guest from 18.204.227.250

Forum Moderators: phranque

Message Too Old, No Replies

Get Rid Of The Turkeys Who Use

XXX:+++++++++++ As A REFERER?

     
4:02 am on May 2, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 19, 2003
posts:695
votes: 0


I searched here, but I couldnít find anything on this.

Can I do something likeÖ

RewriteCond %{HTTP_REFERER} XXX:+++++++* [OR]

To get rid of those turkeys who useÖ

XXX:+++++++++++, etc.

And are now using

XXXX:+++++++++++, etc.

They are really screwing up my charts in my backup log.

I mean come on, XXXX:+++++++++++ is more than sufficient

2:39 pm on May 3, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 19, 2003
posts:695
votes: 0


grahamstewart

My only problem was I didnít want to pay for the server, bandwidth, and maintenance of the content, then supply it for free and on top of that have to edit my log so I could see % of referrals without scrolling the browser to the right. Once my little light bulb went on and I realized all I have to do is change the HTTP_REFERER before the log is written, by biggest problem went away in theory. But how much stuff can one do for free?

However, I do think that doing it that is really Jr. program-ish and I would have to wonder about other routines in the software.

I still think your shooting yourself in the foot just to make a statement. (or "Cutting off your nose to spite your face" as my mum used to say)

God knows it wouldnít be the 1st time. (GRIN)

They may have only looked at an article this time, but presumably they read it so their awareness of your site has been raised. Next time they return they may be a customer.

They havenít yet. Iíve seen this for about 2 years now I think.

4:13 pm on May 4, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 10, 2001
posts:1551
votes: 10


I think the thought process was that the various privacy programs (e.g. AdSubtract) replace the referer string with space characters.

Maybe, but then that thought process would have been wrong... ;)

My log files show spaces in referers as spaces just fine. I would have to convert them to "+" myself if I wanted to see them that way. This means that our culprit really sends literal "+" characters.

The other thing is that it creates a very unique signature of "XXXX:+++....". It's extremely unlikely that several software packages would go and write this very peculiar leading "XXXX:" when modifying a referer string.

The only reasonable conclusion is that we're talking about exactly one program.

Just for the sake of completeness, here's the referer types that I see in my logs:

- "http://www.example.com/" (standard case)
- "news://www.example.com/" (usenet reference)
- "file://some/path/" (local file reference)
- "-" (no referer sent, either a crawler, a typed in URL, or filtered by a firewall)
- "" (empty referer sent by some broken crawler)
- "8" (an arbitrary number, sent by some broken crawler)
- "www.example.com/" (incorrect referer sent by some broken crawler)
- "/somewhere/on/my/site.html" (relative referer apparently sent by several IE versions or a broken crawler mascerading as such)
- "about:blank" (apparently caused by a bug in mozilla)
- "bookmarks" (sent by NS4 Mac)
- "Webster://Internal/StatusPage" (you know who)
- "[unknown origin]" (some firewall)
- "Field blocked by ... (http;//www.example.com/)" (another firewall)
- "Blocked by ... (www.example.com)" (yet another firewall)
- "XXXX:+++++++" (our culprit)

5:11 am on May 5, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 8, 2003
posts:1429
votes: 0


Thanks for the info bird.

Okay so its not that. It is in fact some stupid program using plus signs. And while I agree that this is a pretty bad practise I still don't think the users of this program should be punished for it. After all, if it is a privacy program, then the marketing speak probably just says it 'blocks secret information sent to websites by your browser'. It probably won't say exactly what is blocked or how.

jim_w: I sympathise that you robbed when someone reads your content with no intention to buy. But unless these people are actually causing you problems then I definitely think your second option, of changing the referer field yourself, is the best way to go.

5:53 am on May 5, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 19, 2003
posts:695
votes: 0


I definitely think your second option, of changing the referer field yourself, is the best way to go.

Agree, it just took me a while to figure it out, and talking to ppl here helped me discover it.

I sympathise that you robbed when someone reads your content with no intention to buy

Itís not a case of taking content. As I said, it is a case of causing me additional work that I shouldnít have to do. Itís an efficiency issue.

5:46 pm on May 29, 2003 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38257
votes: 115


Unless someone can produce a program that does this type of referrer, I think it is a script kiddie program sniffing for some type of exploit.
This 35 message thread spans 3 pages: 35