Welcome to WebmasterWorld Guest from 3.85.214.0

Forum Moderators: DixonJones & mademetop

Message Too Old, No Replies

Referrers Xxxx:++++++++++++++++++

Where's he coming from?

     
5:13 pm on Mar 3, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Dec 13, 2002
posts:275
votes: 0


What's this about?

24.164.0.218 - - [03/Mar/2003:07:44:17 -0800] "GET /page.htm HTTP/1.1" 200 5751 "XXXX:+++++++++++++..." "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

5:23 pm on Mar 3, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


It is a Roadrunner customer who is using something like Norton Interner Security to mask the URL which referred him to your site.

Base your decision to block this IP address on his behaviour on your site, not on the masked-out referrer.

Jim

5:24 pm on Mar 3, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Jan 7, 2003
posts:1230
votes: 0


too late ;)
5:40 pm on Mar 3, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Dec 13, 2002
posts:275
votes: 0


Righto, thanks, didn't do anything wrong so leave it be.
7:30 pm on Mar 23, 2003 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38256
votes: 115


Blocking referrers is one thing, but to spam logs with +++++++++++ is another. I usually ban them so they know their product is not behaving in a good manner.
11:57 am on Mar 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Feb 28, 2002
posts:1328
votes: 0


If the person isn't doing anything "wrong" why would you need to ban them?
12:03 pm on Mar 24, 2003 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38256
votes: 115


I've always wondered if the xxxx:++++ was designed to exploit some webserver hole? The +++ is rather suspect.

gsx

12:04 pm on Mar 24, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Feb 20, 2002
posts:603
votes: 0


I thought that, but decided not to post! Why would you ban them?

Unless you are running some exclusive site, it is as if you are saying something along the lines of "unless you are wearing brown shoes, you are not welcome into our shop". Now, Versace may be able to do this, but Asda/Walmart couldn't!

Perhaps someone is using a cheap or free firewall that replaces the referer string with the plus symbols so all the header lengths do not need to be changed.

1:23 pm on Mar 24, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Dec 13, 2002
posts:275
votes: 0


If one person in a 1000 masks the referrer like that it's a very minor inconvenience, if a 100 in a 1000 do it then it would be seriously annoying.
5:44 pm on Mar 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Feb 28, 2002
posts:1328
votes: 0


The way I see it if some wants to remain anonymous and isn't doing something wrong you really should let them alone. If they came into your brick-and-mortar store to buy your widgets with a fake name, most stores aren't going to have a problem with it (unless you sell something dangerous like explosive widgets).

it's the old musicians line "...don't get involved in the politics, man, just play the gig..."

5:59 pm on Mar 24, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Dec 13, 2002
posts:275
votes: 0


Playing the gig in a business sense means needing to know something about your (potential or actual) customers. How they found you is one important part. A lot of my seo and general marketing efforts are based on raw log file analysis.
But if they do want to remain anon, as i said it's inconvenient/annoying, but that's all, no need to ban them as you say.
6:08 pm on Mar 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member korkus2000 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 20, 2002
posts:3732
votes: 0


Why not just add the string private or something like that. I think the string used is suspicious also. I haven't banned it, but I do not like the anonymity of the string. If it is a privacy program then why not list the program or anything, but the incoherent string.
3:04 pm on Mar 27, 2003 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38256
votes: 115


Looking back in logs - it was highly active a year ago, and just popped back up in the last month.

As far as I can determine, Norton Interner Security programs do not do this with the referral strings.

I have to agree Korkus, it should be banned unless someone can produce a program that actually does this. Looks like an exploit attempt to me.