Hi

I posted this originally in links discussion, however I was unable to get a solution.

I have links installed on my site. I am getting about 30-40 additions a day, alot are duplicated.

But my add facilty has been disabled.

I have placed several trackers on the page, but no hits.

So where are these additions coming from if nobody is visiting my site.(This doesn't bother me under construction at present).

I am guessing that someone has an auto submit, on another site and is tapping directly into add.cgi

Even if some-one with the know how could confirm my theory would be a start. Oh yes I have emailed some of the people but got no answers.

If I am correct then I would need some sort of tracker for a cgi file, is this possible.

The remote host on the admin emails are all different, I had hoped this would sort it out.

ANY help or guidance would be greatly appreciated, as these links are no good to me as I intend to run a regional site and a good percentage of the sites being added are xxx sites.

PLEASE PLEASE someone point me in the right direction

Thanks

DavyC

If you don't want additions, simply remove add.cgi, or chmod 0 the file.

Cheers,

Alex

--
Gossamer Threads Inc.

Hi Alex

Sorry, no I want links but people are adding links without visiting the site, basically I would like to know how?

And is there anyway I can find out, is there a tracker that can be run from within add.cgi


Thanks

DavyC

Not really. Assuming it is an auto submit robot that is setting the HTTP_REFERER properly there is no way to tell the visits apart.

You could use cookies or something similiar, or you could change add.cgi to add_link.cgi and then update the links on your site. Should fix the problem.

Cheers,

Alex

--
Gossamer Threads Inc.

Hi Alex

Thanks

DavyC

Surely just editing th *referrer* variable in links.cfg would solve the problem!

From Paul Wilson.
http://www.audio-grabber.com
Music Directory

The referrer in the links.cfg does not do the the trick I have played around with that a lot. I have one individual that keeps auto-submitting without visiting. When he submits he puts in his tags where the actual keywords, title, etc. should be. Everytime that he submits which is about two or three times a week it erases my linksid.txt file and screws everything up until I go back and manually add the id to the linksid.txt.

I was thinking last night that adding something to my .htaccess file to block him from my site but I have't figured out the right codes yet. He has a static IP because it is always the same.

If there are any .htaccess gurus reading this that could help with the code, I would appreciate it. Or maybe somebody has a better idea?

Jimmy Crow
http://www.homewithgod.com/

the easiest way would be to rename your add.cgi file or put it in a different folder!

Not a long term solution though!

From Paul Wilson.
http://www.audio-grabber.com
Music Directory

jcrow,

For information on editing the .htaccess file, refer to http://www.apache.org. Yet, I think that it would be quite challenging to do since if the spammer is using a dial-in connection, then tracking the IP address will be virtually impossible since IP addresses are dynamically assigned each dialin session.

Also, the better file to edit is the robots.txt.

Regards,

Eliot Lee

DavyC,

This issue has been discussed numerous times in the Links 2.0 forums.

Anyway...What you can try to do is the following:

1) Add multiple submission pages (via the Add Confirmation Mod). When I was using Links 2.0, the user had to first fill in a form with their contact information, then select altcategories and fill-in description in the next screen, then confirm the submission. It is much harder to auto-submit with multiple pages.

2) Use the Block Words Mod in the Resource Center to block offending IP addresses. You will have to create a text file or an array in the links.cfg for the offending IP addresses. Although, this is not foul-proof since as I stated before IP addresses are typically dynamically assigned to dialin users and some DSL providers are now refreshing IP addresses for security purposes.

3) Add the following codes in your sub process_form routiune in the add.cgi script:



AFTER the following codes:



NOTE: You will have to also do the following:

a) Create a new sub in the site_html_templates.pl file called sub site_html_add_close. This should be a copy of your sub site_html_add_failure, but you will load a template file called add_close.html.

b) Create a new template file called add_close.html. This should contain the following tag:

<%error%>

Do not include the add form, just this error message.

BTW: The above suggestion translates into checking the validate.db file before adding the link into validate.db. This will stop people from re-loading the page and adding their site and also auto-submissions.

4) You should add all occurrences of your domain in the @db_referers array in your links.cfg file:



If you only include www.yourdomain.com, then people could use yourdomain.com to auto submit records.

Hope these suggestions help.

Regards,

Eliot Lee

Hello Eliot,

Thanks for the reply. The last four times that I have been able to track him in the logs he has been on the same IP from Germany.

I have been to apache.org quite a bit lately, I guess I just don't have enough experience under my belt yet to follow their instructions. Everytime he pass the htaccess the same IP, I try a different way with the .htaccess I guess I'm not using the right codes or I am messing them up when I edit them to block him.

I guess he's just having fun with me. He uses the same information everytime.

Jimmy Crow
http://www.homewithgod.com/

Have you tried using the following codes within your add.cgi script:



Create an array called @block_ips in your links.cfg file.

BTW: Similar codes have been posted in the Links 2.0 Customization Forum for the rate.cgi script.

Regards,

Eliot Lee

Excellent Eliot!

This will do it and I can understand whats going on in the code. .htaccess is tough for a newbie. I have searched the Links forum but guess I wasn't using the right keywords because I haven't seen this before.

Thank You!

Jimmy Crow
http://www.homewithgod.com/

You're welcome.

Guess you missed the Threads that can be accessed via the following search link:

ip address rate.cgi Links 2.0

Look at the following Thread:

http://www.gossamer-threads.com/...=25&Old=allposts

Regards,

Eliot Lee