Gossamer Forum
Home : Products : Links 2.0 : Customization :

blocking invalid referrers

Quote Reply
blocking invalid referrers
I was wonding if it is possible to block domains other than what links is hosted on from using the search, jump etc. My site is being leeched big time and I would like to stop other people from using my scripts. If this can be done, I'd like to use it on my other scripts as well.

Thanks.

------------------
Jason
Extreme mtb
http://extreme.nas.net
Quote Reply
Re: blocking invalid referrers In reply to
Check cgi-resources.com

There are several anti-leech options there. The problem is that not all work in all situations, and you'll have to find one that works for you.

two listed:
http://leechkiller.hypermart.net/
http://www.anti-leech.com/main.html

Quote Reply
Re: blocking invalid referrers In reply to
As I was thinking --

you could check the environment variable:

REQUEST_URI = /cgi-bin/script.cgi

on each call -- only a tiny time penalty.

If it doesn't match, or it doesn't exist, serve up a cryptic error message.

Advanced spiders can always fake it, but many of the automated tools out there can't. IT will stop most of your leaches.

Quote Reply
Re: blocking invalid referrers In reply to
Thanks pugdog, I'll have to check those out.

Where abouts would I put the

REQUEST_URI = /cgi-bin/script.cgi

as you suggested.... like at the top of the script or something, please explain.

Thanks again!


------------------
Jason
Extreme mtb
http://extreme.nas.net
Quote Reply
Re: blocking invalid referrers In reply to
It's an environment variable, and you should check it at the top of your script to make sure the referer is a legitimate URL on your site, before you do any processing of input.
Quote Reply
Re: blocking invalid referrers In reply to
The code you need is already in add.cgi, sub process_form. If you copy it and modify it to fit the other scripts, it works in them just as well. The code in question is:

Code:
# Check the referer.
if (@db_referers and $ENV{'HTTP_REFERER'}) {
$found = 0;
foreach (@db_referers) {
$ENV{'HTTP_REFERER'} =~ /$_/i and $found++ and last;
}
if (!$found) {
&site_html_add_failure ("Auto submission is not allowed in this directory. Please visit the site to add your entry.");
return;
}
}

I hope this helps.
Quote Reply
Re: blocking invalid referrers In reply to
I tried to add that to the script but it just gave me a 500 error. Where/how do I do the @db_referers definition? I had it as the following:

@db_referers =('extreme.nas.net','206.130.8.99');

What am I doing wrong?

Thanks for your help!

------------------
Jason
Extreme mtb
http://extreme.nas.net
Quote Reply
Re: blocking invalid referrers In reply to
Here's an alternative clip of code from the BNB Birdcast.cgi script that blocks off-site posts. (Their code is listed as free to do anything you want to... )

Code:
sub valid_page
{
if (@okaydomains == 0) {return;}
$DOMAIN_OK=0;
$RF=$ENV{'HTTP_REFERER'};
$RF=~tr/A-Z/a-z/;
foreach $ts (@okaydomains)
{
if ($RF =~ /$ts/)
{ $DOMAIN_OK=1; }
}
if ( $DOMAIN_OK == 0)
{ print "Content-type: text/html\n\n Sorry, cant run it from here....";
exit;
}
}

@okaydomains is simply a list of valid domains to refer from:

Example:

@okaydomains=("http://postcards.com", "http://www.postcards.com");

That will make sure your clicks come from your site.

I think you should also define all the variables except @okaydomains with my() to allow upwards compatibility later on.

Quote Reply
Re: blocking invalid referrers In reply to
So for that my() stuff, do I just put:

my($DOMAIN_OK, $RF)

I'm not up to speed on all cgi stuff yet so that's why I needed some clarity.

Thank.

------------------
Jason
Extreme mtb
http://extreme.nas.net
Quote Reply
Re: blocking invalid referrers In reply to
You should keep in mind that newer 4.0+ browsers can be set to not send the HTTP_REFERER variable, as a safety feature.

Anyone with that feature turned on will get your error message, even though they're a legitimate user.

Dan O.
Quote Reply
Re: blocking invalid referrers In reply to
This is what I use for the jump.cgi script to prevent ppl from linking the jump.cgi url's.
The first thing after sub main {
The @db_referers is already in your links.cfg file too.

Code:
sub main {
# --------------------------------------------------------
# Check the referer.
if (@db_referers) {
$found = 0;
foreach (@db_referers) {
$ENV{'HTTP_REFERER'} =~ /$_/i and $found++ and last;
}
if (!$found) {
#&send_email;
print "Content-type: text/html\n\n";
print qq|<html>
<head>
<meta http-equiv="Refresh" content="20; URL=http://www.djmixes.com/">
<title>ERROR: Anti-Leech Gateway</title>
</head>
<body bgcolor="#000000" text="#C0C0C0" link="#FFFFFF" vlink="#FFFFFF">
<center><font face="TAHOMA,VERDANA,arial,helvetica" size="8">ERROR: <font color=white>Anti-Leech</font></font></center>
<center>
<table width=540 border=0>
<tr>
<td><font face=tahoma,verdana,arial,helvetica size=2>
This is the DJMIXES.COM Anti-Leech gateway. You have followed a link from a site that has copied my links. The following information has been recorded and I will follow up with all bandwidth stealers. <br>
This script is to prevent other pages from stealing our files and bandwidth.<br>
Click <a href="http://www.djmixes.com/">here</a> to get to the real site or you will be automatically sent there in 20 seconds<br>
<hr width=540><br>
<p>Your remote host: <b>$ENV{'REMOTE_HOST'}</b>
<p>Your remote address: <b>$ENV{'REMOTE_ADDR'}</b>
<p>Refering page: <b>$ENV{'HTTP_REFERER'} </b>
<p>Remote identity: <b>$ENV{'REMOTE_IDENT'}</b>
<p>Your browser and OS: <b>$ENV{'HTTP_USER_AGENT'}</b>
<br><br>
<hr width=540><center>Copyright 1999 by: <a href="http://www.djmixes.com/">DJMIXES.COM</a>, all rights reserved.</td></tr></table></center>
</font>
</body>
</html>|;
exit;
}
}