Gossamer Forum
Home : Products : Links 2.0 : Discussions :

Auto Submission Engines getting smarter

Quote Reply
Auto Submission Engines getting smarter
Hi Folks:
It seems like auto submission engines are getting smarter. The latest ones are not using the web anymore but they are stand alone applications.

I have set the
@db_referers = 'mydomain.com'

and I have tested it by using the IP# instead of the domain and it works (ie I get a rejection when I use the IP but it is accepted when I use the Domain name).

Now this morning I received submissions from China. The Refer field on the email was blank.

What do you recomend ?



Quote Reply
Re: Auto Submission Engines getting smarter In reply to
The way the referer check is written in add.cgi, it is only supposed to accept the new link when the referer matches one of the items in @db_referers. A blank referer will not match and, therefore, should be rejected. However, the problem I see is that the referer check is only executed if both @db_referers and $ENV{'HTTP_REFERER'} contain something. If $ENV{'HTTP_REFERER'} is blank, the referer check is skipped. Modify the top of add.cgi, sub process_form as follows:

Code:
my ($key, $status, $line, $output);

# Check the referer.
# if (@db_referers and $ENV{'HTTP_REFERER'}) {
if (@db_referers) {
$found = 0;
foreach (@db_referers) {
$ENV{'HTTP_REFERER'} =~ /$_/i and $found++ and last;
}
if (!$found) {
&site_html_add_failure ("Auto submission is not allowed in this directory. Please visit the site to add your entry.");
return;
}
}

Also, change your @db_referers to:

Quote:
@db_referers = ('mydomain.com');

I hope this helps.


[This message has been edited by Bobsie (edited July 07, 1999).]
Quote Reply
Re: Auto Submission Engines getting smarter In reply to
Thanks Bobsie:

I did not have the brackets around mydomain.com.

Could that have been a factor ?

@db_referers = ('mydomain.com');

Quote Reply
Re: Auto Submission Engines getting smarter In reply to
It could have been the reason it was working for the IP address and not the domain name. But the real problem was that the referer check was being skipped when $ENV{'HTTP_REFERER'} was blank. I think that is a flaw in the code and the code I posted should fix it.