Wanted: a mod to limit the number of different links a vistor can click on, with a variable to adjust the limit. e.g.50

This is to stop/frustrate rival directories from poaching links.

Can anyone point me to such a script, it would be greatly appreciated!

[This message has been edited by Coastsearch (edited June 23, 1999).]

this doesn't sound to hard...

but i'm not sure if i understand you..

you want a mod that prevents someone from clicking on the same link many times or a number of links many times?

both are easy with cookies.. but you can always disable cookies and they won't work... then their is via IP.. but then they can log off and logon again..

Thanks widgetz...

I want to stop rival directories from getting a list of my links. This means to limit link clicking per visitor to a determined number. But first a suspect needs to be noticed and identified, so could links be modified so that to click on a link requires cookies on? This would identify the visitor and then the unwanted visitor gets limited and an online warning. Perhaps also an alert sent to Admin via email....

If someone wants to poach your site, no matter what you do you will not be able to prevent it. All they would need to do is open up the source code for each of your pages, download it, and process it through a script to extract the links.

However, all the links should be pointing to jump.cgi?ID=xxx where "xxx" is the ID number of the link. If you do not allow access to jump.cgi from offsite, it will not do them much good. The add.cgi script has a routine that prevents someone from using add.cgi from off site. It looks like this:


If you modify it, you can put it in jump.cgi to do the same thing. You must also ensure that your domain is listed in @db_referers in links.cfg.

Here is how that routine looks in jump.cgi on my system (as the first thing in sub main):


I hope this helps.

Thanks Bobsie...

You pointed out a weakness in my site's security. I have now updated and successfully tested the add.cgi, modify.cgi and jump.cgi, leaving search.cgi as is because I have encouraged people to add Coastsearch onto their site.

If they attempt access off-site they get a detection message revealing some details about them from ENV and are told that Admin has been notified (bluff). Though it would be handy to do this.

However this does not limit clicks to a set number. Does anyone have any suggestions?

Hi Bobsie, I have trying nearly all day to find this little code, had a lot of help from Paul W etc.etc

I tried your code and thought it worked well, but in a way it doesn't. If I link externally my download still appears.

So i thought I would try it out on your site and see what happens with yours.
Before I go any further I know your a moderator and if your not happy with me posting a link from your website on this forum please delete this post.

Ok back to my point. I took a link frokm your site and tried it out externally but I can see it even thou I am visiting from somewhere else.

The link used http://goodstuff.orphanage.com/...uff/jump.cgi?ID=1249

Now either you do not have this included anymore or it does not work.

an you please clarify this for me.

Sorry for any inconvience.

Now in theory by clicking that above link, I should be presented with your error message, but instead I goto the link.

Where are you putting the codes? They need to go at the top of the jump.cgi script. Please upload a copy of your edited jump.cgi script.
========================================
Buh Bye!

Cheers,
Me

stu2000,

I am using similar codes that Paul posted for you in that other thread (written for Links SQL, of course, since I am using that product predominately in my sites, only one of my sections is powered by Links 2.0, but about to be upgraded with Links SQL).

And if you click on the following link, you'll see an error message:

http://vlib.anthrotech.com/bin/jump.cgi?ID=1

Now, one thing that won't work with the codes that Paul provided, as he mentioned, if someone "spoofs" the http referer, then it will bypass the domain check codes. In addition, someone could type in the URL for jump.cgi links in your directory and bypass the error checking and also if they bookmark a link, same thing.
========================================
Buh Bye!

Cheers,
Me

>>
In addition, someone could type in the URL for jump.cgi links in your directory and bypass the error checking and also if they bookmark a link, same thing.
<<

But won't that mean the referer is blank which would still result in a blocking?

Nope...blank http_referer, means that there is no way of checking it against an array of appropriate domains, unless you can think of a way of addressing that issue. But like I said, typing an the URL of a page that contains the domain checking codes will allow you to bypass them (like the ones written for Links SQL).
========================================
Buh Bye!

Cheers,
Me

>>
Nope...blank http_referer, means that there is no way of checking it against an array of appropriate domains,
<<

If you are checking the referer against a list of domains then if the referer is blank, it won't match and the error will show.

Hi Paul and Stealth, right I think Stealth asked for my jump.cgi file. I have taken it from a mod that bobsie provided a while back. If I click on it from my site it works ok, but from an external link it does not.

I see stealth's link above works ok, that is what I require. the Modified code I have added is in my jump.cgi at the top of my sub_main routine. (See below) I have had to blank out my urls as my directory is not protected as I am still playing around with scripts.

Welp, doesn't work in the Links SQL v.1.13 nor the ones you wrote or the ones written for Links 2.0, if the http_referer is blank from whatever source, it bypasses the error check codes. Try it yourself.
========================================
Buh Bye!

Cheers,
Me

Hi Stealth, I know you don't like giving out your codes etc as your scripts are all heavily modified and you've put a lot of work into them.

But you said above that your codes are very similar too the ones Paul posted in the perl programming thread.

Can you if possible please point out where I am going wrong. I did at first use db_referer in links.cfg but then I had problems with my add.cgi script hence I am now using the db_url which I have included in the the jump.cgi script.

Going by Pauls and Bobsie's coding I think I have copied it exactly, but for some reason just cannot get it to function correctly.

Can you see anything obviously wrong.

Stuart

1) You are referencing @db_url array, but you have defined the array as @url. Either change the @db_url array reference or change the initial @url to @db_url.

2) The actually HTTP_REFERER check codes in the following line:

$ENV{'HTTP_REFERER'} =~ /$_/i and $found++ and last;

I use are different:

$ENV{'HTTP_REFERER'} =~ /\Q$_\E/i and $found++ and last;

Other than that, the codes are very much the same.

BTW: Paul, the reason that the codes for blank http_referer do not work is with the first condition in the set of codes:

if (@db_url and $ENV{'HTTP_REFERER'})

translation: if the db_url array exists and if the HTTP_REFERER exists, meaning that if it's not blank, then go through the domain check codes. So, in other words, if there is a blank http_referer, it doesn't pass any value, and thus you can bypass the domain check codes.
========================================
Buh Bye!

Cheers,
Me

Paul and Eliot, your level of knowledge astounds me.
The script is now working a treat, thanx a million.

The changes you mention above Eliot done just the job, I am now sent to an error page if linked externally.

A big thank you to yourself and Paul.

Stuart

For anyone else reading this thread the code that Paul and Eliot finally got to work is shown below.
Added into jump.cgi

stu2000,

Great! And thanks for posting the working codes since that will help future users.

One thing to remember is that if you use other MODS like Recommend It!, then the codes you've added will also send people to the error page if you include the jump.cgi link in the Recommend It email.

One way around this is using another condition in the first "if" statement in the codes you've added, like:

($in{'showurl'} ne "yes")

The codes would look like the following:



Then in your Recommend It codes, use the following:

$db_cgi_url/jump.cgi?ID=$rec{'ID'}&showurl=yes
========================================
Buh Bye!

Cheers,
Me

I see, it works in the version I recently posted in the perl forum.