Detect and react to referer spammers?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Detect and react to referer spammers?

Post by JAB Creations »

Is there a way when a referer spammer (a spammer who sends false referers in hopes that you have a public stats script that they can easily get their URL in to) to hold the request, visit the referer URL, and see if a reciprocal anchor exists and if/else decide what to do then?
User avatar
maliskoleather
Forum Contributor
Posts: 155
Joined: Tue May 15, 2007 2:19 am
Contact:

Post by maliskoleather »

you could, but the weight and time delay that would put on the server would make it completley pointless.
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Post by JAB Creations »

Cool, how could I achieve this pointless goal then? :twisted:
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

What if the user uses a bookmark? -> no referer
What if the link is on a page that requires a login?
What if the link isn't present as the exact string you're looking for?
... many other "What if"s ...
As soon as a determined spammer realizes what you're doing he/she will send "valid" referers, no sweat.
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Post by JAB Creations »

I have to get used to the fact that everyone assumes they know what I'd actually do with the result.

As always: Please help me figure out how to do this or please don't waste time your time reminding me of things I already am aware of but can not figure out how to politely put it in my signature because everyone has to PM me about it.
User avatar
maliskoleather
Forum Contributor
Posts: 155
Joined: Tue May 15, 2007 2:19 am
Contact:

Post by maliskoleather »

essentally, you need to to load that page's content (fopen or get_file_contents works on some sites, but you probably want to lookinto cURL), then scan the contents with preg_match... if true, continue on...

Code: Select all

$handle = fopen('http://www.foo.com', 'r');
$data = fread($handle);

$res = preg_match("/www.mysite.com/",$data);

if(!$res){
    die('we do not allow referrer spamming');
}
thats just a basic example though... like i said, fopen only works on some URL's... cURL would be a much better method.

keep in mind this will *drastically* slow the script you implement this on down.. you have to wait for the script to load the page, and then scan the whole file... could easily add 20+ seconds in load/processing time... even more if your site has high traffic.

and then there are so many other issues... if the page requires logins.. if the page youre scanning blocks the php user agent... all kinds of things that make it so i really cant see the point in even TRYING this
Post Reply