OS and Software > Webmasters and Developers > Kasia is not nuts really - She made the Register!

reply to Bink63

Re: Kasia is not nuts really - She made the Regis

I think it would be great if you could explain what could happen through referral links. I read your post, but still would like to have a clearer explanation if you don't mind.
--
] ::my trivial ramblings:: [

reply to nil

said by nil:

---

bluebear.. are you asking what is blog hijacking through referer links?

---

reply to DaSneaky1D
Well, essentially, some websites (many weblogs do this, I don't) display the most recent or the most numerous referers directly on their weblog..

»jeremy.zawodny.com/blog is one example.

It's really easy to hack what the browser is reporting as a referer when hitting a website.. you can put *anything* in there and in this instance someone put a javascript that redirects the page to another page.. so the blog is essentially hijacked, as all traffic incoming (that has javascript enabled) is redirected to another page... Don't even need to hack a browser to do this, a telnet session is sufficient.

The lesson here.. always clean anything you display on a page if you can't trust the input. For things like comments and posts that's immediately apparently but not many people would think that a referer.. something that seemingly comes from your own server log is dangerous.. well.. it is.

Does this make more sense now?
--
daily madness

Ok, being that you are more versed in "geek" (j/k), can you put that in laymens terms? I know what a referrer is, and I think I understood that you were saying that the whole point is to keep people who make negative comments sifted out? If that is the case, what's the problem with it? I still don't understand. Sorry. Just once more so that even a child can understand it.
--
AZIZAVENUE - For Macromedia Enthusiasts
Bezworks Design
Featured Client

No, no.. this has nothing to do with comments..

A typical referer entry is just a link to a site someone came from to your site.. what someone has done in this case instead of using a url, they embedded a javascript as a referer which created a redirect on the page that displayed it.
--
daily madness

aha, I wasn't gonna post that because then I'd be a noob if I was wrong.

So here it is in Skyroket terms:

You keep track of who sends people to your page. You post those results in some log.
People sneakily get some javascript to get in your log so that when people go look at your weblog, they get redirected to some page...

Benefits of doing this would be?? more hits on your page? More publicity to your page? If you're running ads on your page you get $$ for every time the ad is loaded...etc?

reply to nil
So, basically, you're just being sent back to the same page, right? What's the benefit of that though?

reply to skyroket
What is up with the weblogs....people display those publicly? I couldn't care less how many people go to the same sites I do...there are people who care?

reply to bluebearMX
No.. not the same page.. any page someone wants to redirect people to.. could be a porn site.. or something
--
daily madness

Ok. Really, I'm not playing dumb. I think I understand now. So, what they are doing is sniffing out people redirecting them to other sites?

No.

I don't think you understand what a referer is? In terms of an http request anyway.. referer is one of the fields sent by the client to the server basically saying "Hi, this where I'm coming from, so in theory this page is linking to you" Let's say that field is filled with »www.google.com/

So now the web server looks at it and says "Ah, cool, google is linking to me".. and in in the case of some happy blog owner he now has a script generate that on his weblog..

"hey look guys, I"m getting traffic from »www.google.com".. but see, he doesn't actually do this by hand just gets the referring url from the http request.

Now the bad guy takes that request and modifies it to instead of the link have a line of javascript like say.. <script>top.top.location.href=bignastypornsitecom';</script> and goes off and hits the weblog with this modified request (his own request, not someone elses).

The weblog owner has this scripted so he doens't see that this isn't a real referer and happily displays it on his page.. at which points this referer acts like any javascript would when embedded in html.. it redirects.
--
daily madness

Yeah, I know what a referrer is. I've used it before in ColdFusion. I just didn't understand what the javascript code injection was all about. I understand everything you're saying now. Thanks to imp's PM's and you.
--
AZIZAVENUE - For Macromedia Enthusiasts
Bezworks Design
Featured Client

reply to nil
Excellent explanation...I even understood it that time.

reply to nil
Sure does, thanks!