 nilJava Geek
join:2000-11-27
kudos:1
Webmasters and Dev..
Forum Feature Requ..
| reply to bluebearMX
Re: Kasia is not nuts really - She made the Regis No, no.. this has nothing to do with comments..
A typical referer entry is just a link to a site someone came from to your site.. what someone has done in this case instead of using a url, they embedded a javascript as a referer which created a redirect on the page that displayed it.
--
daily madness |
|
| aha, I wasn't gonna post that because then I'd be a noob if I was wrong.
So here it is in Skyroket terms:
You keep track of who sends people to your page. You post those results in some log.
People sneakily get some javascript to get in your log so that when people go look at your weblog, they get redirected to some page...
Benefits of doing this would be?? more hits on your page? More publicity to your page? If you're running ads on your page you get $$ for every time the ad is loaded...etc? |
|
| reply to nil
So, basically, you're just being sent back to the same page, right? What's the benefit of that though? |
|
| reply to skyroket
What is up with the weblogs....people display those publicly? I couldn't care less how many people go to the same sites I do...there are people who care? |
|
|
|
nilJava Geek
join:2000-11-27
kudos:1 | reply to bluebearMX
No.. not the same page.. any page someone wants to redirect people to.. could be a porn site.. or something
--
daily madness |
|
| Ok. Really, I'm not playing dumb. I think I understand now. So, what they are doing is sniffing out people redirecting them to other sites? |
|
nilJava Geek
join:2000-11-27
kudos:1 Host:
Webmasters and Dev..
Forum Feature Requ..
| No.
I don't think you understand what a referer is? In terms of an http request anyway.. referer is one of the fields sent by the client to the server basically saying "Hi, this where I'm coming from, so in theory this page is linking to you" Let's say that field is filled with »www.google.com/
So now the web server looks at it and says "Ah, cool, google is linking to me".. and in in the case of some happy blog owner he now has a script generate that on his weblog..
"hey look guys, I"m getting traffic from »www.google.com".. but see, he doesn't actually do this by hand just gets the referring url from the http request.
Now the bad guy takes that request and modifies it to instead of the link have a line of javascript like say.. <script>top.top.location.href=bignastypornsitecom';</script> and goes off and hits the weblog with this modified request (his own request, not someone elses).
The weblog owner has this scripted so he doens't see that this isn't a real referer and happily displays it on his page.. at which points this referer acts like any javascript would when embedded in html.. it redirects.
--
daily madness |
|
| Yeah, I know what a referrer is. I've used it before in ColdFusion. I just didn't understand what the javascript code injection was all about.  I understand everything you're saying now. Thanks to imp's PM's and you. 
--
AZIZAVENUE - For Macromedia Enthusiasts
Bezworks Design
Featured Client |
|
 BradleyBad Graphics GhostPremium
join:2001-02-20
So Far Away | reply to nil
Excellent explanation...I even understood it that time.  |
|
