Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Strange referrer??
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm)
Author Message
JRSweets
Worker
Worker



Joined: Aug 06, 2004
Posts: 192
PostPosted: Fri Nov 12, 2004 5:56 pm Reply with quote
I was looking in the HTTP Referers section on my site and saw this entry a bunch of times:

Code:
http://wizard.yellowbrick.oz


Does anyone know what the heck this is, and should I at it to Sentinels blocked referers list?

Thanks.
 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661
PostPosted: Fri Nov 12, 2004 6:44 pm Reply with quote
well this explains it.....
[ Only registered users can see links on this board! Get registered or login! ]
 
View user's profile Send private message
JRSweets
PostPosted: Sat Nov 13, 2004 1:55 am Reply with quote
Thank you. So if I put that in the block referers list it will block anyone coming from there from now on right?

Thanks for the help.
 
hitwalker
PostPosted: Sat Nov 13, 2004 3:51 am Reply with quote
well if it will be blocked i dont know but this descibed how the spoofing is done....

Fetching a URL from a Perl Script

    #!/usr/bin/perl -w
    # titlebytes - find the title and size of documents
    use strict;
    use LWP::UserAgent;
    use HTTP::Response;
    use URI::Heuristic;
    my $raw_url = shift or die "usage: $0 url\n";
    my $url = URI::Heuristic::uf_urlstr($raw_url);
    $| = 1; # to flush next line
    printf "%s =>\n\t", $url;
    # bogus user agent
    my $ua = LWP::UserAgent->new( );
    $ua->agent("Schmozilla/v9.14 Platinum"); # give it time, it'll get there
    # bogus referrer to perplex the log analyzers
    my $response = $ua->get($url, Referer => "http://wizard.yellowbrick.oz");
    if ($response->is_error( )) {
    printf " %s\n", $response->status_line;
    } else {
    my $content = $response->content( );
    my $bytes = length $content;
    my $count = ($content =~ tr/\n/\n/);
    printf "%s (%d lines, %d bytes)\n",
    $response->title( ) || "(no title)", $count, $bytes;
    }
    When run, the program produces output like this:

    % titlebytes [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ] =>
    The Perl Journal (109 lines, 4530 bytes)
    Yes, "referer" is not how "referrer" should be spelled. The standards people got it wrong when they misspelled HTTP_REFERER. Please use double r's when referring to things in English.

    The first argument to the get method is the URL, and subsequent pairs of arguments are headers and their values.
 
beetraham
Regular
Regular



Joined: Dec 13, 2003
Posts: 94
Location: Finland (EU)
PostPosted: Sat Nov 13, 2004 4:00 am Reply with quote
JRSweets wrote:
So if I put that in the block referers list it will block anyone coming from there from now on right?

Thanks for the help.


Using the "abuse perl script" will allow that particular individual being malicious to use any other "HTTP_REFERER" strings as well.

So, given this, you'd most probably find it necessary to consider to block the IP as well, as these "script-kiddies" are usually originated from single IP's only (not necessarily. but often so).

BR,

-beetraham

_________________
- Let there be no windows at your home - 
View user's profile Send private message
hitwalker
PostPosted: Sat Nov 13, 2004 4:04 am Reply with quote
well as someone wrote on the link i posted ....


    Well guys, I used IP deny for:
    64.247.5.101
    66.7.159.26
    66.17.15.164
    169.204.165.61
    Amongst others and have had no visits from the wizard of Oz since
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm)


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©