browser referral

I failed the browser referrer test at pcflank http://www.pcflank.com/browser_test1.htm but can't find any settings to disable it. I use firefox and iexplorer. Anyone know how to do this?

 

For FF use the RefControl extension.

 

Thanks dog,i must be blind,coz i looked through those plug-ins aswell

 

Is there anything for IE6. I have ZA free firewall but that does not block referrers. Thanks
PP

 

try using webwasher or proxo.........


its common to fail the referrer test.......there are other means of blocking the the referrer but for new comers to security its best to consider one of the programs mentioned above..............webwasher use to be free but am not sure of that these days........proxo is by far better an help can be found here at the forum..............



snowie the snowman

 

"there are other means of blocking the the referrer"

Is there to block referrers any way besides a proxy? I do not feel confident re setting up proxy. Thanks

 

privateperson


Don't worry about setting up a proxy...you can do it....there really isn't much to it and there will be people here willing to guide you..(I don't post here very much so wont offer help)

It would actually be easier on you to go for the proxy. You appear to be New at computer security an in such cases its best to go the simple way .
Sooner or later you will need to learn these things....its the way of the world if you truely want to protect your personal info and computer. The time you spend learning how this is done will be well worth every moment.
There are lots of people here who are confident....lean on them....thats what its all about.
Right about now it would be nice if someone would jump in here an offer you some insight and help........that would be nice.

An you may as well register.....your isp address is already logged so its no big deal to register an become a part of the forum.....this is not something normally I would suggest but you need to gain some experience in security. Your choice of course.

 

as snowie said, a proxy is one way.... another of course is to use a firewall which blocks referrers, but that would mean changing also to something new for you.

there are other programs out there that could help, I personally am using Kerio Personal Firewall v4 which blocks such. [see pic, over 8,000 in last month alone which is a tiny portion compared to some, as I mainly cruise security sites and some newspaper sites and my daughter is studying so medical sites from her, so you can imagine if you were going to some pretty hot sites what the rate would be].

try a google search: 'block referrers' you will get a load of information.

Cheers, TAS

 

Well TD, 8000+ sites in a month!

Wow, it seems a heck a lot of sites are evil. In fact, did you notice that Wilders also trie to steal your referral! Evil evil site.

 

In case you are using FF, here is the procedure, to disable Referer:

- Type about:config in the FireFox Location Bar.
- Type refer in the about:config filter bar.
- Double-click network.http.sendRefererHeader and enter 0 at the prompt.

Now, you will pass the pcflank test

 

Yes, while that's true it isn't selective. It's off or on ... when the occasion that a referrer is need, (ie. to Download PGP) will the user remember they made this change? It would be better if FF implemented a referrer option in its preferences, similar to Opera. That's what's nice about the extension above, you can over-ride it site by site, if necessary ... while leaving the default as blocked for any site that isn't listed. Also with the notice in the status bar, the user shouldn't be caught unaware to where the issue is, on the off chance they run into a problem like that in the example.

 

I do not go to 'hot' sites if 'hot' means porn?

I have googled block referrers but have not found a way to do this ahve got lots of info.
Regards
Thanks

 

privateperson



http://www.pacificnet.net/~bbruce/workshop.htm


The above url is to the Webwasher Workshop......it will offer you all the instruction you could possibly want or need. Until you gain experience this should help you make it through the day.

Sooner or later you will need to take the steps needed to enhance your security and privacy........you, and only you can take those steps. As you can see these people are here offering you their help.........they care......but you have to be the one to take the steps.......

 

Thanks for the link and your advice. Much appreciated

 

privateperson

You are most welcome. Wish there were time for me to offer more but as previously stated I don't hang around here long.....just a brief visit cause its christmas time and I've still a few friends to whom I say hello....an then off I go....on my merry way.

you will be just fine...take it slow and easy.....enjoy yourself....if you have doubts..stop...get answers before proceeding....there is no hurry.
security is not nearly as difficult as some would have you believe. There are programs that do much of the work for you.... but don't be pulled into the "install this trap".....the correct programs will give you a huge amount of security....keep your computer slim, trim, light on its feet and always prepared for whatever comes its way.
have enjoyed meeting you.......wishing you a truely Merry Christmas and the very best of New Year's

 

Hi... porn? nope, at at all, though I can now see how it could have been construed with my use of the word 'hot', just that I meant any sites which would set a lot of them.

for eg: I go to a lot of newspaper sites and get a truck load from them, lots of sites with any advertising in them will want to get referrers, but if I was to really surf a lot more, than my average would be waaay up.

actually I am susprised at the amount of legit sites which want to send/receive referrers and since they need money for upkeep, one way is to target as such for advertising purposes.

as to the google search, I saw lots of the sites but personally did not check them out, that would be for you to do I am afraid, and of course yu would get a lot of useless info also, but keep trying to sort the chaff from the wheat and you may get somewhere.

dog gave a nice one for FF, but you still need to do something more drastic for IE though.

Good luck
TAS

 

Is there a little, comprehensible, education page or reference for these "referers"?

And, is there alittle tutorial on how to use FF Ref Control extension.

And.. dores anybody know if NPF 2005 has a setting to block/modify this type of 'harvesting'

Thanks

 

NPF does block referers.

 

Hi dog,

I passed the PCFlank test, but I don't know how...

I use Opera and Kerio 2 but have not knowingly configured any settings for referrer. Where would I look for those settings?

Also, I've just read some articles on this topic and am wondering why it's such a concern?

Thanks,

-rich

 

Most of the time it is harmless, but in some instances it could be considered a privacy issue.

Regards,

CrazyM

 

Can you give me some examples, or references discussing this?

Thanks,

-rich

 

My understanding is that the referrer is a header that all browsers sent automatically (unless steps are taken as mentioned already). It takes no special effort for the web server to 'extract' it since it's freely sent by the browser. It does not require javascript, or Java/activex, cookies or whatever special technology.

Most simply don't care, though generally server side weblogs *do* record it.

There is generally no security implications, but there can be privacy implications if for example you don't want people to know how you found this site , in particular, if you came from a search engine page, the search engine string gets valuable information on what search terms you used.

Webmasters generally like this kind of information, it helps them customise their website. They can see for example which sites are bringing them inbound traffic or what type of search terms are used to find them.

Occasionally you can also give away 'secret' pages, say you have a new website that you are preparing that has no inbound links from any site is of course unknown to the world or search engine bot. While creating the site, you link to my site, and click on the link to test it.

I check my web logs monthly and i see this unfamilar url referrer, and I 'find' your website. This is a silly example of course... Since if you were smart you would password protect your site until it was ready, but still ...

This can work in reverse with referrer spam, where bots send fake referrers to make webmasters curious enough to click on. You see this unfamilar url, and you wonder why it's linking to you, you click on it...

 

I've often wondered how they know who "you" are - I mean, if your IP address changes each time you dial up, can any of their loggings really trace back to you - your name, where you live, etc?

Using this site as a test, not much information other than the IP is revealed:

http://www.b2knet.com/

 

A better example would be that with some websites that require login, once you log in, the URL includes the website+user name+password. So this way you can just add the URL to your favourites and whenever you click that favourite it just takes you to the website but with your logged in stated. Now consider you went to a website that requires logging in. Lets call it "www.my-website-requires-login.com" now you log in and we'll use me as an example. I log in using muf as my user name and lets say my password is hello. So i log in and the URL will change to something like
"www.my-website-requires-login.com&user=muf&password=hello"
Ok, if i save that URL then every time i want to go to that site i go to that URL and it logs me in automatically.
Here's the problem. If i'm on the page "www.my-website-requires-login.com&user=muf&password=hello" and i then go to Google.com then Google will see on the referrer that my last page was something i'd rather not have them know. Obviously because it contains my user name and password.

So the referrer can be very intrusive. All depends on whether you use a website that displays your login in the URL. Also, you may not want a website to know what the previous page you visited was.

muf

 

Not much to worry about, assuming you're on traditional dialup or broadband connection.
They can find out your ISP's IP address location (in my case it's about 30 miles away).
Check out here: http://www.2privacy.com/www/privacy-protection/ip-check-privacy-test.html#check_your_ip_geo_location
and select their 'IP location test'