browser referral

Discussion in 'privacy problems' started by tonyjl, Dec 9, 2005.

Thread Status:
Not open for further replies.
  1. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
  2. dog

    dog Guest

  3. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Thanks dog,i must be blind,coz i looked through those plug-ins aswell :oops:
     
  4. Is there anything for IE6. I have ZA free firewall but that does not block referrers. Thanks
    PP
     
  5. snowie

    snowie Guest

    try using webwasher or proxo.........


    its common to fail the referrer test.......there are other means of blocking the the referrer but for new comers to security its best to consider one of the programs mentioned above..............webwasher use to be free but am not sure of that these days........proxo is by far better an help can be found here at the forum..............



    snowie the snowman
     
  6. "there are other means of blocking the the referrer"

    Is there to block referrers any way besides a proxy? I do not feel confident re setting up proxy. Thanks
     
  7. Snowie

    Snowie Guest

    privateperson


    Don't worry about setting up a proxy...you can do it....there really isn't much to it and there will be people here willing to guide you..(I don't post here very much so wont offer help)

    It would actually be easier on you to go for the proxy. You appear to be New at computer security an in such cases its best to go the simple way .
    Sooner or later you will need to learn these things....its the way of the world if you truely want to protect your personal info and computer. The time you spend learning how this is done will be well worth every moment.
    There are lots of people here who are confident....lean on them....thats what its all about.
    Right about now it would be nice if someone would jump in here an offer you some insight and help........that would be nice.

    An you may as well register.....your isp address is already logged so its no big deal to register an become a part of the forum.....this is not something normally I would suggest but you need to gain some experience in security. Your choice of course.
     
  8. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    as snowie said, a proxy is one way.... another of course is to use a firewall which blocks referrers, but that would mean changing also to something new for you.

    there are other programs out there that could help, I personally am using Kerio Personal Firewall v4 which blocks such. [see pic, over 8,000 in last month alone which is a tiny portion compared to some, as I mainly cruise security sites and some newspaper sites and my daughter is studying so medical sites from her, so you can imagine if you were going to some pretty hot sites what the rate would be].

    try a google search: 'block referrers' you will get a load of information.

    Cheers, TAS
     

    Attached Files:

    • 043.GIF
      043.GIF
      File size:
      8.9 KB
      Views:
      381
  9. Fernando Villegas

    Fernando Villegas Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    55
    Location:
    Santiago de Chile
    Well TD, 8000+ sites in a month!

    Wow, it seems a heck a lot of sites are evil. In fact, did you notice that Wilders also trie to steal your referral! Evil evil site. :)
     
  10. Jeremy2

    Jeremy2 Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    72
    In case you are using FF, here is the procedure, to disable Referer:

    - Type about:config in the FireFox Location Bar.
    - Type refer in the about:config filter bar.
    - Double-click network.http.sendRefererHeader and enter 0 at the prompt.

    Now, you will pass the pcflank test
     
  11. dog

    dog Guest

    Yes, while that's true it isn't selective. It's off or on ... when the occasion that a referrer is need, (ie. to Download PGP) will the user remember they made this change? It would be better if FF implemented a referrer option in its preferences, similar to Opera. That's what's nice about the extension above, you can over-ride it site by site, if necessary ... while leaving the default as blocked for any site that isn't listed. Also with the notice in the status bar, the user shouldn't be caught unaware to where the issue is, on the off chance they run into a problem like that in the example.
     
  12. I do not go to 'hot' sites if 'hot' means porn?

    I have googled block referrers but have not found a way to do this ahve got lots of info.
    Regards
    Thanks
     
  13. Snowie

    Snowie Guest

    privateperson



    http://www.pacificnet.net/~bbruce/workshop.htm


    The above url is to the Webwasher Workshop......it will offer you all the instruction you could possibly want or need. Until you gain experience this should help you make it through the day.

    Sooner or later you will need to take the steps needed to enhance your security and privacy........you, and only you can take those steps. As you can see these people are here offering you their help.........they care......but you have to be the one to take the steps.......
     
  14. Thanks for the link and your advice. Much appreciated
     
  15. Snowie

    Snowie Guest

    privateperson

    You are most welcome. Wish there were time for me to offer more but as previously stated I don't hang around here long.....just a brief visit cause its christmas time and I've still a few friends to whom I say hello....an then off I go....on my merry way.

    you will be just fine...take it slow and easy.....enjoy yourself....if you have doubts..stop...get answers before proceeding....there is no hurry.
    security is not nearly as difficult as some would have you believe. There are programs that do much of the work for you.... but don't be pulled into the "install this trap".....the correct programs will give you a huge amount of security....keep your computer slim, trim, light on its feet and always prepared for whatever comes its way.
    have enjoyed meeting you.......wishing you a truely Merry Christmas and the very best of New Year's
     
  16. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi... porn? :doubt: nope, at at all, though I can now see how it could have been construed with my use of the word 'hot', just that I meant any sites which would set a lot of them.

    for eg: I go to a lot of newspaper sites and get a truck load from them, lots of sites with any advertising in them will want to get referrers, but if I was to really surf a lot more, than my average would be waaay up.

    actually I am susprised at the amount of legit sites which want to send/receive referrers and since they need money for upkeep, one way is to target as such for advertising purposes.

    as to the google search, I saw lots of the sites but personally did not check them out, that would be for you to do I am afraid, and of course yu would get a lot of useless info also, but keep trying to sort the chaff from the wheat and you may get somewhere.

    dog gave a nice one for FF, but you still need to do something more drastic for IE though.

    Good luck
    TAS :)
     
  17. 110011....

    110011.... Guest

    Is there a little, comprehensible, education page or reference for these "referers"?

    And, is there alittle tutorial on how to use FF Ref Control extension.

    And.. dores anybody know if NPF 2005 has a setting to block/modify this type of 'harvesting'

    Thanks
     
  18. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma

    NPF does block referers. ;)
     
  19. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hi dog,

    I passed the PCFlank test, but I don't know how...

    I use Opera and Kerio 2 but have not knowingly configured any settings for referrer. Where would I look for those settings?

    Also, I've just read some articles on this topic and am wondering why it's such a concern?

    Thanks,

    -rich
     
  20. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Most of the time it is harmless, but in some instances it could be considered a privacy issue.

    Regards,

    CrazyM
     
  21. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Can you give me some examples, or references discussing this?

    Thanks,

    -rich
     
  22. My understanding is that the referrer is a header that all browsers sent automatically (unless steps are taken as mentioned already). It takes no special effort for the web server to 'extract' it since it's freely sent by the browser. It does not require javascript, or Java/activex, cookies or whatever special technology.

    Most simply don't care, though generally server side weblogs *do* record it.

    There is generally no security implications, but there can be privacy implications if for example you don't want people to know how you found this site , in particular, if you came from a search engine page, the search engine string gets valuable information on what search terms you used.

    Webmasters generally like this kind of information, it helps them customise their website. They can see for example which sites are bringing them inbound traffic or what type of search terms are used to find them.

    Occasionally you can also give away 'secret' pages, say you have a new website that you are preparing that has no inbound links from any site is of course unknown to the world or search engine bot. While creating the site, you link to my site, and click on the link to test it.

    I check my web logs monthly and i see this unfamilar url referrer, and I 'find' your website. This is a silly example of course... Since if you were smart you would password protect your site until it was ready, but still ...

    This can work in reverse with referrer spam, where bots send fake referrers to make webmasters curious enough to click on. You see this unfamilar url, and you wonder why it's linking to you, you click on it...
     
  23. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I've often wondered how they know who "you" are - I mean, if your IP address changes each time you dial up, can any of their loggings really trace back to you - your name, where you live, etc?

    Using this site as a test, not much information other than the IP is revealed:

    http://www.b2knet.com/
     
  24. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    A better example would be that with some websites that require login, once you log in, the URL includes the website+user name+password. So this way you can just add the URL to your favourites and whenever you click that favourite it just takes you to the website but with your logged in stated. Now consider you went to a website that requires logging in. Lets call it "www.my-website-requires-login.com" now you log in and we'll use me as an example. I log in using muf as my user name and lets say my password is hello. So i log in and the URL will change to something like
    "www.my-website-requires-login.com&user=muf&password=hello"
    Ok, if i save that URL then every time i want to go to that site i go to that URL and it logs me in automatically.
    Here's the problem. If i'm on the page "www.my-website-requires-login.com&user=muf&password=hello" and i then go to Google.com then Google will see on the referrer that my last page was something i'd rather not have them know. Obviously because it contains my user name and password.

    So the referrer can be very intrusive. All depends on whether you use a website that displays your login in the URL. Also, you may not want a website to know what the previous page you visited was.

    muf
     
  25. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
Loading...
Thread Status:
Not open for further replies.