Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Arrow Left Previous Page
Page / 2
Posted: 10/5/2004 6:40:22 PM EST
I haven't really gotten a good answer about that.

Oh, and before someone says it, I have *accidentally* hotlinked before. However, I hotlinked before I voted against hotlinking to DUh, so that makes it ok.
Link Posted: 10/5/2004 6:41:04 PM EST
they can trace the origin of the link (ARFCOM) if we do.
Link Posted: 10/5/2004 6:41:13 PM EST
They could if they wanted to follow the hotlink back to here.

It's just an anti counter spying thing.
Link Posted: 10/5/2004 6:42:08 PM EST
When one clicks the hotlink DUh's log show ar15 and thread as the referrer.
Link Posted: 10/5/2004 6:42:14 PM EST

Originally Posted By leelaw:
they can trace the origin of the link (ARFCOM) if we do.



Ok, this is bad why? Besides the sudden influx of trolls, I mean.
Link Posted: 10/5/2004 6:45:30 PM EST
Link Posted: 10/5/2004 6:49:58 PM EST

Originally Posted By MoparMike:

Originally Posted By leelaw:
they can trace the origin of the link (ARFCOM) if we do.



Ok, this is bad why? Besides the sudden influx of trolls, I mean.




Yup. 's teh suck
Link Posted: 10/5/2004 6:52:35 PM EST
It’s kinda like giving a prostitute your home phone number.
Link Posted: 10/5/2004 6:54:35 PM EST

Originally Posted By 199:
It’s kinda like giving a prostitute your home phone number.



Link Posted: 10/5/2004 6:56:29 PM EST
[Last Edit: 10/5/2004 6:57:08 PM EST by GodBlessTexas]

Originally Posted By MoparMike:
I haven't really gotten a good answer about that.

Oh, and before someone says it, I have *accidentally* hotlinked before. However, I hotlinked before I voted against hotlinking to DUh, so that makes it ok.



A little thing that shows up in their website logs called "referrer records." Basically, you hotlink here, someone follows the link, and it shows up as being referred by http://www.ar15.com with the actual URL of the link that pointed to them. You cut and paste the text into your web browser, and it doesn't have a referrer record.

Remember the Alamo, and God Bless Texas...
Link Posted: 10/5/2004 7:01:23 PM EST
And they could autoban everyone who has the ar15.com referrer.
Link Posted: 10/5/2004 7:59:28 PM EST
[Last Edit: 10/5/2004 9:11:14 PM EST by BoreSighted]
Actually, there is a very common mistake that isn't being clarified.

If you click on a link, the new website can determine the last website webpage you were on. They don't know if it was a hotlink or not, they can just tell the last webpage.

However, the same thing is true if you copy a link and paste it in the navigation bar. The new web server will see whatever page you came 'from' as the 'referrer'.

Most of the time, people copy the link and paste it in the nav bar, and the end result is exactly the same.

If you don't want arfcom appearing as the 'referrer', you must copy the URL, navigate to a different page (yahoo, google, msn are all common ones), then paste in the destination URL so that the new server sees and logs yahoo/google/msn as the rerferrer.

For example, you're looking at a arfcom page right now, reading this. If you type www.yahoo.com in your navigation / address bar and then either click go / hit enter, yahoo will record arfcom as the referrer, even though you did not click a hotlink.

This also matters for any of you who surf porn, then flip back over to your company email, church website, etc. Whatever your last page was appears as the referrer, and believe you me, people look at that stuff, if only for amusement. Never go from page 'a' to page 'b' if you don't want page 'b' to know you came from 'a'. Always go to a neutral site first. By the way, yahoo, google, msn, etc all keep track of this stuff for marketing purposes, and who knows what they'll do with the data in the future.
Link Posted: 10/5/2004 8:03:20 PM EST
BoreSighted: What happens if you use 2 different browsers, say for instance Opera and IE? How does that work
Link Posted: 10/5/2004 8:05:21 PM EST
BoreSigthed, you are incorrect. I suggest you check your facts. Referrer records do not pass on the last site visited. They only pass along information of the site that referred them to the page via a link, hence the name.

Remember the Alamo, and God Bless Texas...
Link Posted: 10/5/2004 8:46:20 PM EST
Is there anyone who has access to these logs that can positively say one way or the other how the hot link work, maybe we can ask Goatboy he would know for sure since he probably deal with this stuff on a day-to-day basis.
Link Posted: 10/5/2004 9:05:24 PM EST
WTF IS UP WITH THIS "TEH SUCK" BULLSHIT?

-----

Tank Eww Kum Agayne
Link Posted: 10/5/2004 9:11:20 PM EST

Originally Posted By GodBlessTexas:
BoreSigthed, you are incorrect. I suggest you check your facts. Referrer records do not pass on the last site visited. They only pass along information of the site that referred them to the page via a link, hence the name.

Remember the Alamo, and God Bless Texas...



Better check again, I only contributed to some of the specifications for some of this stuff.

I did erroneously use 'website' in one place where I should have written webpage - I've fixed that.

I have and do run many websites using many different web server engines. No point in arguing with you, I can see it myself right now, and what I wrote is correct.

HTML Referrer is the referrer, which is last page, and it cannot determine whether link was in HTML, java, or typed in the address bar.
Link Posted: 10/5/2004 9:11:32 PM EST

Originally Posted By warlord:
Is there anyone who has access to these logs that can positively say one way or the other how the hot link work, maybe we can ask Goatboy he would know for sure since he probably deal with this stuff on a day-to-day basis.



From one of my server logs:

82.33.*.* - - [03/Oct/2004:11:58:05 -0400] "GET / HTTP/1.1" 200 3654 "/about.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

That is one line in the log. Notice the "/about.php". That is the referrer. "GET / HTTP/1.1" is the URL being requested.

And here's what it looks like if you just put it into the address bar:

68.171.*.* - - [03/Oct/2004:11:58:05 -0400] "GET / HTTP/1.1" 200 317 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3"

Notice how there is no URL in the referrer area. The look of the data will change based on which server DU is using.
Link Posted: 10/5/2004 9:19:07 PM EST
Not sure whether it is a result of the firefox browser you're using for the second test case(as opposed to IE in your first test case), or something else, but I get different results with the set of tests I just ran.

Load a page "X", then type a URL in, check log, the GET is there with the "X" page as referrer.

I do run my servers with excessive logging levels, full reverse DNS lookups, etc. which may be a differentiating factor.
Link Posted: 10/5/2004 9:24:41 PM EST
I've tried it again and again, in IE, firefox, mozilla, and so on. Every time, when I enter the URL from the address bar, it shows no referrer. I've done this from windows with AR15.com, Google, other sites of mine, and every time it doesn't show that last page as a referrer. But when I click on the link on the about.php page to return to the index page, it does.
Link Posted: 10/5/2004 9:38:42 PM EST
Don't know what to tell you, do you have Zone Alarm, Norton Internet Security, Norton Personal Firewall, or another firewall in place either on your PC or your router? Many firewalls intentionally (and thankfully) strip referrer data as part of their processing, but have difficulty doing so when dealing with script (the .php) where they do quite well with plain HTML URLs. They also tend not to strip it from SSL (https://) URLS due to realm authentication requirements.

The functionality of referrer goes back to the NCSA httpD 1.0 server specification.

It certainly doesn't work all the time.

204.*.*.* www.xyz.com - [06/Oct/2004:02:18:23 -0400] "GET / HTTP/1.1" 200 3484 "http://www.ar15.com/forums/manageReply.html?b=1&f=5&t=281328&page=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 90 ""

I promise that there is no link to my server on this page in arfcom. I typed in my domain name, and my server caught the arfcom page as the referrer. Of course, my workstation of the moment and this server are both inside my firewall so nothing is screening my server from reading my workstation's true GET requests.
Link Posted: 10/5/2004 9:41:50 PM EST
hehe, when I go over at DU I do it from a computer lab computer where someone else was left logged in.

I need to look into making a script to fake a referrer reference so that every time I go troll at DU it looks like the referring page was another DU page.
Link Posted: 10/5/2004 9:47:29 PM EST
I do have ZoneAlarm running, but not the pro version. And those aren't my records in the log, like below:

24.*.*.* - - [06/Oct/2004:02:45:21 -0400] "GET / HTTP/1.1" 200 3654 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007"
24.*.*.* - - [06/Oct/2004:02:45:38 -0400] "GET / HTTP/1.1" 200 3654 "http://www.google.com/search?hl=en&q=searchterm&btnG=Google+Search" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007

The first one happened in a browser tab that went to google.
Link Posted: 10/5/2004 10:01:14 PM EST
Link Posted: 10/6/2004 1:03:29 AM EST
Link Posted: 10/6/2004 5:46:01 AM EST
[Last Edit: 10/6/2004 6:01:26 AM EST by BoreSighted]

Originally Posted By Sin_Bin:
www.democraticunderground.com/discuss/duboard.php?az=view_all&address=104x2456962



Well, that's a hotlink, and I think everyone agrees that we don't want to do that, because if someone clicks on it it will certainly show arfcom as the referrer. Probably should edit the original, and btw I've edited the quote to be red but not actually be a hotlink.

Edited to add:
Okay, it was a hotlink, but a 'cute' false one - Sin_Bin, was the point of posting it simply to irritate people?
Link Posted: 10/6/2004 5:53:24 AM EST

Originally Posted By BoreSighted:

Originally Posted By Sin_Bin:
www.democraticunderground.com/discuss/duboard.php?az=view_all&address=104x2456962



Well, that's a hotlink, and I think everyone agrees that we don't want to do that, because if someone clicks on it it will certainly show arfcom as the referrer. Probably should edit the original, and btw I've edited the quote to be red but not actually be a hotlink.



Its a false link to AK47.net.
I right clicked and checked properties, I did not follow the link.
Link Posted: 10/6/2004 5:53:37 AM EST
So what? Does the average dipshit browser of DU have access to their web server logs?

Probably not.

So what do we have to worry about? The board admin trolling?

I think this worry is overblown.



Link Posted: 10/6/2004 6:06:38 AM EST
Link Posted: 10/6/2004 6:08:18 AM EST
[Last Edit: 10/6/2004 7:55:21 AM EST by Red_Beard]

Originally Posted By thebeekeeper1:

Originally Posted By Red_Beard:
So what? Does the average dipshit browser of DU have access to their web server logs?

Probably not.

So what do we have to worry about? The board admin trolling?

I think this worry is overblown.






How many times (in the past) have our guys had organized "troll fests" of other boards--DUh, Smothering.com, etc.? I have usually spoken out against them, knowing I would have to deal with the retaliation. You can "think this worry is overblown" all you want--just don't hotlink to DUh. Why would anyone want to deliberately cause problems for those who run this site? I just don't understand it. There are plenty of ways to have "fun"--even for the most juvenile-minded--that don't cause problems for this site. Please find them.



How many of "our guys" have access to this site's server logs? How many times have those who do have access organized troll fests?

Link Posted: 10/6/2004 6:10:45 AM EST
[Last Edit: 10/6/2004 6:11:01 AM EST by Red_Beard]
Also, if hotlinking really is a problem, and if what is said above is true (that the previous page shows up even on a non-hotlink "cut and paste" visit to DU) then even cold links might be need to go.
Link Posted: 10/6/2004 6:15:18 AM EST

Originally Posted By Red_Beard:
Also, if hotlinking really is a problem, and if what is said above is true (that the previous page shows up even on a non-hotlink "cut and paste" visit to DU) then even cold links might be need to go.



Cold links are fine and never indicate arfcom as a referrer as long as you open a new window viewing a neutral site before pasting the link. That combination covers all tracks unless you've got spyware running, and even then the spyware would have to be sending its data to du, an incredibly unlikely scenario.
Link Posted: 10/6/2004 6:15:43 AM EST

Originally Posted By 199:
It’s kinda like giving a prostitute your home phone number.




And what's wrong with that? Other than the sudden influx of whores calling you every night!
Link Posted: 10/6/2004 6:26:52 AM EST
[Last Edit: 10/6/2004 6:33:28 AM EST by Daggar]
Test of hot and cold links with results.

http://unpoliticallycorrect.net

hot link

And here is the output with the cold link used in the same ARFCOM window.

166.70.xx.xxx - - [06/Oct/2004:09:26:45 -0600] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10"
166.70.xx.xxx - - [06/Oct/2004:09:26:45 -0600] "GET /modules/news/ HTTP/1.1" 200 32833 "-" "Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10"

Notice absolutely no reference to ARFCOM.

Now look how it shows up with the hotlink.

166.70.xx.xxx - - [06/Oct/2004:09:27:00 -0600] "GET /modules/news/ HTTP/1.1" 200 32833 "http://www.ar15.com/forums/topic.html?b=1&f=5&t=281328&page=2" "Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10"
166.70.xx.xxx - - [06/Oct/2004:09:27:19 -0600] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10"

I highlighted the referer in red to make it more obvious. Hotlinks certainly will show the site the link originated from.

No referer showed in the first set of logs when I pasted the address into the address bar while browsing ARFCOM. It was not necessary to do it in a seperate window. Any cold link will not be able to trace your last site visited unless they share cookies.

Link Posted: 10/6/2004 6:49:52 AM EST
You haven't proven that pasting URLs always leaves no referrer, you've proven that in the cases you tested it didn't.

I've proven that pasting URLs can leave a referrer. Not always, but it can, depending on the server, the browser, etc.

Please don't declare it safe unless you can prove that it is 100% safe, which is a very difficult thing to do, as I know and have shown (above) otherwise.

I've been around much to long to get in to a forum showdown. You think it is safe. I know that it isn't always safe. We won't convince each other.

Odds are, I could tell you the page you viewed last whenever you visit any website I run. I feel no need to prove this to you. Surf away.
Link Posted: 10/6/2004 6:57:38 AM EST

Originally Posted By BoreSighted:
Odds are, I could tell you the page you viewed last whenever you visit any website I run. I feel no need to prove this to you. Surf away.



I'll take you up on that challenge.
Link Posted: 10/6/2004 6:59:12 AM EST
If you guys don't think that we're already on their hot list for organized trolling, then you're nuts.

They know we're here and that we consider them arch enemies.

Not hotlinking works until they discover you. Then it's 'game on'.
Link Posted: 10/6/2004 7:03:29 AM EST

Originally Posted By BenDover:
If you guys don't think that we're already on their hot list for organized trolling, then you're nuts.




Exactly ... and given that the only people who would know about a hotlink are those who have access to their servers logs, what are we worried about? A couple of guys?

I guess their board admins could notice a hotlink and then organize a "trolling party", but the odds are that the people who can see those logs already know about this site and that we occasionally talk about their nutty patrons.
Link Posted: 10/6/2004 7:31:12 AM EST
[Last Edit: 10/6/2004 7:39:23 AM EST by Daggar]

Originally Posted By jtb33:

Originally Posted By BoreSighted:
Odds are, I could tell you the page you viewed last whenever you visit any website I run. I feel no need to prove this to you. Surf away.



I'll take you up on that challenge.



+ 1

Sure nothing is %100 safe but I am willing to drive my kids around in the car and call it safe.

If you are not willing to back up such a statement then I suggest not making it in the first place. I'll take my chances that some highly unlikely buffer will not allow you or anyone else to know the site I visited before I visited yours.
Link Posted: 10/6/2004 7:53:05 AM EST
[Last Edit: 10/6/2004 7:54:51 AM EST by GodBlessTexas]

Originally Posted By BoreSighted:

Originally Posted By GodBlessTexas:
BoreSigthed, you are incorrect. I suggest you check your facts. Referrer records do not pass on the last site visited. They only pass along information of the site that referred them to the page via a link, hence the name.

Remember the Alamo, and God Bless Texas...



Better check again, I only contributed to some of the specifications for some of this stuff.

I did erroneously use 'website' in one place where I should have written webpage - I've fixed that.

I have and do run many websites using many different web server engines. No point in arguing with you, I can see it myself right now, and what I wrote is correct.

HTML Referrer is the referrer, which is last page, and it cannot determine whether link was in HTML, java, or typed in the address bar.



According to the standard, the referrer record is only supposed to be given to the server when a page is linked from another. It appears what you've just demonstrated is simply another area where IE is broken and doesn't follow standards. As AW-101 has showed, a standards compliant browser like Mozilla will not show the referrer record unless the destination was hotlinked. And again, the referrer record is specifically designed to show which URL linked to another. It is not designed to show last page visited.

While it is informative that IE will pass along this information regardless, and something I did not know previously, it doesn't change the fact that it's not compliant with the HTTP standard.

Remember the Alamo, and God Bless Texas...
Link Posted: 10/6/2004 8:24:57 AM EST
Link Posted: 10/6/2004 8:33:27 AM EST
Why is it people have to buck board policy every time it is raised?

Question AUTHORITY!! It's the AMERICAN WAY!!!

That's why the country was founded. Somebody questioned authority.

I copy and paste into a new browser window. So the last page displayed is my ISP's homepage.
Link Posted: 10/6/2004 9:08:21 AM EST

Originally Posted By HiramRanger:
My lord, sometimes I think many people here disagree just to be disagreeable or in retaliation for some perceived slight to themselves or their board buddies.




Or we disagree about it because the policy seems goofy when there is no real proof that trolls follow back hotlinks and invade the site. When was the last time you were notified by someone with access to the ar15.com server logs of a link from "www.stupidliberalforums.com" discussing the forums here and acted on that notification by trolling the offenders?

What makes you think the average dipshit from DU has access to server logs to tell when a hotlink is posted here?

Link Posted: 10/6/2004 9:12:57 AM EST
You know, it would be pretty easy in the string substitution code that is already in place to turn the URL board code tag into an HREF to do something like:

IF URL = http://www.du.com or http://du.com THEN RESPONSE REDIRECT = "some intermediary domain like Mcuzi.com"


Then on the Mcuzi.com incoming page, grab the URL string and forward on to the target URL, scrubbing the incoming server info out of the header string.

Then you could just add to the list of domains in the list that automatically get parsed through the mcuzi.com domain before forwarding.

Then you don't have to deal with the hot link issue....
Link Posted: 10/6/2004 10:13:12 AM EST
Link Posted: 10/6/2004 10:25:14 AM EST

Originally Posted By thebeekeeper1:You think "the policy seems goofy"--well isn't that just precious?


You have a real hard time discussing things without being condescending don't you?




Here's what I think--the polite request to not hotlink to DUh came straight from GoatBoy. I think that's good enough.



So do I. This is the first time I remember hearing that the no link to DU request came straight from him.



I am not knowledgeable enough about computers and the internet to be able to know/understand/explain exactly why it matters, what it does, what it hurts, or how it causes more problems for him. He says it causes problems, has asked us not to do it, and that's good enough for me. If it's not good enough for you, then tough shit. Clear enough?



I don't know how it causes problems either. Maybe someone more knowledgeable can explain it.


It's his board, his rules--period.
That's fair. I wasn't aware it was his rule, since it's not in the cc. I'd just assumed that people latched on to this "trolls follow the links back" idea was questioning whether or not that is really the case.


Please do not bother GB with this, as he has more important things to deal with. Petty crap like this almost never elicits a response from him.


Hadn't planned on it.
Link Posted: 10/6/2004 10:31:06 AM EST
Link Posted: 10/6/2004 10:31:16 AM EST

Originally Posted By thebeekeeper1:

Here's what I think--the polite request to not hotlink to DUh came straight from GoatBoy. I think that's good enough. I am not knowledgeable enough about computers and the internet to be able to know/understand/explain exactly why it matters, what it does, what it hurts, or how it causes more problems for him. He says it causes problems, has asked us not to do it, and that's good enough for me. If it's not good enough for you, then tough shit. Clear enough?



Preach it, Brother.....
Link Posted: 10/6/2004 10:34:42 AM EST
[Last Edit: 10/6/2004 10:35:29 AM EST by Red_Beard]

Originally Posted By HiramRanger:
Alright, serious question time... does anybody here believe that staff spends their day coming up with rules because of a lack of anything else to do? Of course the rules they enforce come from Goatboy, Ed Sr., Striker and other senior staff. If people are the under impression that mods and staff just run around inventing shit, they are mistaken. We are answerable to a chain of command and if we get out of line, we will be slapped down and corrected. To that end, take a request from a mod or staff as being in keeping with the desires of the Chairman of the Board. If we're out of line, that will become more than apparent... and by all means, hand us a little shit to make sure we remember we fucked up. Otherwise, why not give us the benefit of the doubt that we're just trying to make Goaty's wishes a reality?



I was under the impression that this was a rule invented by those enforcing it because they believe that posting links violates:


7.) Posting topics or discussions with the desire to do the site or community harm. More specifically creating topics meant to disrupt the site's day to day management, disrupt member's resources, or disrupt the ability for the site to function normally.




Link Posted: 10/6/2004 10:36:33 AM EST
Link Posted: 10/6/2004 10:37:20 AM EST
Arrow Left Previous Page
Page / 2
Top Top