User Panel
Posted: 10/5/2004 7:40:22 PM EDT
I haven't really gotten a good answer about that.
Oh, and before someone says it, I have *accidentally* hotlinked before. However, I hotlinked before I voted against hotlinking to DUh, so that makes it ok. |
|
They could if they wanted to follow the hotlink back to here.
It's just an anti counter spying thing. |
|
When one clicks the hotlink DUh's log show ar15 and thread as the referrer.
|
|
Ok, this is bad why? Besides the sudden influx of trolls, I mean. |
|
|
That is enough of a reason for those of us who have to deal with them. |
||
|
Yup. 's teh suck |
||
|
|
|
|
A little thing that shows up in their website logs called "referrer records." Basically, you hotlink here, someone follows the link, and it shows up as being referred by http://www.ar15.com with the actual URL of the link that pointed to them. You cut and paste the text into your web browser, and it doesn't have a referrer record. Remember the Alamo, and God Bless Texas... |
|
|
And they could autoban everyone who has the ar15.com referrer.
|
|
Actually, there is a very common mistake that isn't being clarified.
If you click on a link, the new website can determine the last However, the same thing is true if you copy a link and paste it in the navigation bar. The new web server will see whatever page you came 'from' as the 'referrer'. Most of the time, people copy the link and paste it in the nav bar, and the end result is exactly the same. If you don't want arfcom appearing as the 'referrer', you must copy the URL, navigate to a different page (yahoo, google, msn are all common ones), then paste in the destination URL so that the new server sees and logs yahoo/google/msn as the rerferrer. For example, you're looking at a arfcom page right now, reading this. If you type www.yahoo.com in your navigation / address bar and then either click go / hit enter, yahoo will record arfcom as the referrer, even though you did not click a hotlink. This also matters for any of you who surf porn, then flip back over to your company email, church website, etc. Whatever your last page was appears as the referrer, and believe you me, people look at that stuff, if only for amusement. Never go from page 'a' to page 'b' if you don't want page 'b' to know you came from 'a'. Always go to a neutral site first. By the way, yahoo, google, msn, etc all keep track of this stuff for marketing purposes, and who knows what they'll do with the data in the future. |
|
BoreSighted: What happens if you use 2 different browsers, say for instance Opera and IE? How does that work
|
|
BoreSigthed, you are incorrect. I suggest you check your facts. Referrer records do not pass on the last site visited. They only pass along information of the site that referred them to the page via a link, hence the name.
Remember the Alamo, and God Bless Texas... |
|
Is there anyone who has access to these logs that can positively say one way or the other how the hot link work, maybe we can ask Goatboy he would know for sure since he probably deal with this stuff on a day-to-day basis.
|
|
WTF IS UP WITH THIS "TEH SUCK" BULLSHIT?
----- Tank Eww Kum Agayne |
|
Better check again, I only contributed to some of the specifications for some of this stuff. I did erroneously use 'website' in one place where I should have written webpage - I've fixed that. I have and do run many websites using many different web server engines. No point in arguing with you, I can see it myself right now, and what I wrote is correct. HTML Referrer is the referrer, which is last page, and it cannot determine whether link was in HTML, java, or typed in the address bar. |
|
|
From one of my server logs: 82.33.*.* - - [03/Oct/2004:11:58:05 -0400] "GET / HTTP/1.1" 200 3654 "/about.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" That is one line in the log. Notice the "/about.php". That is the referrer. "GET / HTTP/1.1" is the URL being requested. And here's what it looks like if you just put it into the address bar: 68.171.*.* - - [03/Oct/2004:11:58:05 -0400] "GET / HTTP/1.1" 200 317 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3" Notice how there is no URL in the referrer area. The look of the data will change based on which server DU is using. |
|
|
Not sure whether it is a result of the firefox browser you're using for the second test case(as opposed to IE in your first test case), or something else, but I get different results with the set of tests I just ran.
Load a page "X", then type a URL in, check log, the GET is there with the "X" page as referrer. I do run my servers with excessive logging levels, full reverse DNS lookups, etc. which may be a differentiating factor. |
|
I've tried it again and again, in IE, firefox, mozilla, and so on. Every time, when I enter the URL from the address bar, it shows no referrer. I've done this from windows with AR15.com, Google, other sites of mine, and every time it doesn't show that last page as a referrer. But when I click on the link on the about.php page to return to the index page, it does.
|
|
Don't know what to tell you, do you have Zone Alarm, Norton Internet Security, Norton Personal Firewall, or another firewall in place either on your PC or your router? Many firewalls intentionally (and thankfully) strip referrer data as part of their processing, but have difficulty doing so when dealing with script (the .php) where they do quite well with plain HTML URLs. They also tend not to strip it from SSL (https://) URLS due to realm authentication requirements.
The functionality of referrer goes back to the NCSA httpD 1.0 server specification. It certainly doesn't work all the time. 204.*.*.* www.xyz.com - [06/Oct/2004:02:18:23 -0400] "GET / HTTP/1.1" 200 3484 "http://www.ar15.com/forums/manageReply.html?b=1&f=5&t=281328&page=1" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 90 "" I promise that there is no link to my server on this page in arfcom. I typed in my domain name, and my server caught the arfcom page as the referrer. Of course, my workstation of the moment and this server are both inside my firewall so nothing is screening my server from reading my workstation's true GET requests. |
|
hehe, when I go over at DU I do it from a computer lab computer where someone else was left logged in.
I need to look into making a script to fake a referrer reference so that every time I go troll at DU it looks like the referring page was another DU page. |
|
I do have ZoneAlarm running, but not the pro version. And those aren't my records in the log, like below:
24.*.*.* - - [06/Oct/2004:02:45:21 -0400] "GET / HTTP/1.1" 200 3654 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007" 24.*.*.* - - [06/Oct/2004:02:45:38 -0400] "GET / HTTP/1.1" 200 3654 "http://www.google.com/search?hl=en&q=searchterm&btnG=Google+Search" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 The first one happened in a browser tab that went to google. |
|
It does not always, but it can. I had it happen to me last month. AR15.com showed up as a referrer on a site that was never linked from here. The only way that could have happened is if I had surfed to the other site from AR15.com and it grabbed my last visited page as the referrer. |
|
|
|
Well, that's a hotlink, and I think everyone agrees that we don't want to do that, because if someone clicks on it it will certainly show arfcom as the referrer. Probably should edit the original, and btw I've edited the quote to be red but not actually be a hotlink. Edited to add: Okay, it was a hotlink, but a 'cute' false one - Sin_Bin, was the point of posting it simply to irritate people? |
|
|
Its a false link to AK47.net. I right clicked and checked properties, I did not follow the link. |
||
|
So what? Does the average dipshit browser of DU have access to their web server logs?
Probably not. So what do we have to worry about? The board admin trolling? I think this worry is overblown. |
|
How many times (in the past) have our guys had organized "troll fests" of other boards--DUh, Smothering.com, etc.? I have usually spoken out against them, knowing I would have to deal with the retaliation. You can "think this worry is overblown" all you want--just don't hotlink to DUh. Why would anyone want to deliberately cause problems for those who run this site? I just don't understand it. There are plenty of ways to have "fun"--even for the most juvenile-minded--that don't cause problems for this site. Please find them. |
|
|
How many of "our guys" have access to this site's server logs? How many times have those who do have access organized troll fests? |
||
|
Also, if hotlinking really is a problem, and if what is said above is true (that the previous page shows up even on a non-hotlink "cut and paste" visit to DU) then even cold links might be need to go.
|
|
Cold links are fine and never indicate arfcom as a referrer as long as you open a new window viewing a neutral site before pasting the link. That combination covers all tracks unless you've got spyware running, and even then the spyware would have to be sending its data to du, an incredibly unlikely scenario. |
|
|
And what's wrong with that? Other than the sudden influx of whores calling you every night! |
|
|
Test of hot and cold links with results.
http://unpoliticallycorrect.net hot link And here is the output with the cold link used in the same ARFCOM window. 166.70.xx.xxx - - [06/Oct/2004:09:26:45 -0600] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10" 166.70.xx.xxx - - [06/Oct/2004:09:26:45 -0600] "GET /modules/news/ HTTP/1.1" 200 32833 "-" "Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10" Notice absolutely no reference to ARFCOM. Now look how it shows up with the hotlink. 166.70.xx.xxx - - [06/Oct/2004:09:27:00 -0600] "GET /modules/news/ HTTP/1.1" 200 32833 "http://www.ar15.com/forums/topic.html?b=1&f=5&t=281328&page=2" "Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10" 166.70.xx.xxx - - [06/Oct/2004:09:27:19 -0600] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10" I highlighted the referer in red to make it more obvious. Hotlinks certainly will show the site the link originated from. No referer showed in the first set of logs when I pasted the address into the address bar while browsing ARFCOM. It was not necessary to do it in a seperate window. Any cold link will not be able to trace your last site visited unless they share cookies. |
|
You haven't proven that pasting URLs always leaves no referrer, you've proven that in the cases you tested it didn't.
I've proven that pasting URLs can leave a referrer. Not always, but it can, depending on the server, the browser, etc. Please don't declare it safe unless you can prove that it is 100% safe, which is a very difficult thing to do, as I know and have shown (above) otherwise. I've been around much to long to get in to a forum showdown. You think it is safe. I know that it isn't always safe. We won't convince each other. Odds are, I could tell you the page you viewed last whenever you visit any website I run. I feel no need to prove this to you. Surf away. |
|
I'll take you up on that challenge. |
|
|
If you guys don't think that we're already on their hot list for organized trolling, then you're nuts.
They know we're here and that we consider them arch enemies. Not hotlinking works until they discover you. Then it's 'game on'. |
|
Exactly ... and given that the only people who would know about a hotlink are those who have access to their servers logs, what are we worried about? A couple of guys? I guess their board admins could notice a hotlink and then organize a "trolling party", but the odds are that the people who can see those logs already know about this site and that we occasionally talk about their nutty patrons. |
|
|
+ 1 Sure nothing is %100 safe but I am willing to drive my kids around in the car and call it safe. If you are not willing to back up such a statement then I suggest not making it in the first place. I'll take my chances that some highly unlikely buffer will not allow you or anyone else to know the site I visited before I visited yours. |
||
|
According to the standard, the referrer record is only supposed to be given to the server when a page is linked from another. It appears what you've just demonstrated is simply another area where IE is broken and doesn't follow standards. As AW-101 has showed, a standards compliant browser like Mozilla will not show the referrer record unless the destination was hotlinked. And again, the referrer record is specifically designed to show which URL linked to another. It is not designed to show last page visited. While it is informative that IE will pass along this information regardless, and something I did not know previously, it doesn't change the fact that it's not compliant with the HTTP standard. Remember the Alamo, and God Bless Texas... |
||
|
Look guys, bottom line, staff and mods have asked you not to do it... so don't. Why is it people have to buck board policy every time it is raised? Please, stop making life more difficult for the people who keep things up and running around here. My lord, sometimes I think many people here disagree just to be disagreeable or in retaliation for some perceived slight to themselves or their board buddies.
Once again, out of respect for the mods and the staff who have to deal with this, please do not link to DU... and as an extra precaution, please open a neutral page first. Not that difficult folks. |
|
Why is it people have to buck board policy every time it is raised?
Question AUTHORITY!! It's the AMERICAN WAY!!! That's why the country was founded. Somebody questioned authority. I copy and paste into a new browser window. So the last page displayed is my ISP's homepage. |
|
Or we disagree about it because the policy seems goofy when there is no real proof that trolls follow back hotlinks and invade the site. When was the last time you were notified by someone with access to the ar15.com server logs of a link from "www.stupidliberalforums.com" discussing the forums here and acted on that notification by trolling the offenders? What makes you think the average dipshit from DU has access to server logs to tell when a hotlink is posted here? |
|
|
You know, it would be pretty easy in the string substitution code that is already in place to turn the URL board code tag into an HREF to do something like:
IF URL = http://www.du.com or http://du.com THEN RESPONSE REDIRECT = "some intermediary domain like Mcuzi.com" Then on the Mcuzi.com incoming page, grab the URL string and forward on to the target URL, scrubbing the incoming server info out of the header string. Then you could just add to the list of domains in the list that automatically get parsed through the mcuzi.com domain before forwarding. Then you don't have to deal with the hot link issue.... |
|
You think "the policy seems goofy"--well isn't that just precious? Here's what I think--the polite request to not hotlink to DUh came straight from GoatBoy. I think that's good enough. I am not knowledgeable enough about computers and the internet to be able to know/understand/explain exactly why it matters, what it does, what it hurts, or how it causes more problems for him. He says it causes problems, has asked us not to do it, and that's good enough for me. If it's not good enough for you, then tough shit. Clear enough? You can keep whining about this into next week, but hot links to DUh are not going to be allowed until GB says it's okay. It's his board, his rules--period. If done accidently, the membership knows it's not allowed and quickly corrects the offender, and edits are made. If this is done deliberately by those who know better, it will be dealt with. Again--clear enough? If not, please contact me privately. Please do not bother GB with this, as he has more important things to deal with. Petty crap like this almost never elicits a response from him. |
||
|
You have a real hard time discussing things without being condescending don't you?
So do I. This is the first time I remember hearing that the no link to DU request came straight from him.
I don't know how it causes problems either. Maybe someone more knowledgeable can explain it.
Hadn't planned on it. |
|||||
|
Alright, serious question time... does anybody here believe that staff spends their day coming up with rules because of a lack of anything else to do? Of course the rules they enforce come from Goatboy, Ed Sr., Striker and other senior staff. If people are the under impression that mods and staff just run around inventing shit, they are mistaken. We are answerable to a chain of command and if we get out of line, we will be slapped down and corrected. To that end, take a request from a mod or staff as being in keeping with the desires of the Chairman of the Board. If we're out of line, that will become more than apparent... and by all means, hand us a little shit to make sure we remember we fucked up. Otherwise, why not give us the benefit of the doubt that we're just trying to make Goaty's wishes a reality?
|
|
Preach it, Brother..... |
|
|
I was under the impression that this was a rule invented by those enforcing it because they believe that posting links violates:
|
||
|
Not at all, but there is a huge difference between "discussing" and attempting to answer a seemingly unending series of remonstrances. Does anyone really NEED to hotlink to DUh? Is it really worth arguing for hours over? Why not a simple "okay, I won't do it"? It gets very old having to summon up the skills of a master attorney to argue over petty crap that means NOTHING. It's like playing a pinball game--whatever we say isn't accepted and is bounced in a different direction by nitpicking our words. If everyone would merely remember we are guests here, and conduct ourselves accordingly, it would make for fewer "discussions" of this type. <sigh> |
||
|
Well I'm speaking for me here specifically... but in general terms likely for many fellow mods and I'm sure staff as well. We have much better things to do with our time than invent rules. I do what staff asks of me, who in turn do what Goaty asks of them.
|
|
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.