Re: Detecting redirect fraud?

If somebody types in an URL and the server responds with a redirect, the client usually sets the referer, available via $ENV{HTTP_REFER}.

You could ask your partners to tell you their domains, and don't count hits where the referer is available but doesn't match one of your partner's registered domains.

Perl 6 in German

Comment on Re: Detecting redirect fraud? Download Code

Replies are listed 'Best First'.
Re^2: Detecting redirect fraud? by Anonymous Monk on Sep 06, 2007 at 15:31 UTC
They are allowed to post the banner ads anywhere they want to. We could ask them to register all domains that they post the banner ads on, but it's easy to spoof the HTTP_REFERER.	[reply]
Re^3: Detecting redirect fraud? by ikegami (Patriarch) on Sep 06, 2007 at 15:40 UTC
That last bit isn't true. It's easy to spoof HTTP_REFERER if you're the client. It's not easy for the fake web site to convince the client to do a request with a spoofed HTTP_REFERER.	[reply]
Re^3: Detecting redirect fraud? by moritz (Cardinal) on Sep 06, 2007 at 15:41 UTC
Any http request is easy to spoof, but if somebody sets up a useragent with a spoofed referer, that UA will not lead to a sale (and if it does, you are happy anyway). But it's harder to set up a server that responds to a standard client in such a way that it will send a wrong referer (at least I know no way). You can still log the referer and the corresponding partner ID from the cookie, and ask the partner to stop that practice, after all it's in your Terms of Service. Update: another idea: just send a request to the refering URL to see if it answers by a redirect. (Assuming that you don't allow images that lead to a redirecting CGI script) Perl 6 in German	[reply]