in reply to Re: Detecting redirect fraud?
in thread Detecting redirect fraud?

They are allowed to post the banner ads anywhere they want to. We could ask them to register all domains that they post the banner ads on, but it's easy to spoof the HTTP_REFERER.

Replies are listed 'Best First'.
Re^3: Detecting redirect fraud?
by ikegami (Patriarch) on Sep 06, 2007 at 15:40 UTC
    That last bit isn't true. It's easy to spoof HTTP_REFERER *if you're the client*. It's not easy for the fake web site to convince the client to do a request with a spoofed HTTP_REFERER.
[reply]
Re^3: Detecting redirect fraud?
by moritz (Cardinal) on Sep 06, 2007 at 15:41 UTC
    Any http request is easy to spoof, but if somebody sets up a useragent with a spoofed referer, that UA will not lead to a sale (and if it does, you are happy anyway).

    But it's harder to set up a server that responds to a standard client in such a way that it will send a wrong referer (at least I know no way).

    You can still log the referer and the corresponding partner ID from the cookie, and ask the partner to stop that practice, after all it's in your Terms of Service.

    Update: another idea: just send a request to the refering URL to see if it answers by a redirect. (Assuming that you don't allow images that lead to a redirecting CGI script)

    Perl 6 in German

[reply]

In Section Seekers of Perl Wisdom