PreviousNext…

What is it about Domino people?

First, we Domino 'bloggers just had Wolfgang to contend with. Now Robert is keen to demonstrate his prowess at hacking referrer logs. He's sent me several messages today, in a similar style to those sent to Volker.

Chaps, it's very clever. But we all get hacked every day all day (and some of the perpetrators at this site would surprise you), so let's just move on eh? ;-)

Comments

  1. hi Ben,

    Now Robert is keen to demonstrate his prowess at hacking referrer logs. He's sent me several messages today, in a similar style to those sent to Volker.

    "I send you several messages"…hm…maybe you mean that i tried to post a comment and it didnt work like with JoeLittons and two other sites? Or did i send you an email? Nay, i dont think so. JoeLitton got one because of this comment problem (Lynch has catched the bug meanwhile). So…what are you meaning im asking myself. Rofl..me…to hack what..good one :-)Robert Basic#

  2. Ben, actually this time it was me. See, I'm still investigating on that matter to improve Declan's procedures, publish the code and since you recently showed a good sense of humour…

    It's just that I need a broad scope of how programmers implement referrer lists to verify possible exploits.

    I even wanted to identify myself 'by message' but then I decided not to push it too far - thought you'd find out easily by IP - that's why I didn't use anonymizer services.

    Sorry to be a pain in the a$$ sometimes :-) But after all it pays off for everyone in the community.

    WolfgangWolfgang Flamme#

  3. OK, I'll let you off Wolfgang, heh heh. And I will pay attention to IP addresses! Robert, my apologies: someone's been taking your site's name in vain… :-)Ben Poole#
  4. I used Robert's site as a referrer because I did't want it to look like I'm just going for increased traffic to my site. Btw: When we check for valid referrers, we should use anonymizers or else the spamming site knows what to present … Or maybe a web service among (Domino-)blogs like "Wait a moment, I'll check that site for you…"? WolfgangWolfgang Flamme#
  5. A web service seems like an interesting way to go. I played with some Java in my v3 design which ran as a scheduled agent checking referrers every few hours. The check was pretty simple: read in the referring page, and check for my URL. Two issues with this approach:
    1. It still doesn't guarantee that the referrer is genuine, nor that it's "desirable".
    2. This approach assumes you can run such agents on a schedule — I believe network operations in Java need signing by an unrestricted ID, and I can't see the mainstream Domino ISPs allowing that?

    I could be wrong though!Ben Poole#

  6. The referrer checker in Blogsphere that was written by Niel Revelle is in Java and it is a unrestricted agent.

    If the template is being used on a domino isp that won't allow the agent then there is a bypass in the config that will basically tell the incoming referrers to display without having to be checked.

    Any improvments to this system would always be appreciated.Declan Lynch#

Comments on this post are now closed.

About

I’m a software architect / developer / general IT wrangler specialising in web, mobile web and middleware using things like node.js, Java, C#, PHP, HTML5 and more.

Best described as a simpleton, but kindly. You can read more here.

";