473,385 Members | 1,856 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > hacked referrer

Join Bytes to post your question to a community of 473,385 software developers and data experts.

hacked referrer

Obviously I am witnessing some kind of hacking in an attempt to exploit
some security flaw in phpbb because I am seeing the activity being
logged in my 404 handler script. What puzzles me is that the referrer
value comes from a fictitious subdomain 'forum' and with this accounts'
DNS registration includes all subdomains so if the page really existed
forum.example.com/real.html would be automatically redirected to
www.example.com/real.html. Somehow they are hacking the referrer value.

Interesting other point is the same sequence of request|referrer pairs
get logged on each episode:

http://forum.example.com/forum/index.php
http://forum.example.com/phpbb/index.php
http://forum.example.com/phpbb2/index.php
http://forum.example.com/forums/index.php
http://forum.example.com/board/index.php

The UA and the originating IP same for series of 5 attempt URLs so it
might be some hacking script but is is different for each set of
attempts. Originating IP been from various places in North America but
all seem to be from hopone.net

I don't have phpbb, nor indexes on and the 404 script is trapping them
but just wondering how they are spoofing the referrer?

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
Feb 14 '07 #1
2 5352
Rik
Jonathan N. Little wrote:
Somehow they are hacking the referrer value.

Interesting other point is the same sequence of request|referrer pairs
get logged on each episode:

http://forum.example.com/forum/index.php
http://forum.example.com/phpbb/index.php
http://forum.example.com/phpbb2/index.php
http://forum.example.com/forums/index.php
http://forum.example.com/board/index.php

The UA and the originating IP same for series of 5 attempt URLs so it
might be some hacking script but is is different for each set of
attempts. Originating IP been from various places in North America but
all seem to be from hopone.net

I don't have phpbb, nor indexes on and the 404 script is trapping them
but just wondering how they are spoofing the referrer?
The referer is just a header the browser may or may not send. Spoofing is
very, very easy. With some hacking in the browser I could make it send
'http://yoursitesucks.com' by default, regardless of the actual referer.
It even get's used for spamming:
<http://en.wikipedia.org/wiki/Referer_spam>

Simple example using PHP:
<?php
$link = fsockopen('http://example.com',80);
fwrite($link,"GET / HTTP/1.1\r\nReferer: http://forum.example.com");
?>

This is the main reason why anyone with basic knowledge will tell you
never to trust a referer header for any security whatsoever.
--
Rik Wasmus
Feb 14 '07 #2
Rik wrote:
<snip>
Simple example using PHP:
<?php
$link = fsockopen('http://example.com',80);
fwrite($link,"GET / HTTP/1.1\r\nReferer: http://forum.example.com");
?>

This is the main reason why anyone with basic knowledge will tell you
never to trust a referer header for any security whatsoever.
Thank for the info, yes I do not trust a referrer for any security,
can't ever use it reliably for mundane purposes as many personal
firewall block it. I was familiar with setting some of the header info
with the header() function but haven't had any experience with sockets .
--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
Feb 14 '07 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
Referrer Logs - Strange Entries
by: Ryann | last post by:
Hello. I had a strange entry in my referrer logs. The http-referrer reported that the user came from another site. But the file it claimed to come from a pdf file. I followed the link back and...
HTML / CSS
1
when document.referrer give blockedReferrer?
by: kuok benny | last post by:
Hi, I am trying to use the document.referrer to get the referrer of my home page. Occationally, I get the value of 'blockedReferrer'. Actually how this happen, how the client blocked the...
Javascript
1
Why does referrer disappear on drop down?
by: brett | last post by:
When I use this code: <select name="status" onChange = "location.href=this.options.value"> <option value="mypage.htm">Select View</option> </select> I don't have a referrer. When I click an...
Javascript
2
simple regular expression problem with document.referrer
by: Goober | last post by:
I have to determine the document.referrer of the individual coming to my site. I want to send everyone not coming from one of those sites to an alternate location (The names below are just used as...
Javascript
11
Access / ASP hacked insert
by: Gord D via AccessMonster.com | last post by:
I have a small ASP website with an Access2000 database. Seems someone has found it and INSERTS records into a table by typing the URL and not via web page/form. I know this as I have some...
Microsoft Access / VBA
1
http_referer different than document.referrer - why?
by: Mike Dee | last post by:
Hi All - I'm having a strange problem I'm wondering if anyone can shed some light on. When I use ASP or ASP.NET code to get the referrer information from the server side, it comes back as null. ...
ASP.NET
2
Parse the referrer
by: Fernando Rodríguez | last post by:
Hi, Is there a way to turn the document.referrer string into a Location like object, so I can extrac the domain and other parts of it? Thansk
Javascript
5
document referrer
by: Nospam | last post by:
does anyone know if there is anything wrong with this code? <SCRIPT LANGUAGE="JavaScript">document.referrer.indexOf("http://www.example.com") != -1){ ...
Javascript
1
using referrer
by: Nospam | last post by:
I have a site http://www.example.com, and I want to link to an article on another site http://www.example2.com, how would I use the site http://www.example.com , as a referrer to the article on the...
Javascript
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!