<div><span style="color: rgb(160, 160, 168); ">On Friday, January 11, 2013 at 12:27 PM, jimbo wrote:</span></div>
<blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
<span><div>I check to see who is referring me and find a lot of UK sites doing this.</div><div>So I go to these sites and find no link to mine, even in source code. </div></span></blockquote><blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;"><span><div>So here I am asking this group. I know that some of the smartest minds are </div><div>within this group. My main questions are why are these sites doing this and </div><div>how are they doing it?</div></span></blockquote><div><span style="font-size: 12px;">The "Referrer" header is sent along with any requests that are made by clicking on a link from another site, but here's the thing, you can fake the referrer. I haven't checked it recently, but a few years ago I would see referrers listing porn sites quite frequently in my logs. The idea behind this was, I think, that some sites show a list of the sites that people most frequently come from, which is based on the data in the referrer logs. If a shady site can have a bot make enough connections to your server to get into the top-ten referrers list on some popular site, it might net them some good free traffic, or even improve their page rank.</span></div><div><span style="font-size: 12px;"><br></span></div><div><span style="font-size: 12px;">As an Example of how easy it is to spoof referrer headers, here's a command that will tell google that "example.com" is sending them traffic:</span></div><div><span style="font-size: 12px;">$ curl --referer http://example.com http://www.google.com</span></div><div> </div><div><div><div>-- </div><div>Daniel Nelson</div><div><br></div></div></div>