1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

is it possible to fake the referring site w/o owning the referring site?

Discussion in 'Black Hat SEO' started by imperial109, Feb 25, 2010.

  1. imperial109

    imperial109 Regular Member

    Joined:
    Jan 19, 2009
    Messages:
    499
    Likes Received:
    361
    For example, we have site A, B, C, & D

    I own site A, the target site
    I own site B, which is where the referring script will be placed
    Site C is the clean site that I do not own where the traffic goes through
    Site D is the dirty site, which I also do not own

    Is it possible to make it so that the referring site is someone elses site?
    So visitor #62265 clicks a link on site D, is taken to site B, then goes through site C to get to site A.
    D => B => C => A


    Just like a regular referring script, but you do not own the referring site.

    The example on this thread is great, but you have to own the site:
    http://www.blackhatworld.com/blackh...-generators/130624-faking-refer-rotation.html

    P.S. All I know is basic PHP/HTML
     
  2. imperial109

    imperial109 Regular Member

    Joined:
    Jan 19, 2009
    Messages:
    499
    Likes Received:
    361
    bump

    Anyone?
    I know there is software to fake a referrer, but can it be done with a script?
    If not like I described above, then just a way to rewrite the referrer the way you want?
     
  3. yeahright

    yeahright Registered Member

    Joined:
    Jan 17, 2009
    Messages:
    93
    Likes Received:
    32
    The only possible way to spoof the referer through a web script is with php and curl.

    Check out http://www.electrictoolbox.com/php-curl-http-referer/ for the details.

    However there are limitations.

    All requests will be sent through the server's ip address which means if you're planning on doing this with cpa/affiliate offers and the network/merchant tracks ip addresses your stats will look mighty suspicious.

    Another issue is with file paths. If the target website does not use full file paths in their source code (e.g. images/bg.gif instead of http://www.site.com/images/bg.gif) then the site's presentation will not be correct.
     
    • Thanks Thanks x 1
  4. SirCaptain

    SirCaptain Newbie

    Joined:
    Jan 31, 2010
    Messages:
    32
    Likes Received:
    9
    Home Page:
    Yes, this is easily done (as yearight mentions above) with either PHP or Ruby, you can manipulate the headers for a request (you could even use a one line command for cURL or wget to do this).

    To echo the comment above, there is unfortunately very little you can do about IP masking without using proxies.
     
  5. imperial109

    imperial109 Regular Member

    Joined:
    Jan 19, 2009
    Messages:
    499
    Likes Received:
    361
    Thanks yearight that is exactly what I am looking for.

    One more question though. I'm not sure how this works, so does this happen on the client's side or just on the website.

    ...like, if there was another script that tracked the visitors (3rd party app), would the app also record the altered referring site, or would it just be the website itself that tracks it? I hope that makes sense.
     
  6. viracide

    viracide Registered Member

    Joined:
    Oct 12, 2008
    Messages:
    66
    Likes Received:
    14
    Using CURL to spoof referral is only server sided. You can't edit the visitor's referral unless you can edit their browser to spoof referral.
     
    • Thanks Thanks x 1
  7. imperial109

    imperial109 Regular Member

    Joined:
    Jan 19, 2009
    Messages:
    499
    Likes Received:
    361
    So does that mean it will work with awstats in cpanel?
     
  8. viracide

    viracide Registered Member

    Joined:
    Oct 12, 2008
    Messages:
    66
    Likes Received:
    14
    If you own a server with CURL and spoof it onto another website with AWStats then yes, it will show the referral that you spoofed.
     
  9. imperial109

    imperial109 Regular Member

    Joined:
    Jan 19, 2009
    Messages:
    499
    Likes Received:
    361
    Hmmm
    This is strange. I've used http://www.electrictoolbox.com/php-curl-http-referer/
    and it's doing weird things.

    Whenever I add it to my site, it takes forever to load and sometimes it just does not load at all. However, the site loads fine without it, and the script above loads fine by itself.
    I'm completely baffled here....does anyone have a clue as to what's going on here?
     
  10. viracide

    viracide Registered Member

    Joined:
    Oct 12, 2008
    Messages:
    66
    Likes Received:
    14
    Code:
    <?php
    set_time_limit(0);
        $ch = curl_init();
        // set URL
        curl_setopt($ch, CURLOPT_URL, "url here");
        // set referer
        curl_setopt($ch, CURLOPT_REFERER, "http://www.google.com/");
        // returns data
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        // download the given URL, and return output
        $output = curl_exec($ch);
        // close the curl
        curl_close($ch);
        // print output
        echo $output;
    ?>
    
    Sorry for messy coding
     
  11. imperial109

    imperial109 Regular Member

    Joined:
    Jan 19, 2009
    Messages:
    499
    Likes Received:
    361
    Did you mean to leave out the $url string, or is that a global function?
     
  12. viracide

    viracide Registered Member

    Joined:
    Oct 12, 2008
    Messages:
    66
    Likes Received:
    14
    I edited it out, just replace it with your website and change google.com to your referral.
     
  13. xenoxen

    xenoxen Jr. VIP Jr. VIP

    Joined:
    Jul 22, 2009
    Messages:
    808
    Likes Received:
    188
    Occupation:
    online.
    Location:
    Europe
    Home Page:
    will this still work even If I will have google.com as a referrer ? Will CPA see that I have traffic from "google.com" ?

    thanks
     
  14. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    Don't do this type of referrer spoofing if it has anything to do with your CPA offers, Adsense or anything like that. As is mentioned above, PHP is server-side, the visitor's IP address in the target's log file will always be that your server's IP unless the CURLOPT_PROXY options are set. Anyone with half a brain will realize this right away and you could end up in trouble.

    The practical applications for this sort of thing are limited to stuff like referrer "marketing". Definitely not for faking the ref with cpa offers.