file_get_contents problem....

[Net123]

hello i am having problem from fopen... file_get_contents............ i wanna stop site's using my page .....b'coz i a wanna run toplist site...so when a site try to cheat me how can i protect my site ???how can i protect my site from fake clicks ????? the file_get_contents was running as real click how can i filter these kinds of clicks....is there anyway .....? advanced thanks for ur help.....

[justsomeguy]

I'm not sure what this has to do with file_get_contents. What is a "fake click"? What exactly are you trying to protect your site from?

[jeffman]

Do you maybe need a login system?

[Net123]

OK, let me explain u. Let, www.wapwap.com is my site & www.mobmob.com is a toplist site. In mobmob.com, i can add my wapwap.com for listing in their site. So i will get a unique code from mobmob.com (like : "http://mobmob.com/?id=100"). I place that link in my site, so that visitor from my site can go to mobmob.com & mobmob.com can count how many clicks they got from my site.... But, If I use these two things like {{ <img src="http://mobmob.com/?id=100" /> or file_get_contents() }} , then they will not get any real visitors but they(mobmob.com) will count clicks when any user visits my site(wapwap.com). So, those clicks are fake. So, how can I protect this cheating on mobmob.com ?? Any Ideas ? Thanks.

[justsomeguy]

If that's all your counting, then there's not a good way to protect against that. There's no real difference between a request for an img src and a click on a link, the headers will be the same. Sending a request from PHP with file_get_contents, fopen, cURL, etc will at least all come from the IP address of the server, not the user. It would be easy enough to notice many requests from the same IP if you're keeping track of that. The headers that the server sends will also be different than you would see from a browser, unless they take steps to forge the headers. Maybe instead of just counting a single page view, make that page send another request. You can use an iframe or an img tag on your page to send another request to another page on your server which will actually count the click. You can set values in the session to make sure that they pulled up both pages. That way, just fetching the main page would not count, it would require the browser to load that page and send a request for the other page which would actually cause the view to be counted. You could also use ajax, but it would exclude people who aren't running Javascript.

[Net123]

yeah i got it but i cannot understand how to escape from iframe request ...?

[birbal]

what do you mean by "escape from iframe request" ?

[Net123]

mean when a site try for open my site in an iframe how can i stop that ??

[birbal]

when any site try to open your site it will get the html structure of the site. it will get the iframe literaly (html code), it wont get the iframe source automatically like browsers do , thus it wont make request the increase counter. But as already being said there is no full proof way to stop it. anyone can study your site structure and figure it out which iframe or img tag is making request and then can parse the source and make request to the source. As already being suggested it will be best way to keep track of IPs to figure out the unique users.

[Net123]

then can u tell me why this counter was getting increased ???it's real page : http://hugetop.ptop.info/givingindex.phpit's iframe page :http://ptop.info/test.php

[birbal]

Sorry, I misinterpreted your question. http://stackoverflow.com/questions/958997/frame-buster-buster-buster-code-needed here some discussion regarding preventing this. Still it is not full proof.

[Net123]

oh but some of the ad company filtering these kinds of acts...do you know what could be the answer atleast of 50 % .........filtering

[justsomeguy]

One thing to do would be to make sure your pages send an X-Frame-Options header to tell browsers to not show it in a frame: http://stackoverflow.com/questions/3838600/how-useful-is-the-x-frame-options-header-in-protecting-against-malicious-framing

[Net123]

this option was not supporting for old browsers i am doing this for mobile users almost....but most of the mobile browsers doesn't have this facility......

[Net123]

Help me plz i need this..........

[justsomeguy]

Implement everything you can. There's not 1 solution that is 100% perfect. Use the header, implement what I was talking about in post 5, do what Birbal was suggesting, etc. And do a Google search for clickjacking if you want more ideas.