Net123 Posted February 28, 2013 Share Posted February 28, 2013 hello i am having problem from fopen... file_get_contents............ i wanna stop site's using my page .....b'coz i a wanna run toplist site...so when a site try to cheat me how can i protect my site ???how can i protect my site from fake clicks ????? the file_get_contents was running as real click how can i filter these kinds of clicks....is there anyway .....? advanced thanks for ur help..... Link to comment Share on other sites More sharing options...
justsomeguy Posted February 28, 2013 Share Posted February 28, 2013 I'm not sure what this has to do with file_get_contents. What is a "fake click"? What exactly are you trying to protect your site from? Link to comment Share on other sites More sharing options...
jeffman Posted February 28, 2013 Share Posted February 28, 2013 Do you maybe need a login system? Link to comment Share on other sites More sharing options...
Net123 Posted February 28, 2013 Author Share Posted February 28, 2013 OK, let me explain u. Let, www.wapwap.com is my site & www.mobmob.com is a toplist site. In mobmob.com, i can add my wapwap.com for listing in their site. So i will get a unique code from mobmob.com (like : "http://mobmob.com/?id=100"). I place that link in my site, so that visitor from my site can go to mobmob.com & mobmob.com can count how many clicks they got from my site.... But, If I use these two things like {{ <img src="http://mobmob.com/?id=100" /> or file_get_contents() }} , then they will not get any real visitors but they(mobmob.com) will count clicks when any user visits my site(wapwap.com). So, those clicks are fake. So, how can I protect this cheating on mobmob.com ?? Any Ideas ? Thanks. Link to comment Share on other sites More sharing options...
justsomeguy Posted February 28, 2013 Share Posted February 28, 2013 If that's all your counting, then there's not a good way to protect against that. There's no real difference between a request for an img src and a click on a link, the headers will be the same. Sending a request from PHP with file_get_contents, fopen, cURL, etc will at least all come from the IP address of the server, not the user. It would be easy enough to notice many requests from the same IP if you're keeping track of that. The headers that the server sends will also be different than you would see from a browser, unless they take steps to forge the headers. Maybe instead of just counting a single page view, make that page send another request. You can use an iframe or an img tag on your page to send another request to another page on your server which will actually count the click. You can set values in the session to make sure that they pulled up both pages. That way, just fetching the main page would not count, it would require the browser to load that page and send a request for the other page which would actually cause the view to be counted. You could also use ajax, but it would exclude people who aren't running Javascript. 1 Link to comment Share on other sites More sharing options...
Net123 Posted March 1, 2013 Author Share Posted March 1, 2013 yeah i got it but i cannot understand how to escape from iframe request ...? Link to comment Share on other sites More sharing options...
birbal Posted March 1, 2013 Share Posted March 1, 2013 what do you mean by "escape from iframe request" ? Link to comment Share on other sites More sharing options...
Net123 Posted March 1, 2013 Author Share Posted March 1, 2013 mean when a site try for open my site in an iframe how can i stop that ?? Link to comment Share on other sites More sharing options...
birbal Posted March 1, 2013 Share Posted March 1, 2013 when any site try to open your site it will get the html structure of the site. it will get the iframe literaly (html code), it wont get the iframe source automatically like browsers do , thus it wont make request the increase counter. But as already being said there is no full proof way to stop it. anyone can study your site structure and figure it out which iframe or img tag is making request and then can parse the source and make request to the source. As already being suggested it will be best way to keep track of IPs to figure out the unique users. Link to comment Share on other sites More sharing options...
Net123 Posted March 1, 2013 Author Share Posted March 1, 2013 then can u tell me why this counter was getting increased ???it's real page : http://hugetop.ptop.info/givingindex.phpit's iframe page :http://ptop.info/test.php Link to comment Share on other sites More sharing options...
birbal Posted March 1, 2013 Share Posted March 1, 2013 Sorry, I misinterpreted your question. http://stackoverflow.com/questions/958997/frame-buster-buster-buster-code-needed here some discussion regarding preventing this. Still it is not full proof. Link to comment Share on other sites More sharing options...
Net123 Posted March 1, 2013 Author Share Posted March 1, 2013 oh but some of the ad company filtering these kinds of acts...do you know what could be the answer atleast of 50 % .........filtering Link to comment Share on other sites More sharing options...
justsomeguy Posted March 1, 2013 Share Posted March 1, 2013 One thing to do would be to make sure your pages send an X-Frame-Options header to tell browsers to not show it in a frame: http://stackoverflow.com/questions/3838600/how-useful-is-the-x-frame-options-header-in-protecting-against-malicious-framing Link to comment Share on other sites More sharing options...
Net123 Posted March 4, 2013 Author Share Posted March 4, 2013 this option was not supporting for old browsers i am doing this for mobile users almost....but most of the mobile browsers doesn't have this facility...... Link to comment Share on other sites More sharing options...
Net123 Posted March 8, 2013 Author Share Posted March 8, 2013 Help me plz i need this.......... Link to comment Share on other sites More sharing options...
justsomeguy Posted March 8, 2013 Share Posted March 8, 2013 Implement everything you can. There's not 1 solution that is 100% perfect. Use the header, implement what I was talking about in post 5, do what Birbal was suggesting, etc. And do a Google search for clickjacking if you want more ideas. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now