123
-=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- (c) WidthPadding Industries 1987 0|699|0 -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=-
Socoder -> Site & Server -> Super Creepy Referral Stats

Posted : Wednesday, 08 June 2022, 03:14
Jayenkai

Super Creepy Referral Stats


Over the past few days, more and more referral stats have been showing up that are very obviously not referrals.
I'm starting to think it might be Pakz's browser that's doing it, especially given this morning's referral.

In the past few days I've seen referrals from HumbleBundle, GameBrew and more.
Normally I wouldn't consider them to be alarming referrals, but in this case, last night's Humble Bundle "referral" is from this bundle of books, which made me sit up and take note.
That's quite obviously the type of bundle that Pakz would approve of.
Then this morning, I've awoke to the fact that a DHL package has landed "in your region" at 7:02am



That's a god-damned security hole if I ever saw one.
So, let's try to weed out why this is happening, and see if we can plug this particular gap.
Because.. if I can see it in my absolute minimal referral data, then god only knows what other trackers can see.

Is there any particular methodology that you're using, Pakz?
Browser/plugins/etc..

(Again, assuming this is even Pakz, but given those two clues, I'm fairly sure it's highly likely to be him!)

-=-=-
''Load, Next List!''
Posted : Wednesday, 08 June 2022, 03:18
Pakz
Yes that is mine. What happened?

I use ios and ipad os. And chrome. All up to date.

Edit: Is it mallicious adds?
Posted : Wednesday, 08 June 2022, 03:24
Jayenkai
Chrome on iOS? Haven't used that myself, but given how much Google love to track people, vs how much Apple don't, it kinda makes sense that that's the issue. They'd probably have to resort to simpler tracking methods, and this'd be one way to do it.

What it's doing (I would guess..) is taking the ENTIRE URL (including all parameters, like your tracking ID) and sending it as the referral when you navigate to a different site.
You might want to dig through the privacy settings and see if you can find something about referrals.

-=-=-
''Load, Next List!''
Posted : Wednesday, 08 June 2022, 03:29
Pakz
Well, there are barely any settings to change. If it is the google company doing it. They might get slapped on the fingers for doing it when media starts noticing it is bad.

Those companies sure look like stalkers.

Good thing I use a different browser and computer to visit "www.sexywetcrabs.sex"
Posted : Wednesday, 08 June 2022, 03:44
Pakz
Well. At least I can ask anyone else on the internet when my packages wil arrive!
Posted : Wednesday, 08 June 2022, 03:47
Jayenkai
LOL!
Posted : Wednesday, 08 June 2022, 04:32
Jayenkai
Your package is out for delivery! \o/yeay\o/
Posted : Wednesday, 08 June 2022, 04:51
Jayenkai
Spent the past 20 minutes playing around with Chrome on iOS, jumping back and forth between various sites and here, to see if I can get it to send that same sort of data..
But, nope..
I even turned on as many of the tracking options as I could find!

Are you maybe using a VPN? That might be doing it?

-=-=-
''Load, Next List!''
Posted : Wednesday, 08 June 2022, 04:58
Pakz
No. I just have the standard chrome and sometimes use the google app too. Everything is up to date. Maybe it is a law(isp)thing here vs other countries. Where they can do more.
Posted : Wednesday, 08 June 2022, 05:01
Jayenkai
Could be that, too, yeah.
I'll certainly have to keep an eye on it.

-=-=-
''Load, Next List!''
Posted : Wednesday, 08 June 2022, 07:01
Jayenkai
Pakz'Package has been delivered!
Posted : Wednesday, 08 June 2022, 08:47
Jayenkai
Clarification, and to allay any fears that I'm doing dodgy-as-fuck shit behind the scenes.

SoCoder doesn't use anything untoward. This certainly isn't my fault!!
Heck, I don't even have Google Analytics running here.

I used to, a long long time ago, but I stripped it out once it became apparent that Google were doing dodgy shit on the side.
Nowadays, SoCoder, AGameAWeek, and all the other JaySites do NOT use Tracking.

You should see a nice happy shield whenever you visit here.

SoCoder does use very basic cookies to be sure it's you that's logged in, but that's all.
GotoJSE, Browsercade and Shoebox all use LocalStorage so they can easily load/save things as and when necessary, but .. Again, no real cross-site cookie stuff, and certainly no tracking.

What SoCoder does use, however, is the very most-basic Referral data.
The sort of stuff that, if you open up your Apache Logs, it's all in there.

When you click a link on the net, it requests the next site, and also includes (if you and the site allow it) the previous page's URL within the request.
This is a 1990's Web feature, and generally isn't anything to be scared about, since it's only SUPPOSED to happen when you click a link on one page, to open another.

In this case, what's happening, is that the Referral data is somehow being set, even when Pakz isn't physically clicking a link on the page.

Whether it's being submitted because "he clicked a bookmark", or even some kind of refresh-based oddity, I'm not really sure. But something's most-definitely not right with me being sent that data in the Referral data.

I still haven't 100% figured out the how and why, but .. For everyone. Double check your security settings, test everything's secure.

-=-=-
''Load, Next List!''
Posted : Wednesday, 08 June 2022, 09:40
Pakz
Can you see what I buy too? That would make sense for google to track those things. A while ago I even had the impression that some sites knew the balance on my paypal account.
Posted : Wednesday, 08 June 2022, 09:51
Jayenkai
No, I don't even know what you got delivered today.
I'm sure it's not a massive problem.
... but even one instance suggests there's more going on, here, and that's somewhat alarming.

-=-=-
''Load, Next List!''
Posted : Wednesday, 08 June 2022, 23:54
rychan
Am assuming it's just the $_SERVER['HTTP_REFERER'] variable?

Possibly along with other PHP bits, ehhhhh, waterfox might be safer if it's a concern, or tor perhaps?

-=-=-
Web / Game Dev, occasionally finishes off coding games also!

Refresh Games - Game Dev Blog - Doll Photos
Posted : Thursday, 09 June 2022, 00:45
Jayenkai
Yeah, the bog standard stuff.
To be honest, I'm not really worried about the site or server, I was much more worried about the fact that a working tracking code was being given out willy nilly like that.

The DHL tracker didn't include any personal information, but I know that a few trackers do. In fact, some even have that realtime map pop up, so you can not only see where the person's package is, but also.. where THEY are.
It's scary to consider that, without even bothering to do any phishing attacks or anything, you could just pluck random bits of information like that from a Referral variable.

It definitely shouldn't be happening, and the fact that I could do it without even trying, having it just pop up on my daily stats, is, frankly, scary as all hell.

-=-=-
''Load, Next List!''
Posted : Thursday, 09 June 2022, 02:11
AndyH
Have you had any referrals from sexysheep.com?

Asking for a friend.


But seriously, that is super bad for whatever is doing that.

-=-=-
Andy H
8-bit games at www.hewco.uk
Cartoons at awful.ovine.net
Ovine at ovine.net
Posted : Thursday, 09 June 2022, 04:50
Jayenkai
LOL, maybe!!
I tend to skip over a lot of the porn'y looking referrals.

-=-=-
''Load, Next List!''
Posted : Friday, 10 June 2022, 05:29
rychan
Probably mostly from me I bet

But, it's just the inherent problem with passing data via the URL, effectively as a GET variable. Can't be helped

-=-=-
Web / Game Dev, occasionally finishes off coding games also!

Refresh Games - Game Dev Blog - Doll Photos
Posted : Wednesday, 15 June 2022, 11:43
Jayenkai


Tinkly Winky Loves Coding!

-=-=-
''Load, Next List!''
Posted : Wednesday, 15 June 2022, 12:31
rychan
And there's still sites out there using ASP!
Posted : Wednesday, 15 June 2022, 12:47
Jayenkai
Nah, that's someone trying to hack their way into the site, by trawling for known broken .asp/.php/.cgi/etc files. Happens all the time.
SoCoder will happily "Refer" them to a fake login page, which when visited (IIRC) 5 times, triggers an auto-IP ban for half an hour or so.

-=-=-
''Load, Next List!''