Set and Show Referer that you want !

[SpyBoy]

We all know that the simplest way to cover our tracks is the DMR. And we all know that using it adds one more thing for the networks to question us about. So this script let's us get around the questions by bouncing all of our blackhat traffic off of a whitehat site that will show as the referer to our networks. Just a note...I've got this working on my server, but I tried to get it working for somebody else, and it wouldn't work. This was a copy/paste of the working code on my site, so your mileage may vary with this technique.

What you'll need

Whitehat site - This will be the site that all of your traffic shows as a referer. It would be best to have the blackhat ads that your bouncing off of it in some sort of rotator so that if your AM decides to check it out, they will see the ads.

Blackhat site(s) - The site that your traffic is coming from.

Script -
Code:

$user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
$referer = $_SERVER['HTTP_REFERER'];
$target = 'AFFILIATE_LINK_HERE';
if($referer == "http://PAGE_THAT_THE_CLICK_IS_COMING_FROM")
{
if(strpos($user_agent, 'Gecko') !== false)
{
echo "





This is the referer - ".$referer."


";
}
elseif(strpos($user_agent, 'MSIE') !== false)
{
echo "






This is the referer - ".$referer."


";
}
}
else
{
echo 'No referer or unsupported browser.';
}

?>

To test out this code, you'll need to edit three things in the script above:

1. Change the target page text (AFFILIATE_LINK_HERE) to your offer link.
2. Change the refering page text (PAGE_THAT_THE_CLICK_IS_COMING_FROM) to the page that the links are on that target this page.
3. **Optional** Change both instances of "5000" above to a smaller number. This is the amount of time that it takes for the page to refresh, measured in milliseconds.

I've attached a working sample - all you have to edit for it to work is the referer that the testpage1.php checks for. It will be "www.yourdomain.com/page1.php" if you use the file from the root of your site.

This gives you another option if your network hassles you about blank referers.

Download: http://www.blackhatmoneymaker.com/files/SetReferer.zip

[shadowpwner]

Also if you would like to check if your referrer is blank or not:

PHP Code:

<?
if ($_SERVER['HTTP_REFERER']) {
echo " Your referrer is not hidden";
}

else 
{
echo "your referrer is hidden/blanked";
}
?>

Not tested, just create a file and paste it in, and just send stuff it's way and it'll tell you if your referrer is blanked.

[loubarlow]

I've used a similar script. Same idea, but uses and iFrame on the BH site that loads the WH site by submitting a form on IE or a JS redirect on Mozilla. The WH site then either loads the aff URL if the referer is you BH site or shows the WH site content if not. Like I said, same concept, but another way to do it. I attached the files.

[webgrafix]

Thanks for all this info guys!!!!

I have been a "cloaking" guy for years... and ironically I never messed with the "referrers" all that much. I am slowly learning to love this method!

[aliengeek]

Use caution when a frame is involved.

A DMR is necesary if your using a black hat site to bounce to a white hat.
People do this because they don't usually tell their AM what domains they own and will be using. Technically every domain you put adds on has to be cleared with them first (not with every company).
So the DMR is essential to cover that up. It, however, does not pass a referrer.

If you go from white-hat site to cookie stuff a few things are going to happen.
First, the original link is now the main referrer. So if it was craigslist, craigslist.com/post-id is the referrer.

Where a lot ofpeople get confused is on this part. If you left everything as is you would be caught. Your visitors BROWSER is going to keep craigslist as the referrer and it is going to pass that one as well. The DMR boots the old referrer out of the loop. How? Meta refresh.

The meta refresh does what the name says. By forcing the visitors web browser to call the head and body again (sometimes just head depending on stuff). This makes it look as if the visitor just typed your URL of the cookie stuff in their address bar.
You can do it with sessions just as well.

So a white-hat to white-hat can still use a meta refresh.
When the cookie stuff hits the server meta refresh to second white hat page.
That should technically clear the original referrer of the cookie stuff.

This is only important when your posting links off site to stuff cookies.

<?php

$referer = $_SERVER['HTTP_REFERER']; if($referer == "")
echo "<meta http-equiv=\"refresh\" content=\"0;url=http://www.your-white-hat-site.com/try-again.php">"

else
{

echo "<meta http-equiv=\"refresh\" content=\"0;url=http://www.affiliate-link.php">";

}
?>

In the above example were telling the browser that if the referrer is blank force a meta refresh that should make the white-hat domain as the referrer.
If the referrer is not blank we use a meta refresh to trigger the cookie stuff.
Whatever was in the referrer at this step will be what the affiliate company sees. It is a function of the browser and at the last second we made the visitors browser "refresh" to a different page.
The 301 redirect should work along the same lines.

Of course you would want to check if the referrer is your white hat site and if it is not refresh it till it is or die.

*in the example above I'm pointing a meta refresh to another php file. That file will havemy white hat site framed and a refresh back to the first step"

[martinsbca]

For you page3.php - do I have to replace anything on this page? or what is this page used for? Thanks.

[zhanglin]

i have checked it’s really great

[hermescave]

great info here has helpt me out with my own little project!

[tjpasha]

is it possible to fake the referrer while doing image cookie stuffing ?

[binghelang]

got it! thanks for your good skill!