How to block ad.fly from linking to my domain? - spam

I see a lot of incoming links from ad.fly to my website. I assume that someone is using their service to link to my domain to make money through interstitial ads.
http://imgur.com/dZrem
I am looking for a way to block ad.fly from linking to my website. I assume that it is not possible as they are probably just creating a short link on their own end.
So, the workaround is that I want to block all incoming requests from ad.fly. Can this be done?
The website is running a vBulletin forum and is powered by a LAMP server.

Related

I installed a Facebook Pixel to my new website and I notice there are other domains to my site. What are they?

I have a simple landing page for insurance leads I setup a few days ago. After installing the Pixel I notice there are two other websites for the site somehow. The site is installed on a brand new Digital Ocean droplet.
I don't know anything about these sites. When I type the names of the sites in a browser they take me to my landing page.
I don't want to share any names of the site because I don't want you all registering visits with the pixel, so maybe I can give you site in a DM if you need to visit it. Thank you.
DO, like any other cloud provider, re-use IP all the time. Most likely at one point, someone bought a domain and point it to their DO instance, then either forgot or don't bother to update the domain when they delete their instance (which release the IP back to the pool). This is a very common occurrence. One could also point a domain they bought to any IP they want, even those they don't own.
Your webserver right now is set to serve any request to 80/443 regardless of the domain. Fix that, and typing those URLs won't load your landing page. If you enabled HTTPS redirection, those URLs won't (automatically) load either, because the certificate won't match.

Hide referral information when my site users click on external links

I apologize for my lack of knowledge on how the intricacies of the web work ahead of time.
I run a fairly large deal site (lets call it dealsite.com) and we send a lot of traffic to Amazon.com. Is there anyway for me to hide from Amazon that the users are are coming from dealsite.com? I do not want Amazon to know that we (dealsite.com) are the ones sending the traffic.
Maybe strip certain cookies?
Send outbound traffic through a proxy?
I am not doing anything illegal and these are real users not bots.
By using the noreferrer tag on your links, you can prevent Amazon from learning their traffic is coming from your site, and you don't need to set up a proxy, vpn, or cookie redirects.
HTTP generally sends the referring page along with its request for the new page as part of the HTTP referer section of the request header, and that's how sites track where their visitors come from. So for example, a user would click through to Amazon.com from Dealsite.com, and the request would include an HTTP referer telling Amazon.com that the user was linked from Dealsite.com.
To prevent web sites like Amazon from learning that their traffic came from your site, prevent your links from sending the HTTP referer. In HTML5, just add rel="noreferrer" to your links, and then referral information will not be sent to the site that was linked. The noreferrer link type is only suppported in new browsers, so I suggest using the knu's noreferrer polyfill to make sure it works on older browsers too.
So far this will prevent referrer information from being sent from 99.9% of your users - the only users that will send referral information will be users that are both using old browsers and have JavaScript disabled. To make it 100%, you could require users have JavaScript enabled to be able to click on those particular links.
Disclaimer: This is not the thorough idea you're looking for. I ran out of space in the comments so posted it as an answer. A couple of possible solutions come to my mind.
Proxy servers: Multiple distributed proxy servers to be specific. You can round robin your users through these servers and and hit Amazon so that the inbound traffic to Amazon from dualist.com keeps revolving. Disadvantage is that this will be slow depending on where the proxy server resides. So not the most ideal solution for an Ecommerce site but it works. And the major advantage is that implementation will be very simple.
VPN tunneling: Extremely similar to proxy server. VPN tunnel to another server and send redirect to Amazon from there. You'll get a new (non dealsite.com) IP from the VPN server of this network and your original IP will be masked
Redirects from user (Still in works) For this one I was thinking of if you could store the info you need from dealsite.com in a cookie and then instruct the host to redirect to Amazon by itself. Hence the inbound traffic to Amazon will be from the users IP and not dealsite.coms. If you need to get back to the dealsite session from Amazon, you could use the previously saved cookie to do so.
Ill add to this answer if I find something better.
Edit 1 A few hours more hours researching brought me to the Tor project. This might be useful but be wary, Many security experts advise against using Tor. See here

Enabling SSL for a subdomain in IIS

I recently bought SSL for my website and want to create a section within the site in the form of https://secure.example.com/member/upgrade.aspx. However, I am having a hard time solving this issue since currently my website URL rewrite prohibits any subdomain and the user is logged out if he or she gets transferred to the above link.
I have search online and found some good information such as dynamically create the url without actually creating a subdomain in IIS.
Questions:
What steps are needed to achieve the objective above?
Should I have bought the wildcard certificate instead of one for a specific subdomain?
Thank you.
One option would be ignoring that url pattern for rewrite purposes or ignoring the url if the protocol is HTTPS. That said, I would take a slightly different approach here and just put the entire site behind SSL -- rewriting all the queries to the other protocol works and google is now giving rankings bumps to HTTPS so there are good business reasons to make the switch. You are already taking the pain of getting SSL involved at all -- the dedicated IP and certficate cost the same if you use them on a single page or all the pages, might as well take advantage of it and ease your management burden in the same motion.

Website A 'redirect' to subdomain of website B, with content of website A

There has been a question made towards me recently to do the following:
We have a website with Drupal running in IIS.
On that site is an URL Redirect to a website hosted externally, obviously with a name completely irrelevant to the name of our company.
The question now is the following;
They want to change to URL to a subdomain of our website. Example: from "www.external-site.com" to "www.sub.internal.com" (while still showing content of the external website)
They want the current page of that website to be reflected in the URL bar. So it wouldn't say "www.sub.internal.com", but it would say "www.sub.internal.com/solutions/page1.html" (instead of "www.external-site.com/solutions/page1.html")
It's possible that I forgot another 'condition' but have mentioned before this.
So, if someone visits through our URL Redirect to External-website, it needs to show our subdomain instead of their domain in the URL, AND it needs to show the current page when people start browsing while still using our subdomain in the URL.
Now, I checked the external-website, and it seems that most of the links available are relative links (if this would be any useful information).
Currently, the external website is hosted externally, and will remain to be so for next few years. (I believe we bought the company)
I have been asking around and looking up, and the best possible thing seems to use domain forwarding, but even then it still doesn't seem to comply with the entirety that they asked of me.
I am but a 'simple' .NET programmer, held responsible to do support for anything involving the websites, and I can't say I have extended knowledge about infrastructure. (But I can ask people to do this for me)
Is there anything that could solve this?
Thanks so much!
IIS's URL rewite and Application Request Routing (ARR) combo can help you what you want to achive. Here are few links which may guide you to configure ARR. Please note that these links dont exibit exact solution to your problem however you can take clue from it and fabricate your solution accordingly.
http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing
http://www.iis.net/learn/extensions/url-rewrite-module/reverse-proxy-rule-template
It sounds like you'll want to use a full-page iframe: do not redirect but show a page with an "inner page" instead: that inner page is the external web site. That way, users do not see the external site in their URL bar.
http://webdesign.about.com/od/iframes/a/aaiframe.htm
You need to configure the equivalent of Apache Virtual Host with Reverse Proxy on IIS.
See this answers:
https://serverfault.com/a/271030
and
https://stackoverflow.com/a/10003306/2131693

Sub-domain on a dedicated server

I don't know if my title made any since because I'm not sure what the terminology for what I'm trying to do is. Let me just explain my situation and see if anyone can shed light on to what to do next.
So I'm working on a research grant and we've got a shared server with GoDaddy currently serving our domain(also managed by GoDaddy). We also have a dedicated server through GoDaddy that we are using to do heavy computations on the research side of things. What I need to do is tie a sub-domain (say research.ourdomain.org) to the dedicated server. I tried sub domain-forwarding and Masking (forwarded to a Silverlight app) and this works until someone tries to request a page outside of our Silverlight app(at which point it first hits the Silverlight app then goes to a blank page). I feel like I'm going in the wrong direction with sub-domain forwarding and masking. Is their a better way to achieve what I need?
I hope that question wasn't too convoluted.
You can do this without forwarding and masking. All you need to do is setup the server to host the subdomain. Then you will need to create the A record in your DNS control and point it to your server IP. The link, http://x.co/ZmgJ, will have more info on how to create that record. If you need server assistance, http://x.co/ZmgM can show you how to initiate live chat with our server conceirges.

Resources