Blocking of IP referrers via Embedded method

1 post / 0 new
puravida's picture
Jedi Warrior
Joined: 09/01/2007
Visit puravida's Website

I just realized that I never posted this update on IP referrer blocking for Embedded method. However, it could be important to some users.

Last month I noticed, since I added additional logging and security, that there are a LOT of blocked requests using the Embedded method from IPs that are not in the given accounts "Allowed Referrers." At first, I thought this was an attack, but because it was happening across thousands of accounts from machines all over the world, it seemed more likely to be search engines or crawlers. After resolving a good many of these IPs, I confirmed that suspicion.

These requests were coming from:

  • searchbots, web crawlers (msnbot, googlebot, bing, baidu, etc)
  • broadband DSL/Cable modems running site scrapers and crawlers
  • indeterminate... could be servers running site scrapers and crawlers or could be attempts to steal credentials from publicly available web pages

To avoid wasting server resources logging these unwanted requests, I have simply blocked them. If you suspect that someone is attempting to use your credentials, you may enable "Full Logging" and still see these requests logged as "Lock to account: domain or IP not listed" (with the IP referrer shown for reference). If necessary, you may report a suspicious referrer and we can easily ban it permanently so that it will never show in the log or have access to the service.

Currently, we support caching of images via the Embedded method. This change does not prevent that ability as long as your server IP is on your "Allowed Referrers" list. However, please note that IP referrers do not get automatically added with "Embedded" requests, so you must do that manually. Using the "Advanced Method" API will automatically add referrers, which is one of many reasons that it is a better choice for tighter integrations.

ShrinkTheWeb® (About STW) is another innovation by Neosys Consulting
Contact Us | PagePix Benefits | Learn More | STW Forums | Our Partners | Privacy Policy | Terms of Use

Announcing Javvy, the best crypto exchange and wallet solution (coming soon!)

©2022 ShrinkTheWeb. All rights reserved. ShrinkTheWeb is a registered trademark of ShrinkTheWeb.