Pissing off other webmasters (need YOUR opinion)

Discussion in 'Site & Server Administration' started by Tearabite, May 23, 2012.

0
  1. #1
    I am building an online system that does specific types of security scans on websites as entered by visitors. Each time a visitor scan's a website, the webmaster will (obviously) see a hit in their referrer-logs.

    As i see it, there are a few options for what we can leave in the logs for the webmaster to see in their logs as a referrer:
    • No referrer string
    • A fake referrer (ie Google)
    • A link back to our service to a page specifically made for webmasters celebrating that we just did a full probe of their website

    If we leave no referrer, or masquerade as Google/other search engines we will probably blend-in more, but the webmaster may feel we are 'tricking' them or trying to hide, and block us

    If we leave a referrer-string announcing what we've done, some webmasters may view it as referrer spam or not like the whole idea of being 'probed' and will block us or give us a hard time

    What's your opinion?
    1) Blend in and hide with no referrer or a fake one and hope webmasters don't catch on
    2) Be open and honest and celebrate what we're doing
    3) Stop being such a pussy and worrying so much (if you choose this option, explain why it should not be a worry)
     
    Tearabite, May 23, 2012 IP
  2. fixyourserver

    fixyourserver Peon

    Messages:
    20
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    0
    #2
    A blend of 2 & 3. ;) Be sure to add your domain as the referrer. The reason I would do this is so that administrators will see it and visit the site. They may potentially use it in the future. I would not recommend 1 as it makes your service looks a bit shady.
     
    fixyourserver, May 24, 2012 IP
  3. BMR777

    BMR777 Well-Known Member

    Messages:
    145
    Likes Received:
    8
    Best Answers:
    1
    Trophy Points:
    140
    #3
    I would recommend that you put your domain in the user agent as well, so webmasters know what is going on.

    In addition, I can see the potential for abuse on a service like this if people are using it to try and find exploitable security holes on other people's websites. I would recommend that maybe you require the webmaster to verify that they own the site before you probe it, such as generating a random HTML file and requiring the webmaster to upload the file to their web root, then check the contents to verify that the individual owns the website. This might get you less users, but they will be quality users and not people trying to hack other people's sites. If you're telling strangers that certain sites are vulnerable and how to essentially hack (or where to hack) the site that could expose you to some legal liability.
     
    BMR777, May 25, 2012 IP
  4. Tearabite

    Tearabite Prominent Member

    Messages:
    4,629
    Likes Received:
    429
    Best Answers:
    0
    Trophy Points:
    300
    #4
    good point BMR, but I guess i should not have used the word 'security', it's more of 'privacy' so nothing exploitable is being checked.
     
    Tearabite, May 25, 2012 IP