Talk:Refback: Difference between revisions
ScottyBerg (talk | contribs) assessment |
No edit summary |
||
| Line 24: | Line 24: | ||
: I tried to describe refbacks. No citations, though, sorry. Wanted to add a "Usage" something about how good they are for discovering del.icio.us tags or technorati or other social bookmarking information. Hope it helps! [[User:Mogsie|Mogsie]] 21:20, 19 August 2007 (UTC) |
: I tried to describe refbacks. No citations, though, sorry. Wanted to add a "Usage" something about how good they are for discovering del.icio.us tags or technorati or other social bookmarking information. Hope it helps! [[User:Mogsie|Mogsie]] 21:20, 19 August 2007 (UTC) |
||
== Security issue == |
|||
Related to this phrase: |
|||
:Validating the referrer on the other hand, according to web expert [[Tantek Çelik]], creates the premises for a [[denial-of-service attack]].<ref>http://krijnhoetmer.nl/irc-logs/whatwg/20111122#l-387]</ref> |
|||
The DoS issue seems an exaggeration. In order to cause a DoS, an attacker will have to find thousands of refback-enabled sites an issue a GET request on each of them, which in turn will cause a single GET towards the target site. The amplification factor of the attack is 1, in other words the attacker is better off attacking the target directly instead of using such a complex scheme. The amplification factor can be reduced even further, by storing statistics about each unique referrer, and trigger the verification only when at least, say, 5 unique IPs were refered (though I'm not aware of software that implements this). |
|||
I do agree that, assuming amplification remains 1, the technique is an effective way to turn a DoS in a DDoS, which is harder to fight against. [[Special:Contributions/192.88.166.35|192.88.166.35]] ([[User talk:192.88.166.35|talk]]) 09:42, 8 March 2012 (UTC) |
|||
Revision as of 09:42, 8 March 2012
 | Blogging (inactive) | |||
| ||||
Tidying up
There are three types of Linkbacks - Pingbacks, Refbacks, and Trackbacks. Here in Wikipedia, only two were referenced, and there was no article for Linkbacks in General. I created an additional article to represent all three, added some missing material for the two that were in existence, and created the parent article, Linkback.
I propose that we merge Pingback, Refback, and Trackback into a Linkback article, with redirects from each to the Linkback article.
What's your opinion? - Mugs 11:41, 19 November 2006 (UTC)
- I vote NO on this one. Bobmutch 5:02, 03 June 2007 (UTC)
Bad Outbound Link
This link is giving a mySQL error. Href cloud is an experiment site of the refBack method
Bobmutch 5:06, 03 June 2007 (UTC)
Trackback
This article talks about RefBacks and then goes on to talk about Trackbacks.
This article is basically incorrect because it is a direct copy/paste of trackback
- I tried to describe refbacks. No citations, though, sorry. Wanted to add a "Usage" something about how good they are for discovering del.icio.us tags or technorati or other social bookmarking information. Hope it helps! Mogsie 21:20, 19 August 2007 (UTC)
Security issue
Related to this phrase:
- Validating the referrer on the other hand, according to web expert Tantek Çelik, creates the premises for a denial-of-service attack.[1]
The DoS issue seems an exaggeration. In order to cause a DoS, an attacker will have to find thousands of refback-enabled sites an issue a GET request on each of them, which in turn will cause a single GET towards the target site. The amplification factor of the attack is 1, in other words the attacker is better off attacking the target directly instead of using such a complex scheme. The amplification factor can be reduced even further, by storing statistics about each unique referrer, and trigger the verification only when at least, say, 5 unique IPs were refered (though I'm not aware of software that implements this).
I do agree that, assuming amplification remains 1, the technique is an effective way to turn a DoS in a DDoS, which is harder to fight against. 192.88.166.35 (talk) 09:42, 8 March 2012 (UTC)