We received PHP code from a developer with a web-stats script that relies solely on $_SERVER['HTTP_REFERER']
. With cURL, you can easily fake it as follows:
curl_setopt($curl, CURLOPT_REFERER, "client website");
and I'm looking for a way to prevent it. This can even be done by the client website as well, to have higher stats. I'm looking for a way to prevent this spoofing. Is this possible at all? If so, how can this be achieved?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…