Talk:Refback

Latest comment: 12 years ago by 192.88.166.35 in topic Security issue
WikiProject iconBlogging Start‑class (inactive)
WikiProject iconThis article is within the scope of WikiProject Blogging, a project which is currently considered to be inactive.
StartThis article has been rated as Start-class on Wikipedia's content assessment scale.

Tidying up

edit

There are three types of Linkbacks - Pingbacks, Refbacks, and Trackbacks. Here in Wikipedia, only two were referenced, and there was no article for Linkbacks in General. I created an additional article to represent all three, added some missing material for the two that were in existence, and created the parent article, Linkback.

I propose that we merge Pingback, Refback, and Trackback into a Linkback article, with redirects from each to the Linkback article.

What's your opinion? - Mugs 11:41, 19 November 2006 (UTC)Reply

I vote NO on this one. Bobmutch 5:02, 03 June 2007 (UTC)
edit

This link is giving a mySQL error. Href cloud is an experiment site of the refBack method

Bobmutch 5:06, 03 June 2007 (UTC)

Trackback

edit

This article talks about RefBacks and then goes on to talk about Trackbacks.

This article is basically incorrect because it is a direct copy/paste of trackback

I tried to describe refbacks. No citations, though, sorry. Wanted to add a "Usage" something about how good they are for discovering del.icio.us tags or technorati or other social bookmarking information. Hope it helps! Mogsie 21:20, 19 August 2007 (UTC)Reply

Security issue

edit

Related to this phrase:

Validating the referrer on the other hand, according to web expert Tantek Çelik, creates the premises for a denial-of-service attack.[1]

The DoS issue seems an exaggeration. In order to cause a DoS, an attacker will have to find thousands of refback-enabled sites an issue a GET request on each of them, which in turn will cause a single GET towards the target site. The amplification factor of the attack is 1, in other words the attacker is better off attacking the target directly instead of using such a complex scheme. The amplification factor can be reduced even further, by storing statistics about each unique referrer, and trigger the verification only when at least, say, 5 unique IPs were refered (though I'm not aware of software that implements this).

I do agree that, assuming amplification remains 1, the technique is an effective way to turn a DoS in a DDoS, which is harder to fight against. 192.88.166.35 (talk) 09:42, 8 March 2012 (UTC)Reply

References