Today on the main page of my Misfit Women site (www.misfitwomen.org), at the bottom of the page where the counter should appear, there is a box that says "Host: www.zdnet.com is not authorized". HUH? I looked at the code and it doesn't appear to have changed. How can this be possible? I am dumbfounded, flabbergasted, and agape! :eek: Can anyone give me a clue?

Never mind -- it disappeared in the meantime and the counter is back. But it's making me crazy how that could happen, so if you know I'd be glad to hear about it.

It's working fine for me ??
http://www.wolfstalks.net/misfit.jpg
Hmmmmmm?

Bob :)

- The mysteries of the web {} -

Hi, Bob...I just edited my post to say that the box disappeared and the counter came back. Beats the hell out of me......

Cyber, I've had that happen with the FQ counters before. Don't know what triggers the problem, but it goes away mysteriously. Even tried killing the browser and restarting to no avail.

Frank
==go figger==

Frank: Oh well, what's life without a little mystery. I thought the site had been hacked somehow, and that was a disturbing thought, but the message isn't a hacker-type message. ??????

Well, "not authorized" makes me think of a 401 error.

Has FQ put some sort of restriction on the Counters, so that only people who host here can use them? (This would make sense.) How are they controlling that? Is it checked by IP address? Or HTTP Referrer? It is possible, since not all browsers send an HTTP_Referrer, that maybe they are being denied on that reason?

{Just thinking out loud..}

Sheila, what's a 401 error? I'm not sure I understand you right but what I believe what you're saying is that someone tried to cop the counter code from my site and use it, and somehow the not authorized message implemented by an FQ protection scheme showed up on my page instead of or in addition to theirs? Interesting! But why would it show up on my page? Of course there's the anti-particle theory in physics, where particles no matter how far apart in space are somehow linked. :cool:

I'm not saying anyone was trying to "cop the counter code" from your site. In fact, I rather doubt that. However, *if* someone (or bot) visited your site with an agent (browser or similar tool) that doesn't send the HTTP_REFERRER information, and *if* FQ requires that in order to access their counter code, then that might explain a "not authorized" error. It is not that unusual for a browser or other agent to fail to send certain types of referrer codes, since they are mostly optional. (Anyhow...notice the "if"s in there...it is mere speculation on my part...)

Now, how that code got into your web page...I haven't got a theory for that one (yet?).

What's a 401?
See this:
Server response codes (http://home.cfl.rr.com/eaa/ServerCodes.htm)

Oh -- now I get it. sort of. :rolleyes:

Hey, that's useful site you referred me to. Thanks.

I honestly have no clue why 'zdnet.com' would show up...

They are rather large and I don't think I'll be hosting them anytime soon... :p

If you are using our server installed counter, then yes it does have protections built in... Since referrers are way too easy to spoof, it uses IP addresses only and checks to make sure the domain accessing it is actually within our networks...

This is the first I've heard of this twilight zone issue, but will keep an eye out for it... Initial attempts to reproduce the problem have been nill... :(

--
Terra
--{}--
FutureQuest

OK, here's what happens when someone goes to your website:

They enter the URL in their browser. The browser asks some computer (DNS server) what the IP address is for your domain. Then it goes to the webserver with that IP address (this would be your site at Futurequest, now), and requests the page.

The web server then has to give a response to your browser. If everything is going smoothly, and the webserver can find the requested page and thinks that it is OK to have it, then it will send the page to your browser with a 200 code.

Now, if for whatever reason, the web server doesn't think you should have that page, it may issue other codes, and possibly not return the page (either because it can't or because it thinks it shouldn't). If for some reason the web server thinks your request is "not authorized", it would refuse to give you the page, and issue a 401 error code.

When you first request the page, in addition to the URL, your browser may send other information as well. One of which is the HTTP_REFERRER. This gives the URL that referred them to you (if there was one). For example, if I have a link on my website to FQ, and someone clicks on that link, then that person's web browser may tell the FQ site that it was referred by my website by giving the URL of the page on my site with the link to FQ's site (this would be the HTTP_REFERRER data). (Oh, that sounds confusing, but I'm not going to re-type it...)

Every image on your website and every CGI script and so forth requires the visitor's browser to make a request. If you have a web page with several graphics, then the visitor will request that page, and then it must request each of the graphics in the page as well. Usually the referrer on the graphics will be the page on your website where that graphic occurs. Or, if you have a link to a CGI script on your page, then the URL of your page with that CGI script would be the HTTP_REFERRER when that cgi script is "requested".

However, there is no requirement that a browser send that information (the HTTP_REFERRER) to the server. And it's not just browsers. It can be any kind of spidering bot or any other agent that knows and speaks the HTTP protocol.

Sometimes, people set up CGI scripts, so that the HTTP_REFERRER sent by the browser must be in some list of permitted hosts. Otherwise, the script will not run. This is to prevent people on other web hosts from running your scripts. It is not a fool-proof method, but it is better than nothing.

My theory, is that FQ has implemented some sort of check on who runs the counter scripts. I can't be certain that it is verified by the HTTP_REFERRER data, but that is possible and maybe even likely. Some browser or bot may be quite innocently configured to not give the HTTP_REFERRER data. If they request your page, and don't send that data, then the cgi script may not run.

Does this make any better sense? (I hope so...)
Now, watch me be completely wrong on this whole theory, now that I've completely derailed the discussion...

Sheila...It doesn't matter if you're completely wrong or not. What's important is that you SOUND right. :p (Just kidding) Anyway, thanks for explaining in more detail. It's clear to me now what you were talking about, partly because some of it I have figured out intuitively as I work with URLs and Web pages (I mean it's obvious the browser HAS to do some of these things and there's no point in doing them unless the server responds in a certain way), but I didn't know the precise details or the right terms for talking about it. So you have done a good job of eddicating me on the general principles, for which I thank you, even if it doesn't turn out to explain this particular episode precisely.

Terra, you prolly read Frank's message that he also has had episodes like this? His problem just disappeared, as mine did, so it doesn't appear to be a serious problem, altho it can be a strain on people who are compulsive about knowing the WHY of things, like me. ~#

Originally posted by cybercrone:
Sheila...It doesn't matter if you're completely wrong or not. What's important is that you SOUND right.

LOL! (I make it my business to sound right. :V (Am a teacher...)


So you have done a good job of eddicating me on the general principles, for which I thank you, even if it doesn't turn out to explain this particular episode precisely.

You're welcome. I'm not surprised that FQ does it by IP address. That can't be spoofed (if the visiting agent actually wants the data sent back). Anyhow, the principle is the same as what I said, except the browser HAS to send the IP address (whereas HTTP_REFERRER is optional).

I have had this happen a few times on my stopsexoffenders.com site -- but only with sites that have stolen my copyrighted work, including the FQ date and time code...which only work on FQ servers. When this has happened, I have already located the site that has stolen bandwidth, and so I was familiar with their domain when it showed up in place of the date and time. It doesn't last that long, so I just ignore it. I wonder if it is only me who sees this when it happens....?

Best always,

I have had this happen a few times on my stopsexoffenders.com site -- but only with sites that have stolen my copyrighted work, including the FQ date and time code...which only work on FQ servers. When this has happened, I have already located the site that has stolen bandwidth, and so I was familiar with their domain when it showed up in place of the date and time. It doesn't last that long, so I just ignore it. I wonder if it is only me who sees this when it happens....?
Joi, are you saying:

(a) That when somesite.com has included html from your site on their site (including your FQ date/time code), that this causes the date/time on YOUR site to display an error and their site's name?

- OR -

(b) That when somesite.com has included html from your site on their site (including your FQ date/time code), that this causes the error and their site's name to display WHEN YOU VISIT THEIR SITE.

Your statement looks like it is saying (a) is what happens, but I'm not sure this is what you meant. :confused:

Rich

Joi, I am interested in knowing how you track down the people who are stealing copyrighted material from your site?

Has this turned out to be an interesting thread, or what? :stardanc:

Rich,

I was saying (a) -- I've noticed this happen just a few times when I knew of someone who was using my code -- I couldn't and still don't understand how they could change the code on MY page??? Is it something in the browser...a cache thing? So when I view their page and then my own I would see the error in the time and date code? I'm just trying to figure this one out.

how you track down the people who are stealing copyrighted material from your site?

I review my stats a few times each month. I pretty much become familiar with the domains and pages that are listed time after time, and when I find a new one, I visit that page and see where my link is coming from. It could be that they set up an image link to my page (I make sure it's on their own server, and not mine), they could have a text link, or they could be including my code -- possibly from a javascript they copied. There's also this site that's wonderful: http://www.findsame.com , that has helped me locate many infringing sites :).

Best always,

WOW! What a tool! (The Web site you posted -- Digital Integrity) Thanks, Joi.

You're very welcome :V !! The only problem with that site is that I can get lost there for hours -- more than I have available ;)!