working in Laravel / PHP and have built a bespoke tracking system to track visits to our sites.
The issue currently is that email clients / Mailchimp will trigger a visit to be tracked when they send / the email is previewed by the client.
I guess email clients do some sort of link fetching even if the user doesn't click.
I'm already using a Crawler detection package (https://github.com/JayBizzle/Crawler-Detect) but would rather a better way of only tracking genuine visits to our site.
Is there anything clever that can be done to really know if the page was loaded via a browser? E.g, something I can only show on the page if it's not from a crawler or not browser etc.
I am running a LAMP web app where registered users can post classifieds, similar to craigslist. Recently I discovered that there seems to be a bot which is frequently posting fraud classifieds and I somehow can not get hold of it. The bot seems to only do a form post as the tracking log does not show any "thank you page" after posting or "entry page" before posting:
The PHP file that posts the classified verifies for certain keywords (similar to spam assasin) and by using the browser to create classifieds one can not create any with the text he is posting.
I am wondering how I could prevent him from posting. There is captcha, email and even SMS verification before he get's an account but once he has a verified account there is no captcha anymore but text recognition which somehow failes.
What would be a good strategy from preventing the bot from posting again? I seem to run out of options.
So I've start building an application for a website in Swift. The main goal is to have an iOS App which can receive notifications (in JSON from website) and can show all the features of the website.
So I can login and sign-up from the app to my database but the thing is I don't understand how to take out my session login and display it in an UIWebView. So the user has just to log-in and he can see the website with his account. The only thing I can make is to show the website as a guest.
Can someone help me please ?
As far as I know UIWebView does not store/send any cookie(session) for your web site. That means you're always not authenticated.
In order to complete your task you need to create your own cookie handling mechanism.
You need to save auth cookies sent to you by the server in response HTTP header, e.g.
Set-Cookie: JSESSIONID=ABAD1D;
Then you need to make any required request and MANUALLY put cookie header filed in your request header e.g.
Cookie: JSESSIONID=ABAD1D
Save response somewhere and render HTML in a WebView
BOTTOM LINE: All this stuff is a huge overhead to your app. Instead you need to write API of your web-site specifically for iOS(and other) apps, using different authentication approach and data transfer (well known).
What you want to do is basically create a little browser, I don't think it is a good idea.
I am developing a web+app system and I would like to know if there is any way that Facebook tells me how many likes has an URL I post in a user wall.
What I would like is that when some users hits like, a GET (or POST) Request to my server is called so I can store the external hit in my database without having to update it every time.
Does it even exist?
Maybe FB.Event.Subscribe can help you?
From the docs:
FB.Event.subscribe allows you to define callbacks that will be called
when certain events take place on your site. These events include:
Logging in or logging out via Facebook Login
Someone likes or unlikes a page via an embedded like button
Rendering of social plugins
Comments are added or removed
Someone sending a message to your page or a friend via an embedded send button
I've been working on an app for IG, and was looking at other websites which use the IG API. I came across this website which allows the user to login by entering their username and password directly into the site. It is then able to access the IG API and fetch things like follower count, however without the user authenticating an IG API Client as would normally be required. The app can even perform functions such as liking pictures using your account, which as far as I know also requires you to authenticate an app with elevated privileges.
My question is, how is this app able to login users without using OAUTH which appears to be the only method of authentication?
They probably use a web automation framework like Selenium to take actions like auto-linking content by actually logging in to the Instagram web site with the accounts credentials and simulating mouse clicks, etc. to get the job done. In other words their "script" just looks like a very active user to Instagram because it's all coming from interactions between a web browser and their site.
They definitely are not using the API. Several reasons you can know this:
no OAuth flow to get an access_token
they don't appear in the authorized applications section if you log in and manage your profile
what they are doing is a violation of the API Terms of Use. See the following under "shall not"
Use the Instagram APIs to post automated content to Instagram, including likes and comments that were not initiated and entered by an Instagram user.
I'm no lawyer and I have no inside information, however it seems clear enough to me that Instagram does not want this type of "bot" activity.
They claim that they have the timing set up in a way that they go undetected, but I think it's a safe bet that there are algorithms at Instagram trying to detect and prevent this type of activity and if they do, accounts would be at risk of being disabled, etc. I have not inside knowledge here, just speculation.
The Instagram application that you use from your cellphone uses HTTP/HTTPS communication with their application server. The link that you provided on the question uses to simulate those http calls to mimic as an Instagram application.
You can redirect your cell phone's Internet connection through the proxy(your own proxy server). From your proxy server catch the web requests those are being sent by the Instagram application when you are doing login, liking, etc.
It will be easy for you if the requests are through http channel. But if its through the https, then it will be really difficult to capture those. You can try with Fidler or some sort of similar softwares for this.
What I THINK is happening is the following:
They are logging your PHPSESSID and using that so you have the ability to like pictures and whatnot. They are doing all of the back-end work directly in index.php.
If you track the requests that are being sent to index.php through the Network tab in Chrome, you will see that "Cookie:_ instamacro_advcontent=1; PHPSESSID=" on the index.php file "Headers" tab.
I'm doing the same with my website that uses Vine's API(not public, btw). In a PHP file I created called api.php, I use Vine's API to perform actions. I do not use OAUTH at all. I simply use the users "x-vine-session" cookie.