We are thinking to implement RSS feeds at the company i work with as a form of banking /transaction alerts to users.
Does anyone know if this has been done in e-banking apps? Anyone knows any possible security threats? Any articles, haven't found that much on the net.
Possible threat: How do you control access to the feeds? Usual RSS feeds are unprotected; you could have a RSS feed over HTTPS + Basic auth, but is it sufficient for your security guidelines (since it's a bank, I doubt it)? Even if it passed muster, are you sure you want to have two different access paths into the system? More specific ways of authorization will break most RSS readers (as they don't have significant support for more complex authorization schemes).
Also, some people use web-based readers (Google Reader); how do they authorize? Once you allow a web-based RSS reader to spider your RSS feeds, how do you prevent it from sharing this content with other users?
Related
As far as I know, in order to get RSS in real time (i.e be pubsubhubbub subscriber) , the one who generates the RSS feed, must be a pubsubhubbub publisher, which means the RSS feed must include a tag which includes the HUB address.
However, there are lots of RSS feeds (published using RSS 2.0 only and not pubsubhubbub) which I can subscribe to via Feedly.
How is it possible?
Thanks,
Qwerty
So, Feedly does use PubSubHubbub, thru Superfeedr (and other hubs, such as Google's or Wordpress).
Fir the feeds which do not support PubSubHubbub, Feedly polls feeds at regular intervals. You may want to check this other question for more details.
Also, please note that Superfeedr can also be used as a "default hub" which works even for feeds which do not support PubSubHubbub.
There is a lot of resources here and on the web explaining how to avoid biaised statistics coming from referals such as Darobar, semalt, iloveitaly, etc. and how to block these malicious bots.
My question is not about how to prevent it to happen. I don't understand WHY i'm getting spammed. What is the interrest of these companies / entities to flood my stats ? They must have a pretty big infrastructure (either servers or infected slave computers) to visit so much websites and so many times. But what is the purpose of all of this ? Is it financial ? malicious ? Just for fun ?
What are the risk for myself or my company ? Can I be disqualified by Adsense or another online advertising program ?
Those bots don't generate ad traffic, even if they do, google and ad companies detect them, I used to work in adserving. Again google, yahoo and major ad serving systems take precautions to prevent fake traffic etc.
Those bots basically searches for things like email adresses, contact information in short any kind of information. Dont forget google uses bots to crawl internet which they have google search engine.
Some bots place comments on higher ranking sites for SEO work.
This is just a big business.
if you want to avoid them, take a loot at here : http://www.robotstxt.org/faq/prevent.html
However, these are just standarts and some folks dont care about them. But then i wouldnt really worry that much.
Spammers are trying to get traffic to their sites. Very often curious webmasters visit "referring" websites, and spammers can show them advertising, or redirect them to sites like amazon.com or alibaba.com to put affiliate cookie (and get revenue in case their targets buy something later).
We have a site that is serving some RSS feeds, and we'd like to know how many people is subscribed to each one, without using a system like FeedBurner to serve them.
The original approach to figuring this out was basically logging requests, and then getting the number of unique IP's that had requested each feed. However, if I get 1 million people subscribing through Google Reader, for example, then I'm only going to get 1 request from Google for all the subscribers, right?
Is there a way around this?
How does FeedBurner itself work around it?
Being Google's property now, it can surely find out how many people are subscribed to a certain feed in GReader specifically, but I'm sure there are other online RSS feeds that would pose the same problems.
Any ideas?
This doesn't answer your entire question, but when Google Reader crawls your feed, it will expose to you, in the User-Agent, the number of people subscribed via Google Reader:
http://www.google.com/support/reader/bin/answer.py?hl=en&answer=70001
I have a web app that generates RSS feeds. I would like to offer users the ability to subscribe to these RSS feeds by email.
I know I can use Feedburner to manually burn my feeds and offer email subscriptions. The problem is I offer hundreds of RSS feeds and don’t want to manually burn a feed just for this one feature.
Does anyone know of a service or API (preferably free) that allows you to create an RSS feed to email sign up on the fly? Any help is much appreciated. Thanks.
-Ace
You can use the Feedburner Managment API to programatically burn your feeds - and then enable email subscription.
Feedburner(http://feedburner.google.com) provides statistics about RSS feed of subscribers and reaches. This is interesting.
It is easy to understand that Feedburner can count visits (reaches) to a RSS feed. But, how does Feedburner get to know subscribers to a RSS feed.
In my understanding, each requests to RSS Feed URI is independent. There are no cookies or identity validation. So, how does feedburner know how many subscribers to a RSS feed?
The easy part is Google tell it the number of Google Readers, and so do the other Reader/Aggregators.
For individual users polling the RSS/Atom feed, there are http headers involved in the request, so users are tracked by IP address, and when behind proxies, a number of proxies include original IP in header, this helps sort between proxied sources.
Failing that you could read the FeedBurner help on that topic.
I wonder if it knows anything at all.
--- end sarcasm ---
Seriously, my sub numbers for my blog will jump from about 2k to about 3k at the drop of a hat.
Determining subscriber count is an inexact science at best.
It does rely on reporting from other services, and sometimes these services go down, or they change how they report.
Services like FeedBurner are actualy a proxy feed to your blog's feed. So when you use FeedBurner (or alike) users subscribe to a feed hosted on Google's servers that is fed from your feed.
Thusly people are really subscribing to the feed hosted by Google and they can then get statistics just as if you were visiting a site.