The solution outlined below is believed to be obsolete & ineffective, but retained for historical interest. Phorm have changed their method of operation to hi-jack image requests. You should encrypt your web communications using SSL.
Cookie Tripwire; Detect Phorm Cookie Stripping
This solution, contributed by Tarka, is a variation on Cookie Rewriting. It uses a combination of client side and server side code to detect Phorm.
The server side code deliberately sets a 'Webwise' cookie (assuming Phorm will attempt to hide their phorged cookie by stripping it from server requests).
The client side executes a Javascript which creates a list of cookies visible to the client .
When a subsequent request reaches the server, the list of cookies visible to the client is compared with a list of cookies visible to the server.
Any differences between the two will trigger an immediate redirection.
Updated 15/11/2008 to take account of the published webwise-uid cookie name.
Installation
Include the following code into every one of your pages;
<?php setcookie("webwise-uid", "Dephormation Test Cookie"); require_once("tripwire.php"); ?>
<html> <head> <script language="javascript" src="tripwire.js"> </script> </head> <body> <p>My Page</p> </body> </html>
Download Cookie Tripwire Code Here
Download Cookie Tripwire Zip Archive.
MD5Sum: f3a2caa32cdd3619b9f97f7003727e02