 |
|
Please Whitelist This Site?
I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :)
If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads.
If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK.
Thanks for your understanding!
Sincerely, Charles Kozierok
Author and Publisher, The TCP/IP Guide
|
|
|
Custom Search
|
|
URL Obscuration, Obfuscation and General Trickery
(Page 2 of 4)
Common Obscuration and Obfuscation Techniques
It is a cruel irony that the complex syntax that was built into URLs to allow them to be so flexible, has been exploited by the obnoxious into tricking people. They know that most people are used to seeing simple URLs like “http://www.myfavoritesite.com” and do not realize that the full URL syntax allows the same resource to be specified in literally millions of different ways.
So these people, desperate for hits to their Web sites at any cost, keep coming up with new tricks for manipulating URLs. These are focused on HTTP scheme URLs, though in theory the tricks can be applied to several other types as well (though obviously they won't work with some schemes). Here are some of the more common gimmicks that have been used, past and present (note that if you are trying these out as you read, some examples may not work on certain browsers):
In some cases, a URL is just made really long by the addition of lots of gibberish as a “query string”, so that the user's eyes glaze over just looking at it. This is a relatively “unsophisticated” technique, however, since one can easily tell what the real host name is by looking at the start of the URL. Most of the better scammers have moved beyond such simple tricks today.
Internet users are so accustomed to using DNS names that they don't realize that one can access a URL using an IP address at all. So most people don't realize that The PC Guide can be accessed as easily using <http://209.68.14.80> as <http://www.PCGuide.com>. (Note that this is not true of all Internet hosts; those that use virtual names cannot be accessed using just an IP address.)
This is not really trickery per se. It is quite legitimate, and in some ways even necessary—for example, for accessing a site that is having DNS problems. The problem here is that usually one cannot tell what a site is from the IP address alone, and many people will just click on an IP address link without bothering to find out what it is.
It is possible to register a DNS domain name consisting of just a single number. For example, one could register “114.com”. And then one could create subdomains within it such as “42.12.205.114.com”. At first glance this appears to be an IP address specification, so someone might think it would resolve to the address 42.12.205.114—when in reality, it is some other address.
I believe that DNS name registrars have been cracking down on this sort of trickery, so it may not be as prevalent now as it once was.
|
| |||||||||||||||||||
Home - Table Of Contents - Contact Us
The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005
© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.