| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
URL Obscuration, Obfuscation and General Trickery (Page 2 of 4) Common Obscuration and Obfuscation Techniques It is a cruel irony that the complex syntax that was built into URLs to allow them to be so flexible, has been exploited by the obnoxious into tricking people. They know that most people are used to seeing simple URLs like http://www.myfavoritesite.com and do not realize that the full URL syntax allows the same resource to be specified in literally millions of different ways. So these people, desperate for hits to their Web sites at any cost, keep coming up with new tricks for manipulating URLs. These are focused on HTTP scheme URLs, though in theory the tricks can be applied to several other types as well (though obviously they won't work with some schemes). Here are some of the more common gimmicks that have been used, past and present (note that if you are trying these out as you read, some examples may not work on certain browsers): In some cases, a URL is just made really long by the addition of lots of gibberish as a query string, so that the user's eyes glaze over just looking at it. This is a relatively unsophisticated technique, however, since one can easily tell what the real host name is by looking at the start of the URL. Most of the better scammers have moved beyond such simple tricks today. Internet users are so accustomed to using DNS names that they don't realize that one can access a URL using an IP address at all. So most people don't realize that The PC Guide can be accessed as easily using <http://209.68.14.80> as <http://www.PCGuide.com>. (Note that this is not true of all Internet hosts; those that use virtual names cannot be accessed using just an IP address.) This is not really trickery per se. It is quite legitimate, and in some ways even necessaryfor example, for accessing a site that is having DNS problems. The problem here is that usually one cannot tell what a site is from the IP address alone, and many people will just click on an IP address link without bothering to find out what it is. It is possible to register a DNS domain name consisting of just a single number. For example, one could register 114.com. And then one could create subdomains within it such as 42.12.205.114.com. At first glance this appears to be an IP address specification, so someone might think it would resolve to the address 42.12.205.114when in reality, it is some other address. I believe that DNS name registrars have been cracking down on this sort of trickery, so it may not be as prevalent now as it once was.
Home - Table Of Contents - Contact Us The TCP/IP Guide (http://www.TCPIPGuide.com) Version 3.0 - Version Date: September 20, 2005 © Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved. Not responsible for any loss resulting from the use of this site. |