rconner Posted February 6, 2009 Share Posted February 6, 2009 This one is new to me (maybe not to others): tracking URL This is the usual network-markering-guru BS. Spammer refers me to a URL at go2-url.com, which reports 404 status in the header, but which actually imports the spam pitch from some other website (hosted by our pals at theplanet.com) using a FRAMESET. Clearly, go2-url is not playing by Hoyle. They are reporting that a resource is not found (404) when it manifestly was found. In fact, in other cases, I've seven seen them use the 404 page to advertise how you can exploit 404 pages to stuff them with ads. If this sort of thing catches on, you will no longer be able to trust 404s to mean that websites are offline. -- rick Link to comment Share on other sites More sharing options...
Miss Betsy Posted February 6, 2009 Share Posted February 6, 2009 Do you mean that they can exploit any 404 or just their own? This is an area where I have just enough knowledge to be dangerous!! So, be aware that I need really simple answers. Miss Betsy Link to comment Share on other sites More sharing options...
Wazoo Posted February 6, 2009 Share Posted February 6, 2009 Totally different results. No FRAME set at all, a whole slew of javascripts and a meta-Refresh command .... <html> <head><title>Sorry - Page not found at Royal-Health.Com</title> <!-- Header Basic .txt - SSI --> <scri_pt TYPE="text/java scri_pt" LANGUAGE="java scri_pt" src="h ttp://www.royal-<broken>health.com/right-off.js"></scri_pt> <scri_pt TYPE="text/java scri_pt" LANGUAGE="java scri_pt" src="h ttp://www.royal-<broken>health.com/affil.js"></scri_pt> <scri_pt TYPE="text/java scri_pt" LANGUAGE="java scri_pt" src="h ttp://www.royal-<broken>health.com/tab-basic.js"></scri_pt> <meta http-equiv="refresh" content="3; URL=ht tp://www.royal-<broken>health.com"> spamvertised URL hosted at rackspace (at 209.61.173.98) However, redirection to another (totally different) web-site hosted at ntt.net (at 198.170.244.223) ht tp://www.treasure<broken>huntmarketing.com/main.html Already have way too many windows opened up on three systems, so am not going to go any further ... will just agree, what a freaking mess ,,,, Link to comment Share on other sites More sharing options...
rconner Posted February 6, 2009 Author Share Posted February 6, 2009 Do you mean that they can exploit any 404 or just their own?The latter, I think. Out of the can, Apache gives you a rudimentary 404 page that it will serve when people ask for non-existent data, but you can replace this with anything you like -- presumably even the content that was supposed to be "not found" If you had (say) a spam investigation tool that checked on websites just by pulling their HTTP headers (and not inspecting the contents), you would be misled into believing that this one was offline when it fact it was not. This perverts the reason for the 404 code. I think the guy I mentioned just got drunk on his "leet" webmastering skills and was offering to impart this valuable information to the waiting masses. Totally different results. No FRAME set at all, a whole slew of javascripts and a meta-Refresh command .... Was this from the same tracker URL, or from another spam? -- rick Link to comment Share on other sites More sharing options...
Farelf Posted February 6, 2009 Share Posted February 6, 2009 ...If this sort of thing catches on, you will no longer be able to trust 404s to mean that websites are offline.Frameset redirection and HTTP status are evidently two different things and would 'always' have been so, but yeah, I haven't heard of that being deliberately exploited before. And it does appear deliberate, given the breathless "P.S. I was told that this report is going to be taken offline really soon. So don't wait, go to the site now. It won't cost you anything, so do it now: ..." - the classic hurry up (don't think) or you're gunna miss out . Perfect for a malware drop, eh? (Sucker arrives, sadly regards 404, "Aww, it's gone already," meantime, behind the scenes ...) I see framesets at that url - using GET from http://www.asymptoticdesign.com/aux/header-viewer.cgi Link to comment Share on other sites More sharing options...
rconner Posted February 6, 2009 Author Share Posted February 6, 2009 And it does appear deliberateOf that I have no doubt. I've been watching these guys for a couple of weeks now (my work address seems to be on their list), and the sites are invariably 404s, some of which are "really" 404s (with the ad about how to make 404s work for you), and others are using the <frameset> gag. What I haven't figured out is whether the hoster/redirector is directly in bed with the people at the redirected-to sites. -- rick Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.