Jump to content


Web Site Design, Usability, SEO & Marketing Discussion and Support

  • Announcements

    • cre8pc

      20 Years! Cre8asiteforums 1998 - 2018   01/18/2018

      Cre8asiteforums In Its 20th Year In case you didn't know, Internet Marketing Ninjas released many of the online forums they had acquired, such as WebmasterWorld, SEOChat, several DevShed properties and these forums back to their founders. You will notice a new user interface for Cre8asiteforums, the software was upgraded, and it was moved to a new server.  Founder, Kim Krause Berg, who was retained as forums Admin when the forums were sold, is the hotel manager here, with the help of long-time member, "iamlost" as backup. Kim is shouldering the expenses of keeping the place going, so if you have any inclination towards making a donation or putting up a banner, she is most appreciative of your financial support. 
Sign in to follow this  

The Evil Url Shortener

Recommended Posts

Just a little extra pre-Christmas Cheer for the paranoids out there...


d0z.me: The Evil URL Shortener by Ben Schmidt, Spare Clock Cycles, 19-December-2010.

With these issues in mind, I began wondering: what would happen if I mashed them all together? Enter d0z.me: a proof-of-concept URL shortener that, while getting users to their destinations, also covertly attacks an arbitrary server.


When users click on the link, they appear to be redirected to the requested content, but they are in fact looking at the page in an embedded iframe. This is identical to how those rather annoying Digg and Stumbleupon toolbars work, except the embedding is invisible to the user (minus the location URL in the toolbar). While the users are busy viewing the page, a malicious Javascript DoS runs in the background, hammering the targeted server with an deluge of requests from these unsuspecting clients. If these clients continue browsing from that page, we can maintain our DoS in the background the entire time.


There are a few other little nasty uses of this type of Innocent Surfer background activity. DoS would seem the least profitable.

Share this post

Link to post
Share on other sites
Guest joedolson

Yes, that definitely seems nasty. Interesting to think about, but it sure does keep one questioning URL shorteners...who knows what could be happening in the background?

Share this post

Link to post
Share on other sites

Certainly a thing to be avoided.


Perhaps to divert this to a more useful line of thinking, I am now using the URL shortening service from those 'Do No Evil' people. That's to be found at http://goo.gl I even use it for URLs that are 'private'. I'm assuming that the corresponding URL does not go into the regular Google search indices.


Is that a safe assumption?

Share this post

Link to post
Share on other sites

Safe? You want safe?

Safe is a relative thingy, on the web as in bank vaults.


Regarding 'brand' shorteners such as goo.gl - never forget that if the site with the shortened links is cracked or otherwise rotten any link can lead to anywhere, include various additional functionality, etc.


What you see is not always what or, perhaps, all that you will get.


Am I suggesting that one not click shortened links?


Just be aware that dragons do exist and they do be nasty critters.


The more a browser or web app has to interact with the OS, i.e. client-side scripting, the greater the risk exposure. Which casts somewhat of a gloom on current webdev direction, doesn't it?



Share this post

Link to post
Share on other sites

I use my own shortener now for anything that I think may need some legs, otherwise Google's.


My concern with anything but my own is that they can redirect your url at any time. Bitly is very popular, but what if they close down and redirect all urls to their own affiliate site? Unlikely, but it could happen.

I have never read the TOS on any url shortener, probably worth a look.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this