OS and Software > Webmasters and Developers > Kasia is not nuts really - She made the Register!

Kasia is not nuts really - She made the Register!

---

It's potentially easy to hijack blogs through mendacious JavaScript code, a posting on one Web log (kasia in a nutshell) notes.

So the message is to double check referrers to make sure they link to a valid site, with links back to the blogger's site (if you will).

---

Okay. She made The Register, and that's great. I read the article and Kasia's entry, but I don't understand what they're talking about.

Kasia?

reply to cjsmith
Ooo, famous!

Congrats on the mention

reply to cjsmith
What was the topic?

I got sidetracked on Kasia's site looking at the pic of her box.

Any hope of a shot of your rack in the near future Kasia?

Re: Kasia is not nuts really - She made the Regis

I think it would be great if you could explain what could happen through referral links. I read your post, but still would like to have a clearer explanation if you don't mind.
--
] ::my trivial ramblings:: [

reply to nil

said by nil:

---

bluebear.. are you asking what is blog hijacking through referer links?

---

reply to DaSneaky1D
Well, essentially, some websites (many weblogs do this, I don't) display the most recent or the most numerous referers directly on their weblog..

»jeremy.zawodny.com/blog is one example.

It's really easy to hack what the browser is reporting as a referer when hitting a website.. you can put *anything* in there and in this instance someone put a javascript that redirects the page to another page.. so the blog is essentially hijacked, as all traffic incoming (that has javascript enabled) is redirected to another page... Don't even need to hack a browser to do this, a telnet session is sufficient.

The lesson here.. always clean anything you display on a page if you can't trust the input. For things like comments and posts that's immediately apparently but not many people would think that a referer.. something that seemingly comes from your own server log is dangerous.. well.. it is.

Does this make more sense now?
--
daily madness

reply to cjsmith

Re: Kasia is not nuts really - She made the Register!

reply to nil

Re: Kasia is not nuts really - She made the Regis

reply to cjsmith

Re: Kasia is not nuts really - She made the Register!

reply to bluebearMX

Re: Kasia is not nuts really - She made the Regis

aha, I wasn't gonna post that because then I'd be a noob if I was wrong.

So here it is in Skyroket terms:

You keep track of who sends people to your page. You post those results in some log.
People sneakily get some javascript to get in your log so that when people go look at your weblog, they get redirected to some page...

Benefits of doing this would be?? more hits on your page? More publicity to your page? If you're running ads on your page you get $$ for every time the ad is loaded...etc?

reply to nil
So, basically, you're just being sent back to the same page, right? What's the benefit of that though?

reply to skyroket
What is up with the weblogs....people display those publicly? I couldn't care less how many people go to the same sites I do...there are people who care?

reply to bluebearMX
No.. not the same page.. any page someone wants to redirect people to.. could be a porn site.. or something
--
daily madness

Ok. Really, I'm not playing dumb. I think I understand now. So, what they are doing is sniffing out people redirecting them to other sites?

No.

I don't think you understand what a referer is? In terms of an http request anyway.. referer is one of the fields sent by the client to the server basically saying "Hi, this where I'm coming from, so in theory this page is linking to you" Let's say that field is filled with »www.google.com/

So now the web server looks at it and says "Ah, cool, google is linking to me".. and in in the case of some happy blog owner he now has a script generate that on his weblog..

"hey look guys, I"m getting traffic from »www.google.com".. but see, he doesn't actually do this by hand just gets the referring url from the http request.

Now the bad guy takes that request and modifies it to instead of the link have a line of javascript like say.. <script>top.top.location.href=bignastypornsitecom';</script> and goes off and hits the weblog with this modified request (his own request, not someone elses).

The weblog owner has this scripted so he doens't see that this isn't a real referer and happily displays it on his page.. at which points this referer acts like any javascript would when embedded in html.. it redirects.
--
daily madness

Yeah, I know what a referrer is. I've used it before in ColdFusion. I just didn't understand what the javascript code injection was all about. I understand everything you're saying now. Thanks to imp's PM's and you.
--
AZIZAVENUE - For Macromedia Enthusiasts
Bezworks Design
Featured Client

reply to nil
Excellent explanation...I even understood it that time.