Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

thouse fake cnn (etc) pages

  • 12-12-2001 7:14pm
    #1
    Registered Users, Registered Users 2 Posts: 8,488 ✭✭✭


    I suppose this is a webmaster-ish question.

    how do you make thouse fake cnn pages? ..you know, the ones that look like there on cnn.com, but actualy point to some1's ip or webserver?


Comments

  • Registered Users, Registered Users 2 Posts: 12,309 ✭✭✭✭Bard


    I'd imagine it's a case of setting up a password protected site, with a user named "www.cnn.com" with a password of "80". Then the URL to get to that web site by http would be something along the lines of:

    http://www.cnn.com:80@123.123.123.123/

    (where 123.123.123.123 is the IP address of your web server.

    Just add a few 'realistic looking' subdirectories to this and yer off.

    e.g.:

    http://www.cnn.com:80@123.123.123.123/EU/Domestic/Finance/1122203.html

    ya dig?


  • Registered Users, Registered Users 2 Posts: 1,783 ✭✭✭Puck


    AFAIK there's no need to go setting up accounts or password protected areas on sites (but then again Bard would probably know more about this than me)

    eg:
    www.puck.ie@www.boards.ie will just take you to Boards.ie. I'm sure it can't be too different for IP Addresses.


  • Registered Users, Registered Users 2 Posts: 12,309 ✭✭✭✭Bard


    Originally posted by Puck
    AFAIK there's no need to go setting up accounts or password protected areas on sites (but then again Bard would probably no more about this than me)

    eg:
    [url=http://www.puck.ie@www.boards.ie/]www.puck.ie@www.boards.ie[/url] will just take you to Boards.ie. I'm sure it can't be too different for IP Addresses.

    Puck, when anonymous access is allowed, then you can still use a username (ANY username) to connect... with or without a password... and it wont make a jot of difference.

    For example... I just came up with this:

    http://www.completebunchofarse.ie@193.120.248.4/

    give it a click and see what you get :)

    :D


  • Registered Users, Registered Users 2 Posts: 8,488 ✭✭✭Goodshape


    i dig. cheers bard.

    ...but then again, i see what your on about puck... i dig that too...


  • Registered Users, Registered Users 2 Posts: 1,842 ✭✭✭phaxx


    No users, just put something before the real hostname/IP.

    http://www.cnn.com@www.YORE-MA-NEWS.com/fancy/subdirectories/YOREMA.html

    It's best to put the IP, because most people don't have a clue, and are used to seeing numbers and funny symbols in URLs, but if you use the IP, you can't put the page on a vhost[1], it has to be the main site, the main thing, the thing. I dunno the term for it.

    [1]: Virtual Hosts, where the browser gives the name of the domain it's looking for to the server, and the server responds with the appropriate site. When you specify an IP address, this doesn't happen. (no "Host: " header sent)


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,783 ✭✭✭Puck


    LOL

    Dammit you quoted my spelling mistake before i corrected it - "Bard would no more about this than me". Ah well it comes from writing too many txts and trying to save space etc.

    Anyway... so the am I right in thinking whole user-name part of the URL is useless unless you have special accounts set up on the site?

    So then anyone could set up some space on their own website that looks like the URL from, say, CNN by using the user name www.cnn.com, their IP address and directories that look like the directories that a site like CNN might use.


  • Registered Users, Registered Users 2 Posts: 1,842 ✭✭✭phaxx


    Well no, since the user doesn't exist there, it's just ignored and treated normally.

    [edit]I mean, the user doesn't exist and the page the browser is looking for isn't restricted, so it treats it normally[/edit]


  • Registered Users, Registered Users 2 Posts: 1,783 ✭✭✭Puck


    Maybe I should have rephrased that. Basically what I was saying is that the whole user-name part is usless unless there are any special accounts set up. I tend to confuse the point in my posts.


  • Registered Users, Registered Users 2 Posts: 1,842 ✭✭✭phaxx


    Nope. :)

    The username part is there because it's the only way of putting some text into the beginning of the url to fool the user without breaking something.


  • Registered Users, Registered Users 2 Posts: 1,982 ✭✭✭ObeyGiant


    For added realism, it's probably best if you don't use IP addresses.
    For example, in http://www.someurl.com@127.0.0.1/somepage.html the IP address stands out a little, but there is a trick to getting around it.
    We'll use 194.145.128.36 (www.iol.ie) as an example.
    * Open a scientific calculator program (Windows - start calculator, and choose "view -> scientific")
    * Put in the first part of the IP (in this case, 194) and press the "Hex" button.
    * This should give you the first part in Hex - in our example, C2
    * Write this down
    * Repeat for three remaining parts of IP address (145 - 91, 128 - 80, 24)
    * Switch your calculator to "Hex", and put in the completed Hex string (C2918024)
    * Press the "Dec" button, and this will give you a string of numbers (in the example - 3264315428)

    This is the IP in Decimal. This will work in most (standards-compliant (read: not netscape 4.*)) browsers, and looks a lot less suspicious than an IP address.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 12,309 ✭✭✭✭Bard


    eh... I'd have thought http://3264315428/ looked more suspicious than http://194.145.128.36/ - but thanks for explaining where those unusual addresses come from.


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    eh... I'd have thought http://3264315428/ looked more suspicious than http://194.145.128.36/

    Not when it's in a URL like http://www.whitehouse.gov@3264315428/ though, which I reckon was the point.

    but thanks for explaining where those unusual addresses come from.

    Yeah, web addresses should be (it's dependant on the browser supporting standards of course) accessible from a variety of mathematical representations of the IP address, including hex, and I think binary too.

    adam


  • Registered Users, Registered Users 2 Posts: 1,982 ✭✭✭ObeyGiant


    Originally posted by Bard
    eh... I'd have thought http://3264315428/ looked more suspicious than http://194.145.128.36/ - but thanks for explaining where those unusual addresses come from.
    Written like that, they do, but when mixed with what's already been explained above, the fact that there's an IP address doesn't "pop out" at you. As a matter of fact, it looks almost like one of those man random session IDs that many sites (such as CNN) use.

    eg.
    http://www.cnn.com@3264315428/somepage.html
    compared to
    http://www.cnn.com@194.145.128.36/somepage.html


  • Registered Users, Registered Users 2 Posts: 1,783 ✭✭✭Puck


    Sorry I did it again!

    What I meant by "useless" is that it doesn't make any difference in where the user is actually taken to. But yeah it still could be used to fool the user.

    I'm gonna shut up now before I confuse myself. Whether ye understand me or not I think I should just leave it at that. I don't think any of us are in disagreement here and Goodshape's question has been answered.

    I'll get me coat. :o


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    Lemme see if I can clear this up: Puck was trying to clarify that there doesn't need to be any particular configuration on the server-side for this. If HTTP_AUTH is turned on, then the username:password combination passed to the webserver throught the HTTP protocol will have to authenticate, i.e. it will have to match up with whatever method is used to validate it on the server side. If it isn't though, the username or username:password combination will simply be ignored and passed-through by the webserver.

    There you go, security through obscurity!

    adam


  • Registered Users, Registered Users 2 Posts: 12,309 ✭✭✭✭Bard


    pfft.

    Just use Opera and it'll warn you if you're about to be taken to one of these addresses...

    e.g.:

    OperaWarning.gif

    and it rocks for so much else too :D


  • Registered Users, Registered Users 2 Posts: 7,626 ✭✭✭smoke.me.a.kipper


    binary addresses wont work for me :(


  • Registered Users, Registered Users 2 Posts: 1,783 ✭✭✭Puck


    Originally posted by dahamsta
    Lemme see if I can clear this up: Puck was trying to clarify that there doesn't need to be any particular configuration on the server-side for this. If HTTP_AUTH is turned on, then the username:password combination passed to the webserver throught the HTTP protocol will have to authenticate, i.e. it will have to match up with whatever method is used to validate it on the server side. If it isn't though, the username or username:password combination will simply be ignored and passed-through by the webserver.

    There you go, security through obscurity!

    adam

    Bingo!!!! :)


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    Just use Opera and it'll warn you if you're about to be taken to one of these addresses...

    Oooh, it does an' all. Clever.

    and it rocks for so much else too

    Yeah yeah, you'd marry Opera if it was a woman, yadda yadda... :)

    adam


Advertisement