funsec mailing list archives
RE: Empty Home Page, Meta Refresh To Content
From: "Larry Seltzer" <Larry () larryseltzer com>
Date: Sun, 11 Nov 2007 13:21:29 -0500
Thanks. Still looks weird. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com -----Original Message----- From: Dr. Neal Krawetz [mailto:hf () hackerfactor com] Sent: Sunday, November 11, 2007 11:07 AM To: Larry Seltzer Cc: funsec () linuxbox org Subject: Re: [funsec] Empty Home Page, Meta Refresh To Content On Sun Nov 11 08:03:37 2007, Larry Seltzer wrote:
While doing research on this malware through ads thing i did what I often do, opened a web page into my text editor (TextPad) which loads the HTML. I did this to http://www.ynetnews.com/. This is what it loaded: <!-- SystemTeam, Realcommerce ltd. 2006 --> <!-- Vadim::20060125 --> <HTML> <HEAD> <meta http-equiv="Refresh" content="0; url=/home/0,7340,L-3083,00.html"> </HEAD> <BODY BGCOLOR="#FFFFFF" style='margin:10' scroll=no> </BODY> </HTML> That's interesting. The actual page is basically empty, but they use a
Meta Refresh with a 0 delay to load the content. Why would anyone do this?
Hi Larry, I cannot speak for them, but there are some real reasons to do this. For example, the web content provider may not have access to the web server configuration. So, if you want "/" to redirect to "/home/..." then a meta-refresh is one quick way to implement the redirection. You see this when IT and Webmaster are not the same person and not well coordinated. A 3xx redirection would be ideal, but a meta-refresh is a great workaround. Another redirection methods uses JavaScript, but then JavaScript must be enabled. The final fallback are pages that say "if you are not redirected, then click here" and rely on the human. Another reason to use redirection involves bot management. Many bots don't set the Referer field (not my spelling error!) and don't use cookies. So if you don't want bots crawling your site, you can use a meta-refresh to access the actual content. The browser may set the referer, but will return cookies. - Most (all?) versions of Firefox will not set/change the Referer in response to a meta-refresh or 3xx redirection, but Opera will. This varies by browser. - All browsers (with cookies enabled) will return a cookie. Have "/" set a cookie and redirection, then the cookie will be sent to the redirected page. Similar to bot management, you can use this to track users. Those are just the ones off the top of my head (where the hair used to be) and I am sure that there are other reasons. -Neal -- Neal Krawetz, Ph.D. Hacker Factor Solutions http://www.hackerfactor.com/ Author of "Introduction to Network Security" (Charles River Media, 2006) and "Hacking Ubuntu" (Wiley, 2007) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Empty Home Page, Meta Refresh To Content Larry Seltzer (Nov 11)
- <Possible follow-ups>
- Re: Empty Home Page, Meta Refresh To Content Dr. Neal Krawetz (Nov 11)
- RE: Empty Home Page, Meta Refresh To Content Larry Seltzer (Nov 11)