Re: Empty Home Page, Meta Refresh To Content

["Dr. Neal Krawetz" <hf () hackerfactor com>]

On Sun Nov 11 08:03:37 2007, Larry Seltzer wrote:
> While doing research on this malware through ads thing i did what I
> often do, opened a web page into my text editor (TextPad) which loads
> the HTML. I did this to http://www.ynetnews.com/. This is what it
> loaded:
>
>                 <!-- SystemTeam, Realcommerce ltd. 2006 -->
>                 <!-- Vadim::20060125 -->
>  
>                 <HTML>
>                  <HEAD>
>                   <meta http-equiv="Refresh" content="0;
> url=/home/0,7340,L-3083,00.html">
>                  </HEAD>
>                  <BODY BGCOLOR="#FFFFFF" style='margin:10' scroll=no>
>                  </BODY>
>                 </HTML>
>  
> That's interesting. The actual page is basically empty, but they use a
> Meta Refresh with a 0 delay to load the content.
>
> Why would anyone do this?

Hi Larry,

I cannot speak for them, but there are some real reasons to do this.

For example, the web content provider may not have access to the web server
configuration.  So, if you want "/" to redirect to "/home/..." then a
meta-refresh is one quick way to implement the redirection.

You see this when IT and Webmaster are not the same person and not well
coordinated.  A 3xx redirection would be ideal, but a meta-refresh is a
great workaround.  Another redirection methods uses JavaScript, but
then JavaScript must be enabled.  The final fallback are pages that say
"if you are not redirected, then click here" and rely on the human.

Another reason to use redirection involves bot management.  Many bots
don't set the Referer field (not my spelling error!) and don't use
cookies.  So if you don't want bots crawling your site, you can use a
meta-refresh to access the actual content.  The browser may set the
referer, but will return cookies.
  - Most (all?) versions of Firefox will not set/change the Referer in
    response to a meta-refresh or 3xx redirection, but Opera will.  This
    varies by browser.
  - All browsers (with cookies enabled) will return a cookie.  Have "/"
    set a cookie and redirection, then the cookie will be sent to the
    redirected page.

Similar to bot management, you can use this to track users.

Those are just the ones off the top of my head (where the hair used to be)
and I am sure that there are other reasons.

                                        -Neal
--
Neal Krawetz, Ph.D.
Hacker Factor Solutions
http://www.hackerfactor.com/
Author of "Introduction to Network Security" (Charles River Media, 2006)
and "Hacking Ubuntu" (Wiley, 2007)

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.