Cenzic 232 Patent
Paid Advertising
web application security lab

Image Leaching Just Got A New Tool

Welp, I finally had it. Someone was using my stupid redirect finder for too long. I closed down access to the cgi logging portion for about a month, I explained it on the blog post for anyone who was interested and STILL I was getting spam in my logs. You’d think I would have built some failsafe into my own GreaseMonkey script to automatically shut it off, but no, I had to be secure, and make it completely invulerable to outside influence. I’m such an ass sometimes! The problem is it was spamming my logs like crazy. And yes, I can grep -v but I really don’t want to have to do that. I’d rather people just not spam my damned logs when I turn off access to the script anyway. So I had to think of a new way to get rid of that crap from my logs forever.

First we have to consider exactly what that tool was doing. Everytime it saw a potential redirect hole it queried an image on my server (which was really a CGI script). That script then logs the information for eventual retrieval (primarily for use in blackhat SEO actually, but also redirects are useful for spam and phishing attacks as well). Anyway, so it doesn’t do much. It doesn’t even display the image, so I can’t even put a goatse or tubgirl (hmmm, I wonder how many times I can throw those two terms into this post?) picture on every page they visit or anything. Time to think outside of the box, as I would imagine goatse or tubgirl might do.

A day or so later I was surfing around on, no, not for goatse or tubgirl, but rather my own damned site and I came across the solution: a popup! Why not hijack their computer with a mailto: popup every time they visit my page? Oh, it’s so simple I could have kicked myself for not thinking of it a month earlier - I’m feeling like goatse or tubgirl probably do right about now - all used up. Here’s the script:

#!/usr/bin/perl
print “Location: mailto:Dude, remove redirect from Greasemonkey already, I shut that crap down a month ago, email h\@ckers.org if you have questions\n\n”;

Yes, and just like that, poof! Almost all the traffic died down immediately. I guess people don’t like it when you force outlook or thunderbird to open on nearly every page view, just like people don’t like goatse or tubgirl. Go figure. But then I started thinking about it and there are other applications beyond a goatse or tubgirl substitute. One thing I’ve noticed is that lots of sites pull my favicon.ico file when linking to me. Most of them restrain the size so I can’t scar their website with the images of goatse or tubgirl so I’m left with little options. But what if I just want to let the user know, “Hey, guess what, stop stealing my bandwidth from your feed reader and download the picture already!” Not that they could do much about it on most systems since the user who will see it will have had nothing to do with it, but it sure would wake them up in a hurry.

Total goatse and tubgirl count, including this sentance? 8 times. I rule.

One Response to “Image Leaching Just Got A New Tool”

  1. Legionnaire Says:

    Nice one :) It really made me laugh.