Snitz™ Forums 2000
https://forum.snitz.com/forumTopic/Posts/68780?pagenum=1
05 November 2025, 18:31
Topic
Etymon
Understanding URLs?
16 July 2009, 19:37
I have seen some URLs look like this:
www3
but, as a rule, do all URLs start with:
www
Replies ...
bobby131313
16 July 2009, 19:59
No, subdomains are very common even on monster sites. About.com is a good example.
Etymon
16 July 2009, 20:12
Ah! Thank you Bobby!
What got me to thinking about it is shortened urls being used in a forum. I wonder if there is a way to check the shortened url against a database (on site or other) to determine if the url goes somewhere that goes against the forum's policy. For example a tiny url leading to pornography, spam, or something malicious.
My original thought was about shortened urls, but it would be nice to be able to check any link against a filter kind of like when a site checks email addresses against a list of known spammers. That is where this is leading.
Etymon
16 July 2009, 20:30
I am wondering how to develop something like this does, for example:
http://untiny.me
Etymon
16 July 2009, 20:36
I did a Google search for "lengthen shortened URL" and found some services to lengthen URLs. Maybe the solution is to recommend users to install a plugin for their browser. Any ideas on this?
bobby131313
16 July 2009, 20:39
I installed the url shortening mod to prevent horizontal scrolling, then put tinyurl type sites in the bad word filter. I had to do it because of buttheads trying to steal cookies from me, but it would serve the same end result for you wouldn't it? Users just couldn't post them at all.
Etymon
16 July 2009, 20:40
OK. Here is a JSON API:
http://www.longurlplease.com/docs and something else from them http://blog.longurlplease.com/2009/01/using-longurlplease-with-flxhr.html
Etymon
16 July 2009, 20:43
Yes, that is a great idea, Bobby!
A question comes to mind of how to keep up with every tiny url site that comes about. Is there a web site that tracks that kind of stuff?
bobby131313
16 July 2009, 20:45
Eh, I don't see all that many. Takes 2 seconds to throw them in the bad word filter when I see them. Haven't seen a new one on my forum in months.
Etymon
16 July 2009, 20:46
I guess I could use your badword filter and replace the tiny url attempt with (off-site shortened URLs are not allowed).
Instead of a link reading like this:
http://tiny.tr/Ui8s
It would read like this:
http://(off-site shortened URLs are not allowed)/Ui8s
That would get the message across pretty quickly about the site's policies.
bobby131313
16 July 2009, 20:49
That's exactly what I do.
Etymon
16 July 2009, 20:50
I got to reading these things which got me to thinking about the possibility of this exploit being on the rise:
The one site said that according to their resources the increase in popularity in the last month (I think?) rose from nearly 0% to 2%, so that's why I am on the lookout for an alternative ahead of the game.
Etymon
16 July 2009, 20:53
Also, I want to add a deterrent to registrations and profiles on the forum that will scan for shortened urls and not allow them. That is why I was looking for a filter ... but as you so generously pointed out, the badword filter can do just that or at least a derivative of it can be applied.
bobby131313
16 July 2009, 20:59
There's also a huge rise in images being used by spammers to set affiliate cookies on your users machines. Check out all broken images by new members. Some forum packages assign blank alt tags so you don't even see them. There are forum owners getting robbed blind and don't even know it.
Etymon
16 July 2009, 21:02
Is that something that is safe enough to talk about here openly? Seems a fix is in order.
bobby131313
16 July 2009, 21:08
Other than checking all broken images, your at thier mercy really.
I have my forum set up so that I get an email with every members 1st and 5th posts with a link to thier profile and I check thier posts. I am also constantly on the lookout for broken images. If I find a malicious one, I put the host name in the bad word filter and change it to BAN THIS MEMBER NOW.
They're slick too, they'll put it in the middle of a bunch of off site smileys and it just looks like one of them is innocently busted.
Etymon
16 July 2009, 21:11
Thanks Bobby. Hmmm ...
How often do you get broken images?
How often are the broken images malicious?
bobby131313
16 July 2009, 21:15
I catch one every few months. Malicious is probably the wrong word, they won't harm your users computers, but they will steal from legitimate affiliate marketers, including you if you are one.
Etymon
16 July 2009, 21:22
It seems that you could do a comparison with an (if ... then ... elseif ... end if) statement against the messages being submitted in the forums.
For instance, you could something like this in post_info.asp
if instr(TxtMsg,".jpg") = 0 then
and then depending on the results have the code automatically fire off an e-mail to you regarding the exact post. That way you could be more current with when images are posted and not be as frustrated checking random messages with the "does this have an image in it?" aggravation. The way you are doing it is catching 25% of 100% of your forum's posts instead of 100% of only posts containing images. Less overhead and all. [^]
Etymon
16 July 2009, 21:23
If I understand you correctly, are you saying the broken links can steal your cookies "if you click on them and redirected elsewhere"?
bobby131313
16 July 2009, 21:25
Yikes, I'd go crazy. Every other post on my forum has images. My mods all know about it too, so they don't last long when they post.
bobby131313
16 July 2009, 21:26
Don't even have to click on them, just load the page and it's done unless your browser blocks third party cookies.
Etymon
16 July 2009, 21:29
Hmmm. I wonder if there is a way to have the forum block third-party cookies.
Etymon
17 July 2009, 03:33
OK, so like say if I do a test like is in the link below and somehow show an alert to the forum visitor stating they need to not accept third part cookies, how do you recommend to proceed from there?
3rd Party Cookie Test: http://codingforums.com/showthread.php?p=832105
Etymon
17 July 2009, 03:37
The link above vaguely addresses a theoretical approach to testing with just a snippet of code. This link seems to go into more detail about testing for different types of cookies:
What I am thinking Bobby is that you could use the third party cookie test as mentioned above by placing a test iframe into the header of your site (domain #1), and then place a url redirect within the cookie that is on the other domain (domain #2) that takes your visitor to an information page which tells the site visitor on domain #1 to not accept third party cookies, why, and how to adjust their browser options. I am thinking of doing that.
From what I read a lot of browsers are set by default to not accept third party cookies. I am wondering what kind of effect my above suggestion would have on a site's visitors. I guess it is all in how it is executed.
Panhandler
17 July 2009, 09:10
Marcel at Oxle has, I think, developed a "link shrinker".
http://oxle.com/topic.asp?tid=2283&SearchTerms=link,shrinker
Etymon
17 July 2009, 09:46
Thanks Pandhandler!
Yes, I forgot about his Shrinker.
See, the problem is with banning out tiny URLs is how many sites are their like Oxle? I mean, I like the idea behind shortening a URL, but you know how good things do get abused by those who intend to deceive!
bobby131313
17 July 2009, 10:41
From what I read a lot of browsers are set by default to not accept third party cookies.
My downloads of FF 3.5 and IE8 accepted them out of the box.
Etymon
17 July 2009, 11:01
OK. Hmmm. Well, I am running FF too and noticed it also accepted them out of the box.
My mods all know about it too, so they don't last long when they post.
