Archive for the ‘Regexps’ Category

Preventing Bandwidth Leak With Correct Out URLs

Wednesday, May 21st, 2008

There is a common practice to use outgoing links from your site to track visitor activity. For example, your site is www.site.com, and external links look like www.site.com/out.php?url=http://anothersite.com . It is OK for counters and traffic tracking, but may be used for an uncommon way. It this sample you may replace http://anothersite.com with any other site and your site will redirect to it. Do you understand what can it be used for?

Spamming, phishing and other stuff like this often relies on such bugs. You may receive abuses from anybody because you cannot know what kind of sites will be promoted and what will be the way to do it.
Even monsters, like Google and ADRiver have such a traffic leak. I recently found in my mailbox e-mails with links to:
http://www.google.fr/pagead/SOME_PARAMS&adurl=SPAMMER’s URL and http://ad.doubleclick.net/SOME_PARAMS?SPAMMER’s URL .
How do you prevent such things? First of all, never use such a construction with url=http:// and so on. You can assign an unique id for each URL and store it into database or text file and create outgoing URLs with such IDs. www.site.com/out.php?id=YOUR_ID will be much better and will save you from this malicious activity.

Be patient with standard scripts, as some of them contain such a vulnerability. For example, Autorank Pro and some other may contain such URL syntax. Have a nice day and make your URLs in a correct way!

Testing Regular Expressions Online

Saturday, May 3rd, 2008

Just wanted to share some useful links with you. If you often use regular expressions, you might find useful to check them online or anywhere else before your code is executed.

First of all, an Online Service that seems to be free: RegExr: Online Regular Expression Testing Tool It allows you to check whatever you want and has most useful meta symbols built in.

If you are on Windows, you might like this tool: TRegExpr It allows you to check your code in Windows without the necessity to execute it first. Just paste a sample of the text you’re working with and check the results immediately. Software is written in Delphi and is free for personal use.

The next site is Sexyregex.com. You can find regex library there, so it is not just testing, but also giving you ideas for your own needs.

If you have any other interesting sites, you’re welcome to share them with me. Just let me know and I will add them to this page.