[X Newbies] Vicious Spam

Vincent Cayenne vcayenne at mac.com
Mon Jan 26 10:35:18 PST 2004


At 11:55 AM -0600 1/26/04, Michael Winter wrote:
>><http://www.fdic.gov@211.191.224.108:3180/index.htm>
>
>See the @211.191.224.108? The "@"  means the numerical IP address is 
>the one being used, and anything in front of that is simply data 
>being sent along for the ride.

Actually, for protected areas of a site requiring login, a legitimate 
URL construct is http://username:password@actual.site.address, so web 
servers "see" the URL we're looking at a little differently from the 
way many would suspect. The http:// is standard, then the entire bit 
before the @ would be passed as a login and the stuff between the @ 
and the : is the site address. After the second : comes the port on 
that machine that's being accessed - usually it is port 80 and does 
not have to be specified as that's the default but they're running 
their server on 3180 instead. The rest is the specific document on 
that server that is being retrieved for display by the browser.

>  That's how some sites determine who "refers" the browser to them 
>(mostly used for ads). In this case though, its simply being used to 
>obfuscate the actual address.

Yes, they're using a valid URL construct that is obscure to many 
people so that even if recipients go beyond the underlined URL in 
their HTML mail display and actually look at the real address, many 
might look no further than the portion before the @ and that portion 
has nothing to do with the destination.
-- 
Any sufficiently advanced technology is indistinguishable from magic.
  - Arthur C. Clarke



More information about the X-Newbies mailing list