I administer a lot of sites and have statistics tracking for all of them. I use the unix based Webalizer program which gives a nice overview of how the site is doing – unique visitors, page views, most popular URLs, etc. In addition to that, I also use a modified cookie tracking script called Sale Tracked from Down to Earth Scripts (which I guess has changed its name to Astriden) that builds its own log files. That file is intended to give me notification and referrer information when someone buys a product, but I find it handy for getting a quick and dirty look at the last 100 or so visitors to the site in real-time. I’ve posted a sample line below or you can see it in action (temporarily ) on the single web page experiment so visitors can track how the project is coming along.

danifer.com|655|http://www.google.com/search?hl=en&lr=&q=%22danifer%22|Thu Jul 20 16:40:18 CDT 2006|63.173.92.65|Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

Here’s the problem: some yahoo visited 1km1kt yesterday and left his browser information in my log. Instead of his leaving his browser version (Opera, Mozilla, IE6, etc.) like he’s supposed to, he or some malware software had modified his browser to leave a single line of javascript code code that redirected me to the horrible people at syncrisis.com. The effect was immediate – I tried to view my referrer log in a browser and as soon as it loaded that line of code, I was redirected.

I’m really upset about this and am working on a solution. Today’s hijack was a simple redirect, but it could have been much worse. I’m probably going to have to remove the tracking information from singlewebpage.com because I just can’t allow other users to execute their own scripts on my web pages. That means I’m going to lose a really cool user-experience feature on that site.

For now I’m chalking this up to yet another spammer victory. I’m always sad when I see the internet being used to cause more harm than good by people who can’t make a good enough product that sells legitimately. If you see the people who designed syncrisis on the street, punch them in the face for me. Better yet, drop them a line and tell them they suck. Here’s their whois information:

Registrant:
Gigahertz Inc.
PO Box 5318
Oswego, NY 13126
US

Registrar: NAMESDIRECT
Domain Name: SYNCRISIS.COM
Created on: 13-SEP-05
Expires on: 13-SEP-07
Last Updated on: 04-JAN-06

Administrative, Technical Contact:
Artificially.Intelligent@GMail.com
Gigahertz Inc.
PO Box 5318
Oswego, NY 13126
US
1-315-4207-065

Domain servers in listed order:
NS1.MYDOMAIN.COM
NS2.MYDOMAIN.COM
NS3.MYDOMAIN.COM
NS4.MYDOMAIN.COM

Update: 8/4/06
I’ve been getting a lot of search traffic for this post, so I thought I’d share my solution. Apparently, lots of people have been having the same problem. Of course, the easiest way to prevent the issue is simply not to check your referrer logs in a web browser. Since this is extremely convenient for me, I’ve decided to just disable javascript in my browser. I’m using IE 6 something or other and it’s kind of a pain to turn it off via the settings, so I just use a tool called the Internet Explorer Developer Toolbar which allows me to toggle lots of cool features on and off with ease. I highly recommend it.

On another note, I did have to remove the tracking feature on the single web page experiment. I expected someone to exploit it eventually, so I guess it was silly to put it up in the first place.

This entry was posted on Friday, July 21st, 2006 at 10:51 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.