Webmaster forum - Challenge for you fine people...and the others too

Author

Challenge for you fine people...and the others too

Tina - AxisHOST, Inc.

2005-07-30, 4:17 am

http://www.code-secure.com/demo/

How'd they do it?

--Tina

Beauregard T. Shagnasty

2005-07-30, 4:17 am

Tina - AxisHOST, Inc. wrote:
> http://www.code-secure.com/demo/
>
> How'd they do it?

How'd they do what? Hide the code?

View source, scroll down, then scroll waaaay to the right...

Silly, really. Page requires JavaScript.

--
-bts
-This space intentionally left blank.

Beauregard T. Shagnasty

2005-07-30, 4:17 am

Beauregard T. Shagnasty replied to hisself:
> Tina - AxisHOST, Inc. wrote:
>
>
> How'd they do what? Hide the code?
>
> View source, scroll down, then scroll waaaay to the right...
>
> Silly, really. Page requires JavaScript.

...and further, viewing the page in Firefox, hardly anything works.
Links under Product Information are all 404, Support takes you to
three news sites (CNN, MSNBC, BBC), rest don't go anywhere, and the
apparent links at the bottom don't do anything. What a piece of crap!

In IE6, I keep getting a warning dialog asking if I want to "allow
this page to paste information from your clipboard?" Hell, no! I had
to kill IE in the task manager.

--
-bts
-This space intentionally left blank.

Tina - AxisHOST, Inc.

2005-07-30, 4:17 am

"Beauregard T. Shagnasty" <a.nony.mous@example.invalid> wrote in message
news:gvCGe.485$Rc6.111@twister.nyroc.rr.com...
> Tina - AxisHOST, Inc. wrote:
>
> How'd they do what? Hide the code?
>
> View source, scroll down, then scroll waaaay to the right...

What am I looking for?

--Tina

Tina - AxisHOST, Inc.

2005-07-30, 4:17 am

"Beauregard T. Shagnasty" <a.nony.mous@example.invalid> wrote in message
news:fFCGe.620$0m1.542@twister.nyroc.rr.com...
> Beauregard T. Shagnasty replied to hisself:
>
> ..and further, viewing the page in Firefox, hardly anything works. Links
> under Product Information are all 404, Support takes you to three news
> sites (CNN, MSNBC, BBC), rest don't go anywhere, and the apparent links at
> the bottom don't do anything. What a piece of crap!

Yeah, I get that in IE as well.

What I get in a view source is a whole page of random characters. Please
explain.

--Tina

Beauregard T. Shagnasty

2005-07-30, 4:17 am

Tina - AxisHOST, Inc. wrote:
> What I get in a view source is a whole page of random characters.
> Please explain.

'Tis one of those encoding schemes. There's a JavaScript that
unscrambles it and does a document.write of the HTML code. Some folks
here are good at decoding them, and will probably tell you it can be
figured out in ten seconds or so.

Consider that some reasonable percentage of visitors to this site will
see nothing, except the "You need JavaScript" message.

Save your money. <g>

--
-bts
-This space intentionally left blank.

Tina - AxisHOST, Inc.

2005-07-30, 4:18 am

"Beauregard T. Shagnasty" <a.nony.mous@example.invalid> wrote in message
news:SkDGe.621$0m1.479@twister.nyroc.rr.com...
> Tina - AxisHOST, Inc. wrote:
>
> 'Tis one of those encoding schemes. There's a JavaScript that unscrambles
> it and does a document.write of the HTML code. Some folks here are good at
> decoding them, and will probably tell you it can be figured out in ten
> seconds or so.
>
> Consider that some reasonable percentage of visitors to this site will see
> nothing, except the "You need JavaScript" message.
>
> Save your money. <g>

I had absolutely no plans on purchasing it. I think hiding source code is
completely ridiculous. I just couldn't see how this one works. Generally,
I can get around the "encoding" fairly easily. I couldn't figure out how to
get at the code on this one. Still can't.

Brian Cryer

2005-07-30, 4:18 am

"Tina - AxisHOST, Inc." <tpeters@axishost.com> wrote in message
news:dcetkj0613@news2.newsguy.com...
> "Beauregard T. Shagnasty" <a.nony.mous@example.invalid> wrote in message
> news:gvCGe.485$Rc6.111@twister.nyroc.rr.com...
>
> What am I looking for?
>
> --Tina

Beauregard is quite right, its encoded the page and then uses JavaScript to
decode it.

If you scroll down to the bottom you will see lines of gobbledygook. Scroll
back up to the first "blank" line, then scroll to the right and you will
eventually come across:

<script language="javascript">

keep on scrolling on the same line and you will get to:

d("

i.e. a function call. Scroll up from the bottom of the source and you'll see
the definition of the function.

Brian.

www.cryer.co.uk/brian

Brian Cryer

2005-07-30, 4:18 am

"Tina - AxisHOST, Inc." <tpeters@axishost.com> wrote in message
news:dcf0ur0b53@news2.newsguy.com...
> "Beauregard T. Shagnasty" <a.nony.mous@example.invalid> wrote in message
> news:SkDGe.621$0m1.479@twister.nyroc.rr.com...
unscrambles[color=darkred]
at[color=darkred]
see[color=darkred]
>
> I had absolutely no plans on purchasing it. I think hiding source code is
> completely ridiculous. I just couldn't see how this one works.
Generally,
> I can get around the "encoding" fairly easily. I couldn't figure out how
to
> get at the code on this one. Still can't.

Tina,

it was an interesting early morning challenge. Beauregard may think it will
take some in the know seconds to work it out, clearly I'm not in the know
because it took me the best part of half an hour. The children are now up,
so I'd better finish this quickly.

To get at the "real" source I took a local copy and then edited the "d"
function (which decodes their gobbledygook. Use this:

function d(x)
{
var c='';
var
l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,15,53,23,48,59,26,51,19,45,0,
0,0,0,0,0,38,25,60,10,9,30,22,0,27,47,46,55,21,24,58,34,39,7,8,42,2,1,28,43,
3,17,16,0,0,0,0,32,0,14,49,33,41,40,4,44,13,6,56,12,54,31,61,52,36,37,62,11,
50,57,5,29,20,18,35);
for(j=Math.ceil(l/b);j>0;j--)
{
r='';
for(i=Math.min(l,b);i>0;i--,l--)
{
w|=(t[x.charCodeAt(p++)-48])<<s;
if(s)
{
r+=String.fromCharCode(165^w&255);w>>=8;s-=2
}
else
{
s=6
}
}
c = c + r;
// document.write(r);
}
alert(c);
}

and you'll see the content instead of it being written to the browser. What
you get includes further scripts. I can post the whole thing if you want,
but its messy.

As you and Beauregard both know, schemes like this will put off the casual
investigator but won't stop someone dedicated. For the likes of me, who
couldn't care less what they've got on their site, its just a challenge.

Have a good weekend,

Brian.

www.cryer.co.uk/brian

William Tasso

2005-07-30, 7:20 am

Writing in news:alt.www.webmaster
From the safety of the NTL cafeteria
Brian Cryer <brian.cryer@remove.127.0.0.1.this.ntlworld.com> said:

> "Tina - AxisHOST, Inc." <tpeters@axishost.com> wrote in message
> news:dcetkj0613@news2.newsguy.com...
>
> Beauregard is quite right, its encoded the page and then uses JavaScript
> to
> decode it....

What is 'protected' on the page? ctrl-a (select all) ctrl-c (copy) gets
me a buffer containing ...

<quote>
Welcome to Code Secure

We are commited to protecting your website against unscrupulous
individuals. Our professional software will help deter even the more
determined 'rippers' from stealing your hard work.

Whether you're a beginning webmaster or experienced designer, Code Secure
has what you need to protect your work!
Tired of Theives Stealing Your Hard Work?

This is a demonstration of Code Secure at work. All features have been
enabled to allow you to see how strong the protection is. Go ahead - right
click, select text, view source - see how many different ways Code Secure
protects your site!

News

© Code Secure, All Rights Reserved [ Home | Product Information | Live
Demo | Support | Customer Center | About Us ] Design by Pixelate.ws

</quote>

Images don't appear to fare any better. I can load an image and and
reload it in a different UA, although the URL does indicate the image
address is 'temporary':
http://www.code-secure.com/demo/tmp...e35f5755f7e.jpg

--
William Tasso

** Business as usual

Brian Cryer

2005-07-30, 7:20 am

"William Tasso" <SpamBlocked@tbdata.com> wrote in message
news:op.supuyofbm9g4qz-wnt@tbdata.com...
> Writing in news:alt.www.webmaster
> From the safety of the NTL cafeteria
> Brian Cryer <brian.cryer@remove.127.0.0.1.this.ntlworld.com> said:
>
message[color=darkred]
>
> What is 'protected' on the page? ctrl-a (select all) ctrl-c (copy) gets
> me a buffer containing ...
>
> <quote>
> Welcome to Code Secure
>
> We are commited to protecting your website against unscrupulous
> individuals. Our professional software will help deter even the more
> determined 'rippers' from stealing your hard work.
>
> Whether you're a beginning webmaster or experienced designer, Code Secure
> has what you need to protect your work!
> Tired of Theives Stealing Your Hard Work?
>
> This is a demonstration of Code Secure at work. All features have been
> enabled to allow you to see how strong the protection is. Go ahead - right
> click, select text, view source - see how many different ways Code Secure
> protects your site!
>
> News
>
> © Code Secure, All Rights Reserved [ Home | Product Information | Live
> Demo | Support | Customer Center | About Us ] Design by Pixelate.ws
>
> </quote>
>
> Images don't appear to fare any better. I can load an image and and
> reload it in a different UA, although the URL does indicate the image
> address is 'temporary':
>
http://www.code-secure.com/demo/tmp...e35f5755f7e.jpg
>
> --
> William Tasso
>
> ** Business as usual

Maybe you're lucky. I'm using IE, default settings (at least I don't
remember changing anything) and control-A (select-all) and control-C (copy)
are both disabled for me. Just goes to show that its less "secure" on some
systems.

Brian.

Toby Inkster

2005-07-30, 7:20 am

Beauregard T. Shagnasty wrote:

> 'Tis one of those encoding schemes. There's a JavaScript that
> unscrambles it and does a document.write of the HTML code. Some folks
> here are good at decoding them, and will probably tell you it can be
> figured out in ten seconds or so.

Type this into your browser's address bar:

java script:window.alert(document.body.innerHTML)

:-)

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

William Tasso

2005-07-30, 7:20 am

Writing in news:alt.www.webmaster
From the safety of the NTL cafeteria
Brian Cryer <brian.cryer@remove.127.0.0.1.this.ntlworld.com> said:

> ...
> Maybe you're lucky. I'm using IE, default settings (at least I don't
> remember changing anything) and control-A (select-all) and control-C
> (copy)
> are both disabled for me. Just goes to show that its less "secure" on
> some
> systems.

I was using Opera

Which platform are you using for ie? On WS3, at default settings I get ...

<quote>
This Page Requires Javascript To Function.
In order to view this page, you will need to enable JavaScript
in your browser. To learn how to do this, please click here.
</quote>

'Click here' is a link to the "Download Internet Explorer 6 Service Pack
1" page at MicroSoft.

--
William Tasso

** Business as usual

SpaceGirl

2005-07-30, 7:20 am

Toby Inkster wrote:
> Beauregard T. Shagnasty wrote:
>
>
>
>
> Type this into your browser's address bar:
>
> java script:window.alert(document.body.innerHTML)
>
> :-)
>

Hehhe. I raised a ticket on their web site, because I'm in a bad mood
and people that stupid (and expect us to be that stupid) annoy me! I did
exactly what you did. Actually soon as I saw the source was blank it was
the first thing I did. I'm not a dedicated "ripper" and it took me about
5 seconds to view the source of the page!

--

x theSpaceGirl (miranda)

# lead designer @ http://www.dhnewmedia.com #
# remove NO SPAM to email, or use form on website #
# this post (c) Miranda Thomas 2005
# explicitly no permission given to Forum4Designers
# to duplicate this post.

Matt Probert

2005-07-30, 7:38 pm

Once upon a time, far far away "Beauregard T. Shagnasty"
<a.nony.mous@example.invalid> muttered

>Tina - AxisHOST, Inc. wrote:
>
>'Tis one of those encoding schemes. There's a JavaScript that
>unscrambles it and does a document.write of the HTML code. Some folks
>here are good at decoding them, and will probably tell you it can be
>figured out in ten seconds or so.

Damn!

I was hoping Tina had been over doing it at the Bacardi, or LSD!

The reality is just so much more boring. <g>

Matt

Tina - AxisHOST, Inc.

2005-07-30, 7:39 pm

Brian Cryer

2005-07-30, 7:39 pm

"Toby Inkster" <usenet200507@tobyinkster.co.uk> wrote in message
news:pan.2005.07.30.07.59.41.546307@tobyinkster.co.uk...
> Beauregard T. Shagnasty wrote:
>
>
> Type this into your browser's address bar:
>
> java script:window.alert(document.body.innerHTML)
>
> :-)
>
> --
> Toby A Inkster BSc (Hons) ARCS
> Contact Me ~ http://tobyinkster.co.uk/contact

Blow me, that's much neater that what I was doing. Nice tip.

Brian.

www.cryer.co.uk/brian

Martin Harran

2005-07-30, 7:39 pm

Brian Cryer

2005-07-30, 7:39 pm

"William Tasso" <SpamBlocked@tbdata.com> wrote in message
news:op.supxeie6m9g4qz-wnt@tbdata.com...
> Writing in news:alt.www.webmaster
> From the safety of the NTL cafeteria
> Brian Cryer <brian.cryer@remove.127.0.0.1.this.ntlworld.com> said:
>
>
> I was using Opera
>
> Which platform are you using for ie? On WS3, at default settings I get
....
>
> <quote>
> This Page Requires Javascript To Function.
> In order to view this page, you will need to enable JavaScript
> in your browser. To learn how to do this, please click here.
> </quote>
>
> 'Click here' is a link to the "Download Internet Explorer 6 Service Pack
> 1" page at MicroSoft.
>
> --
> William Tasso
>
> ** Business as usual

What's WS3?

I'm running (typed "ruining" first time, perhaps more appropriate) IE 6, SP1
on XP Pro sp1.

I think that I would probably get the same if I were to disable JavaScript.

Brian.

Brian Cryer

2005-07-30, 7:39 pm

"Martin Harran" <nospam@martinharran.com> wrote in message
news:3l1e4tF10jnvqU1@individual.net...
>
> "Beauregard T. Shagnasty" <a.nony.mous@example.invalid> wrote in message
> news:gvCGe.485$Rc6.111@twister.nyroc.rr.com...
>
> Would search engines be able to handle a page like that ?

No, I very much doubt it. Do any search engines run JavaScript on a page to
see what comes out? Doesn't seem likely. Its a very good point you've
raised, yet another reason not to think about using something like that.

Brian

www.cryer.co.uk/brian

Wÿrm

2005-07-30, 7:39 pm

"Martin Harran" <nospam@martinharran.com> kirjoitti
viestissä:3l1e4tF10jnvqU1@individual.net...

<snip>

<snip>
[color=darkred]
> Would search engines be able to handle a page like that ?

Nope, they do not. Atleast not before search engine bots start execute
JavaScript or site start serve uncrypted pages specially for search engine
bots.

Marc Bissonnette

2005-07-30, 7:39 pm

Toby Inkster <usenet200507@tobyinkster.co.uk> wrote in
news:pan.2005.07.30.07.59.41.546307@tobyinkster.co.uk:

> Beauregard T. Shagnasty wrote:
>
>
> Type this into your browser's address bar:
>
> java script:window.alert(document.body.innerHTML)
>
>:-)
>

Damn, that was funny :) Good thing I'd put down my coffee to paste that
into the address bar - the belly laugh would have sent java (the drinkable
kind) at high velocity across the room :)

--
Marc Bissonnette
CGI / Database / Web Management Tools: http://www.internalysis.com
Looking for a new ISP? http://www.canadianisp.com

Tina - AxisHOST, Inc.

2005-07-30, 7:39 pm

"Marc Bissonnette" <dragnet@internalysis.com> wrote in message
news:Xns96A3730366683dragnetinternalysisc@207.35.177.135...
> Toby Inkster <usenet200507@tobyinkster.co.uk> wrote in
> news:pan.2005.07.30.07.59.41.546307@tobyinkster.co.uk:
>
>
> Damn, that was funny :) Good thing I'd put down my coffee to paste that
> into the address bar - the belly laugh would have sent java (the drinkable
> kind) at high velocity across the room :)

Ugh...speaking of. I just had an entire large cup of McDonald's coffee
accidentally dumped down my shoulder and back about 2 hours ago. You know
how the lid says "Caution: Contents very hot"...well, it is. I also now
have what looks like a very bad sunburn in the shape of spilled coffee down
my arm and back.

On a positive note...the rest of my day should go much better...now that
I've had my morning coffee. :-)

--Tina

Beauregard T. Shagnasty

2005-07-30, 7:39 pm

Tina - AxisHOST, Inc. wrote:
> Ugh...speaking of. I just had an entire large cup of McDonald's
> coffee accidentally dumped down my shoulder and back about 2 hours
> ago. You know how the lid says "Caution: Contents very
> hot"...well, it is. I also now have what looks like a very bad
> sunburn in the shape of spilled coffee down my arm and back.

So, doesn't this mean you can sue Mickey D, and get millions?

--
-bts
-This space intentionally left blank.

Jerry Stuckle

2005-07-30, 7:39 pm

Tina - AxisHOST, Inc. wrote:
> "Marc Bissonnette" <dragnet@internalysis.com> wrote in message
> news:Xns96A3730366683dragnetinternalysisc@207.35.177.135...
>
>
>
> Ugh...speaking of. I just had an entire large cup of McDonald's coffee
> accidentally dumped down my shoulder and back about 2 hours ago. You know
> how the lid says "Caution: Contents very hot"...well, it is. I also now
> have what looks like a very bad sunburn in the shape of spilled coffee down
> my arm and back.
>
> On a positive note...the rest of my day should go much better...now that
> I've had my morning coffee. :-)
>
> --Tina
>
>
Tina,

Hey, you could be rich! Remember the gal who got $2M from McDonalds a few years
back because she spilled hot coffee on herself?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Tina - AxisHOST, Inc.

2005-07-30, 7:39 pm

"Beauregard T. Shagnasty" <a.nony.mous@example.invalid> wrote in message
news:jPOGe.657$0m1.484@twister.nyroc.rr.com...
> Tina - AxisHOST, Inc. wrote:
>
> So, doesn't this mean you can sue Mickey D, and get millions?

I wish I could sue my husband for being a dumbass. He set his cup of
coffee on the drivers' side seat of the car when he got out. When we got
back in, 5 mins later, he sat on it and the lid popped off and the coffee
shot out at me like a rocket. Unbelievable, but he didnt get a drop on
him.

--Tina

Martin Harran

2005-07-30, 7:39 pm

"Tina - AxisHOST, Inc." <tpeters@axishost.com> wrote in message
news:dcg7si01qhg@news2.newsguy.com...

> Ugh...speaking of. I just had an entire large cup of McDonald's coffee
> accidentally dumped down my shoulder and back about 2 hours ago.

I could be nasty and say it serves you right for drinking McDonalds coffee
.... but I'm not a nasty person ;)

--
How to completely screw up the McDonalds system - ask for a plain burger.

Charles Sweeney

2005-07-30, 7:39 pm

Tina - AxisHOST, Inc. wrote

> I wish I could sue my husband for being a dumbass. He set his cup of
> coffee on the drivers' side seat of the car when he got out. When we
> got back in, 5 mins later, he sat on it and the lid popped off and the
> coffee shot out at me like a rocket. Unbelievable, but he didnt get
> a drop on him.

Sue them Tina! The person serving you should have told you that you musn't
sit on a cup of hot coffee!

--
Charles Sweeney
http://CharlesSweeney.com

Tina - AxisHOST, Inc.

2005-07-30, 7:39 pm

"Martin Harran" <nospam@martinharran.com> wrote in message
news:3l21jeF106e54U1@individual.net...
>
> "Tina - AxisHOST, Inc." <tpeters@axishost.com> wrote in message
> news:dcg7si01qhg@news2.newsguy.com...
>
>
> I could be nasty and say it serves you right for drinking McDonalds
> coffee ... but I'm not a nasty person ;)

Nah, it wasn't my coffee. I actually don't even drink coffee. Luckily I
had a huge cup of Mountain Dew with ice, or my burns would have been much
worse.

> How to completely screw up the McDonalds system - ask for a plain burger.

I don't eat red meat. If you really really want to screw up their
system...ask for a Big Mac without the meat. That's always a fun request.
:-P

--Tina

Tina - AxisHOST, Inc.

2005-07-30, 7:39 pm

"Charles Sweeney" <me@charlessweeney.com> wrote in message
news:Xns96A3D4F1C4FC9mecharlessweeneycom@130.133.1.4...
> Tina - AxisHOST, Inc. wrote
>
>
> Sue them Tina! The person serving you should have told you that you
> musn't
> sit on a cup of hot coffee!

Not to mention the lack of some sort of alarm system that sounds off when
your backside gets too close to the cup.

Negligent bastards.

--Tina

Toby Inkster

2005-07-30, 7:40 pm

SpaceGirl wrote:

> I raised a ticket on their web site,

So did I. Wonder what they say. ;-)

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Now Playing ~ ./chingon_-_malaguena_salerosa.ogg

William Tasso

2005-07-30, 7:40 pm

Writing in news:alt.www.webmaster
From the safety of the NTL cafeteria
Brian Cryer <brian.cryer@remove.127.0.0.1.this.ntlworld.com> said:

> "William Tasso" <SpamBlocked@tbdata.com> wrote in message
> news:op.supxeie6m9g4qz-wnt@tbdata.com...
> ...
>
> What's WS3?

sorry - Windows Server 2003

> I'm running (typed "ruining" first time, perhaps more appropriate) IE 6,
> SP1
> on XP Pro sp1.
>
> I think that I would probably get the same if I were to disable
> JavaScript.

Yes - WS3 is good like that. All sites are untrusted by default - and
therefore do not get to execute script. I actively maintain my list of
trusted sites to include microsoft.com (for update) and others I have
already decided to do business with.

--
William Tasso

** Business as usual

SpaceGirl

2005-07-30, 11:23 pm

Toby Inkster wrote:
> SpaceGirl wrote:
>
>
>
>
> So did I. Wonder what they say. ;-)
>

Nothing I expect :)

--

x theSpaceGirl (miranda)

# lead designer @ http://www.dhnewmedia.com #
# remove NO SPAM to email, or use form on website #
# this post (c) Miranda Thomas 2005
# explicitly no permission given to Forum4Designers
# to duplicate this post.

Brian Cryer

2005-07-31, 7:17 am

"William Tasso" <SpamBlocked@tbdata.com> wrote in message
news:op.suqzhryym9g4qz-wnt@tbdata.com...
> Writing in news:alt.www.webmaster
> From the safety of the NTL cafeteria
> Brian Cryer <brian.cryer@remove.127.0.0.1.this.ntlworld.com> said:

[snip]

>
> sorry - Windows Server 2003
>
>
> Yes - WS3 is good like that. All sites are untrusted by default - and
> therefore do not get to execute script. I actively maintain my list of
> trusted sites to include microsoft.com (for update) and others I have
> already decided to do business with.
>
>
> --
> William Tasso
>
> ** Business as usual

Ah, I wondered if by WS3 you meant Windows 2003 server. Its not an
abbreviation I was familiar with. I like Windows 2003 server, and now I
appreciate the benefit of its different security settings.

thanks,

Brian.