Archive for the ‘Hacks’ Category

Server error showcase

Wednesday, December 23rd, 2009

This is a follow up post to our 404 design showcase. However this time we won’t be much into design. Server errors are harder to control than 404 pages, so there are not many beautifully designed 5xx error pages.

The most popular server errors we’ve met while checking the web for broken links are:

  • Request/server exceeded time limit. Surprisingly this is a very common error. Perhaps too many webmsters forgot to optimize their scripts or databases? Seeking into archive too deep? We can’t guess the real problem, but the lesson is check your old pages/scritps if they are still working, can handle the current load, and if your website’s archives are available.
  • Can’t connect to SQL – is a very common problem. And this type of errors are fixed very fast, because they are easy to spot since they are affecting almost the whole site.
  • Error in SQL query – is a less noticeable message than SQL server errors, but it is easy to fix as well.
  • CMS error pages. These are the most informative ones. Developers usually forget to turn off debug messages. These are very dangerous, because they provide so much information for possible hackers.
  • Down for scheduled maintenance. Such common and simple pages like this usually show random error numbers like 404, 500 and so on.

Worst solutions to the 5xx error pages

  • Trying to show site’s main page. Actually sites like this try to show their main page everywhere: it’s for a 404 page, for any 5xx page, etc. Most of the time this appears as a big mess to a site’s visitor and does not provide any valuable information about what he can do next (if he wants to stay on the same page).
  • JavaScript popups with debug messages. Common?!
  • Showing return to the original page when the “original page” link points to the same page user is at.

5xx error screenshots we made for you

Clean and simple error page
500 but I'm still alive



Internal server error (problem description in Japanese)
500 in japanese



Wordpress maintenance mode plugin in action. Website is down for maintenance
Artistas Del Genero Maintenance Mode



AT&T suggests users to return to the original page, but this time button leads visitors to the same page
AT&T return to page



Talking to aliens? Are BOF or EOF the names of your mothership? And what should your website’s user do now?
bof or eof talking to aliens



Nice looking server error page
boorah error



Something blew up on digg’s server. One of the shortest error pages we’ve discovered.
digg feed blow



Django gives a very detailed (and nice looking) report of what’s happened, but on production sites do not forget to turn that thing off in order not to tease hackers.
django error



Drupal – site is down for maintenance.
drupal down for maintenance



Geocities is down. Nice and useful error page from Yahoo. But the title is a bit misleading. Isn’t it?
geocities 410 error



Server error. Because some of the text is bold red – we guess that something serious has happened.
iis 7.0 error



Sweet and clean. In Russian.
500 internal error in russian



Maxim tries to be funny.
maxim trying to be funny



An error happened in mod_python. The big snake is not happy.
mod python error



MSDN tries to be helpful.
msdn error 500



Even social networks go down.
ning 400



Oh, database is not accessible.
oops error 503



Parallels – internal server error.
Parallels H-Sphere



jQuery – no such file in repository (why not 404 then?)
path existed but was later removed



Out of operation.
popfly no more



Being helpful and informative.
refused connection



Ruby fails
ruby on rails error



Very nice design (actually we see this page for all errors on that site and we love how it looks)
ryanarrowsmith error page



Site offline. Gray color is back into fashion this year.
site off line



Oh, so we are the robot? And you are a brick without soul goddammit Gooogle!!!
sorry are you a human



Look! Robot’s lost its head!
swivel



Tomcat broke.
tomcat error



Site is under construction.
under construction



Lions!
website offline



Something wrong at Yahoo!
Yahoo! - 500 Internal Server Error



XSL file not found.
yet another descriptive error page

Tags: , , , , ,
Posted in Hacks, Links | 1 Comment »

Bad Links and other Hidden Hacks

Monday, September 28th, 2009

Do you have an open source Content Management system? Usually it’s a great help to have content generated by users and use the open source code capabilities to develop what you need. Unfortunately, more and more sites are getting hacked by search engine spammers. They hack in and code their bad links, exploiting security holes in the open source code. The innocent webmaster has no idea.

Webmasters remain unaware because the links are hidden from human eyes – only visible to search engine robots in order to grab higher positions in search engine ranking. MIT’s Technology Review recommends:

“that anyone running her own website regularly patch the Web server and any software running on it. In the same way that you wouldn’t browse the Web with an unpatched copy of Internet Explorer, you shouldn’t run a website with an unpatched or old version of WordPress, cPanel, Joomla, or Drupal.”

How can LinkAider help?

LinkAider now has a Smart Advisory module that detects excessive linking to a particular domain. And since LinkAider is a robot, similar to Google’s bot and other spiders, it can see the invisible and detect the content for human eyes. For example:

Wordpress hacked

Links like this are invisible to human eye.

How do hacked sites and bad links hurt webmasters?

  • Posts and tweets that contain links to your legitimate site can be rejected if malware is 
detected – reducing your exposure and reputation at the same time
  • Sites get removed from search engine indexes completely
  • Sites suffer a drop in rankings as a penalty for including spam links

LinkAider’s Smart Advisory module can perform a bad link check and report back to the webmaster on how to contain and correct these code violations.

Beware of Cloaked Spam

Seobook has an interesting story about cloaked spam and how hard it is to detect and remove. A text-only option displays the links and keywords that are hidden on the site. Google has indexed a list of this particular hack on more than 20,000 websites. This Google Reader discussion thread reveals how unsuspecting people are affected by the hack.

What You Can Do: Establish a Routine

  1. Check if there are any suspicious links using LinkAider
  2. Perform some manual checks:

    “Google, through some of its products, offers webmasters some ways of spotting if a site has been hacked or modified by a third party without permission. For example, by using Google Search you can spot typical keywords added by hackers to your website and identify the pages that have been compromised. Just open google.com and run a site: search query on your website, looking for commercial keywords that hackers commonly use for spammy purposes (such as viagra, porn, mp3, gambling, etc.)”

  3. Perform your updates when you are notified – especially for the latest Content Management System currently in use.
  4. Do not use unknown plugins or themes.
  5. Monitor your site for new links or suspicious activity.
  6. Ask all of your third-party developers to follow this routine.

Subscribe to LinkAider in order to catch all of the hidden hacks and bad links before they catch you off guard.

Tags: ,
Posted in Hacks | 1 Comment »


 
 
LinkAider Home| Blog| Pricing| Terms of Service| Privacy Policy| Twitter| RSS | Contact us | Tracked by ClickAider
Copyright © 2010, Ivinco. All Rights Reserved.