Saturday, October 9, 2010

Hijacking Error Messages

When running tests for a previous post, I was at first surprised that I didn't get an error about not being able to resolve the host. Poking at it, I found that bad host names all resolved to 208.68.139.38. It turns out this is a "feature" from Comcast called Domain Helper. They return an IP to a Comcast search service when a domain name doesn't resolve. Fortunately Comcast does have an easy way to opt out. Even if you grant that it is useful to normal users just running a browser, it can cause numerous problems for other tools that rely on DNS. Sadly, it seems many ISPs perform this kind of hijacking now.

Another example of this sort are Soft 404s. Some sites will return a custom result pages with an HTTP 200 code instead of the proper error code. The rationale for site owners is that it can provide a better user experience than a generic error page from the web server. However, this is a very poor excuse as you can return a custom payload even with HTTP error responses. Having the proper error code means that automated tools and programs can correctly interpret the result. Hosting providers can also exploit HTTP errors by configuring the web server to return error pages similar to the Comcast search page to provide advertising and direct traffic back to the provider.

No comments:

Post a Comment