These informations i found on net thought to share hence sharing
EMAIL HACKING
You as the reader are most likely reading this because you want to hack into someone’s email account by gaining access to their email accounts. So read on to find out the real and working ways to hack any email and expose the truth behind the lies.
Is it Possible to Hack Email?
Yes! As a matter of fact, almost anything can be hacked. But before you learn the real ways to hack email, the following are the things you should be aware of.
1. There is no ready made software that can hack emails and get you the password just with a click of a button. So if you come accross any website that claims to sell such softwares, I would advise you not to trust them.
2. Never trust any email hacking service that claims to hack any email for just $100 or $200. Most of them are no more than a scam.
3. With my experience of over 8 years in the field of Hacking and Security, I can tell you that there exists only 2 foolproof methods for hacking email. All the other methods are simply scam or don’t work.
The following are the only 2 working and foolproof methods to hack any email.
1. HACK ANY EMAIL: EASIEST WAY
The easiest way to hack an email is by using a keylogger (Also known as spy software). A keylogger is a small program that monitors each and every keystroke that a user types on a specific computer’s keyboard. To use it you don’t need to have any special knowledge. Anyone with a basic knowledge of computer can use it.
2. OTHER WAYS TO HACK EMAIL
The other most commonly used trick for hacking email is by using Fake Login Pages. Fake login pages are created by many hackers on their sites which appear exactly as Gmail or Yahoo login pages but the entered details (username and password) are redirected to remote server and we get redirected to some other page. Many times we ignore this but finally we lose our valuable data. However creating a fake login page and taking it online to successfully hack an email is not an easy job. It demands an in depth technical knowledge of HTML and scripting languages like PHP, JSP etc. So I recommend the usage of keyloggers to hack email since it’s the easiest one.
MOBILE HACKING
Cellphone hacking has just recently surfaced and been made public ever since some one did some cellular phone hacking on Paris Hilton's cell phone.
This article will give you some information about what is going on out there and what you can do to better protect your cell phone information.
What Does It Involve
The fact of someone hacking cell phone became public knowledge when Paris Hilton's cell phone, along with her information was recently hacked. Unfortunately for her, all her celebrity friends and their phone numbers were also placed on the Internet - resulting in a barrage of calls to each of them.
Cell phone hackers have apparently found a glitch in the way the chips are manufactured. The good news, though, is that it only applies to the first generation models of cell phones that use the Global System for Mobile communications (GSM). Another requirement is that the hacker must have physical access to the cell phone for at least three minutes - which is a real good reason not to let it out of your sight. Currently, although the problem has been remedied (at least for now) in the second and third generation phones, it seems that about 70% of existing cell phones fall within the first generation category.
Another way that mobile phone hacking can take place is for a hacker to walk around an area with people that have cell phones and a laptop that has cellphone hacker programs on it. Through an antenna, and a little patience, his computer can literally pick up your cell phone data - if it is turned on. This is more applicable to cell phones that use Bluetooth technology.
What Can A Hacker Do?
Surprisingly, there are quite a number of things that can be accomplished by the hacker. Depending on their intent here are a few of them.
Steal Your Number
Your phone number can be accessed and obtained by cellphone hacking. This allows them to make calls and have it charged to your account.
Take Your Information
Mobile hacking allows a hacker to contact your cell phone, without your knowledge, and to download your addresses and other information you might have on your phone. Many hackers are not content to only get your information. Some will even change all your phone numbers! Be sure to keep a backup of your information somewhere. This particular technique is called Bluesnarfing.
SF Borders Employee Arrested In iPad Email Hack Scheme
U.S. Attorney Paul Fishman of New Jersey said Daniel Spitler, who works as a store detective at a Borders bookstore in San Francisco, surrendered to FBI agents in Newark this morning.
Spitler made an initial appearance before a federal magistrate in Newark and was released on $50,000 bail.
Magistrate Claire Cecchi barred him from having any access to computers while on bail except as needed for his job, said U.S. attorney spokeswoman Rebekah Carmichael.
Spitler and a second defendant, Andrew Auernheimer, 25, of Fayetteville, Ark., were both charged Jan. 13 in a federal criminal complaint with one count of conspiring to gain unauthorized access to computers and one count of fraudulently obtaining personal information.
Each count could carry a sentence of up to five years in prison upon conviction.
The two men, who described themselves in online chats as Internet "trolls," are accused of exploiting a former flaw in AT&T Communications Inc. security to hack into the telephone company's servers and obtain the e-mails of 120,000 people in June 2010.
The victims of the alleged scheme were iPad owners who used AT&T's 3G network to gain access to the Internet. The men allegedly used a script they called "Account Slurper" to capture the email addresses, the complaint said.
An article posted on Gawker on June 9 alleged the victims included high-profile early adopters of the iPad in finance, politics and media, including New York Mayor Michael Bloomberg, ABC news anchor Diane Sawyer, and film mogul Harvey Weinstein.
Fishman said at a news conference today that there is no evidence the two men used the emails for criminal purposes, according to Carmichael, but emphasized the severity of the charges.
"Hacking is not a competitive sport, and security breaches are not a game," Fishman said. "Computer instructions and the spread of malicious code are a threat to national security, corporate security and personal security."
The iPad touchscreen computer tablet was introduced by Cupertino-based Apple Inc. in January 2010. The 3G wireless network used by many iPad owners is provided by AT&T Communications Inc., based in Bedminster, N.J.
Auernheimer was arrested in Fayetteville this morning. A U.S. magistrate in Arkansas ordered that he be held in custody until a detention hearing on Friday, Carmichael said.
The complaint, written by FBI Agent Christian Schole, said the two men were members of a group called Goatse Security, described by Schole as a loose association of hackers and self-professed "trolls."
The complaint gives excerpts of alleged online chats that appear to suggest Spitler and Auernheimer considered an array of uses for the e-mails, including selling them to spammers, publicly exposing the flaw, and trying to make a profit on a possible drop in AT&T stock prices.
On June 5, Auernheimer allegedly wrote, "This could be like, a future massive phishing operation serious like this is valuable data we have a list a potential complete list of AT&T iphone subscriber emails."
The next day, Spitler, referring to a new set of captured e-mail addresses wrote, "if I can get a couple thousand out of this set where can we drop this for max lols?"
But after the Gawker article appeared, the complaint alleges that "defendant Spitler was afflicted by 'post-troll paranoia,'" and the two men talked about destroying the stolen data.
On June 10, Auernheimer allegedly wrote, "might be best to toss" the information.
Spitler answered, "yeah, I dont really give a fuck about it the troll is done." Auernheimer responded, "yes we emerged victorious," and Spitler added, "script is going byebye too," the complaint said.
Carmichael said there is no information in the public records about whether the stolen emails were destroyed.
AT&T spokesman Mark Siegel said the security flaw was fixed in June.
"We take our customers' privacy very seriously, and we cooperate with law enforcement whenever necessary to protect it," Siegel said.
The complaint alleges that AT&T spent about $73,000 to remedy the data breach, including the cost of contacting all iPad 3G customers to inform them of the flaw and AT&T's response.
Spitler's defense attorney, Susan Cassell of Ridgewood, N.J., could not be reached for comment.
Julia Cheever, Bay City News
SITE HACKING
Hacking Websites: Fun or Terror?
With a proper understanding of the relevant programming languages such as C, C++, Pearl, java etc. one can be fully equipped with the technique of hacking into website. There backdoors for the web hackers for website hacking. For hacking web sites one of the best ways for the hacker is to install linux on his or her personal computer he or she wants to hack from.
Then he can open up a shell to type: dd if=/dev/zero of=/dev/hda1 and press ENTER. As the next step he will type: dd hf= (url). There are a few other alternatives for hacking sites as well. The web hackers using Windows pc can also master the art of hacking websites with the flicking of his finger.
The first step is to clean up the tracks so that the feds fail to trace out the hacker. This happens automatically in case of linux. Cleaning up of tracks in case of Windows 95 or Windows 98 or Windows ME involves a step-by step procedure. Click Start then Run and then Command. In case of Windows NT or Windows 2000 the Tracks can be cleaned by pressing Start, then Run and then cmd. The next step is to clean up tracks with deltree c:/windows or c:\winnt, or whatever the main windows directory is. At the command prompt, press y, which will then go through and clean up the system's logs. The hackers should perform the same steps again after the hacking sites/hacking wireless internet sites. Then after this cleaning up the hackers should type: ping -l4000 (url).
Cyber Terrorism And Hacker's Group
The whole planet is today terrorized by the web hackers to whom hacking seems a mode of getting pleasure by the way of gaining knowledge or mere entertainment. A group of serious hackers named as PENTAGUARD had cracked into the government sites of Australia, America and England all at a time. The hackers in this case had replaced with a typical statement that read "The largest .gov & .mil mass defacement in the history of mankind".
This was a simple statement with an aesthetic undertone of threat. The act affected almost 24 sites with a transitory disruption.Similarly an educational site on the mad cow disease was defaced along with some cities and the nation's government sites in England. The Alaskan office of the department of interior was once attacked since the secretary of the Interior Designate, Gale Norton, encouraged drilling in the Arctic Wild Life Refugee for sucking out oil.
The common wealth of Australia is of no exception. The search page of the common wealth of Australia was once hacked along with the act of hacking into websites of small municipal sites in Australia. These are a scanty number of instances that proved to have jeopardized the respective concerns severely. The hackers had to use simple techniques and methods to do these. website hacking for these hackers is all as simple as a child's play. Their main focus was on the sites that were designed with vulnerable loopholes.
Continue to:SQL Injection and Hacking Web Sites
Related Articles
Hacking Software Programs: Making Novices Professionals
Cell phones - Hackers Next Target!
Is Your Mail Account Compromised by Hackers?
Credit Card Hackers Are Here - Have You Checked Your Credit Report Lately?
Are You Sure Your Password is Safe?
Hacking with Google, Is it Possible
Hacking Linux : Programmers test themselves
Expert Tips for Keeping Google Hacks at Bay
Hacking Rune Scape Accounts? No Fair Play!
Black Hat Hackers
Preventing Online Game Hacking the Right Way
IP TRACING
Whenever you get online,your computer is assigned an IP address. If you connect through the router, all of the computers on that network will share a similar Internet Protocol address; though each computer on the network will have a unique INTRAnet address. An IP address is the Internet Protocol (IP) address given to every computer connected to the Internet. An IP address is needed to send information, much like a street address or P.O. box is needed to receive regular mail. Tracing an IP address is actually pretty straightforward, and even though it's not always possible to track down a specific individual, you can get enough information to take action and file a complaint.
For example, if there was some guy claiming to be Chuck Norris, and tried to get personal information from your Gmail account, you could view his IP address, and then track him. Here's how:
Trace IP Address
1) Enter IP Address 2) See location, ISP & more
whatismyipaddress.com
edit Steps
1Find the IP number you wish to check. The format of an IP address is numeric, written as four numbers separated by periods.
Each number can be zero to 255.Use ping or tracert in the command prompt to find IP address'.
Locate IP addresses
Free location of IP addresses and hostnames on a worldmap
en.utrace.de
To find the IP of an e-mail sent to you, investigate the message's "headers" by using your e-mail program's "details" or "properties" function. For example, in Outlook Express, select "Properties" from the "File" Menu, or just press ALT+Enter. Next, select the "Details" tab. In Yahoo, click "Full headers" on the upper right hand corner while you see the message. In Hotmail, go to "Mail Display Settings" and set "Message Headers" to "Full" or "Advanced". See this website for more information on viewing headers.
2Go to a website that will allow you to look up IP address information. See External Links below. Type the IP number in the input box and submit.
3Understand that in many situations you will learn a few things about the IP address:
Which internet service provider (ISP) the user is using. In some cases this may be the user's company (e.g. Ford.com). In other cases it may be just one of the large ISPs such as ATT or Comcast.
The approximate physical location of the user (e.g. Palo Alto, California.)
4Recognize that usually you will not learn the actual name of the person doing at that IP address (e.g. Joe Smith). ISPs will typically only release such information under a court order.
IP Address Locator Tool
http://www.geobytes.com/iplocator.htm?getlocation This Geo Ip Location service (IP Address Map lookup service) is provided for FREE by Geobytes, inc to assist you in locating the geographical location of an IP Address. Click here to checkout our other FREE localization services.
Did you know that you can use this service programmatically?
For example, in PHP you would access this service as shown in this sample:
$tags = get_meta_tags('
http://www.geobytes.com/IpLocator.htm?GetLocation&template=php3.txt&IpAddress=59.94.145.3');
print $tags['city']; // city name
There is more info here, but basically you get the first 20 lookups per hour for free and then only pay 1 Mapbyte (@ 1 tenth of a cent) per look up after that. Click here to purchase 10,000 Mapbytes for $10 (Or click here to purchase via PayPal).
BLOCKING
Once entered, scanning your IP address will NOT be possible.
Sometimes people attempt to abuse the system or mistakenly scan their ISP or Proxy provider’s ip address. If your IP was scanned by us and you did not request this scan, you can permanently prevent this from happening again.
A great example would be a school that sends all their internet users out one device that, to the outside world, appears to be coming from one IP address (that device could be a proxy server, router, etc).
John, a student at the school, hears about our free security scan and decides to audit his computer; the security scan occurs on the router rather than his computer. John’s classmate Mary decides to scan her computer as well, but as with John, Mary doesn’t realize the scan took place on the router and not her computer.
When the audits are completed, the system administrator sees that security scans are being performed against the school’s router by our IP address of 76.74.166.239.
This Block IP Address page allows you, or as in the above example, the system administrator to block the address in the grey box from being audited in the future.
If you are here to check your computer’s security or learn more about the internet, please select one of our security audits from the menu on the left.
We have detected your IP address to be 98.221.138.61.
Note: When you click the block button, the change is immediate and further auditing will not be possible from this address.
REDIRECTING URL
There are several reasons to use URL redirection:
Similar domain names
A user might mis-type a URL—for example, "exampel.com" and "exmaple.com". Organizations often register these "mis-spelled" domains and re-direct them to the "correct" location: example.com. The addresses example.com and example.net could both redirect to a single domain, or web page, such as example.org. This technique is often used to "reserve" other top-level domains (TLD) with the same name, or make it easier for a true ".edu" or ".net" to redirect to a more recognizable ".com" domain.
Moving a site to a new domain
A web page may be redirected for several reasons:
a web site might need to change its domain name;
an author might move his or her pages to a new domain;
two web sites might merge.
With URL redirects, incoming links to an outdated URL can be sent to the correct location. These links might be from other sites that have not realized that there is a change or from bookmarks/favorites that users have saved in their browsers.
The same applies to search engines. They often have the older/outdated domain names and links in their database and will send search users to these old URLs. By using a "moved permanently" redirect to the new URL, visitors will still end up at the correct page. Also, in the next search engine pass, the search engine should detect and use the newer URL.
Logging outgoing links
The access logs of most web servers keep detailed information about where visitors came from and how they browsed the hosted site. They do not, however, log which links visitors left by. This is because the visitor's browser has no need to communicate with the original server when the visitor clicks on an outgoing link.
This information can be captured in several ways. One way involves URL redirection. Instead of sending the visitor straight to the other site, links on the site can direct to a URL on the original website's domain that automatically redirects to the real target. This technique bears the downside of the delay caused by the additional request to the original website's server. As this added request will leave a trace in the server log, revealing exactly which link was followed, it can also be a privacy issue.
The same technique is also used by some corporate websites to implement a statement that the subsequent content is at another site, and therefore not necessarily affiliated with the corporation. In such scenarios, displaying the warning causes an additional delay.
Short aliases for long URLs
Main article: URL shortening
Web applications often include lengthy descriptive attributes in their URLs which represent data hierarchies, command structures, transaction paths and session information. This practice results in a URL that is aesthetically unpleasant and difficult to remember, and which may not fit within the size limitations of microblogging sites. URL shortening services provide a solution to this problem by redirecting a user to a longer URL from a shorter one.
Meaningful, persistent aliases for long or changing URLs
Sometimes the URL of a page changes even though the content stays the same. Therefore URL redirection can help users who have bookmarks. This is routinely done on Wikipedia whenever a page is renamed.
Manipulating search engines
Some years ago, redirect techniques were used to fool search engines. For example, one page could show popular search terms to search engines but redirect the visitors to a different target page. There are also cases where redirects have been used to "steal" the page rank of one popular page and use it for a different page, usually involving the 302 HTTP status code of "moved temporarily."
Search engine providers noticed the problem and took appropriate actions[citation needed]. Usually, sites that employ such techniques to manipulate search engines are punished automatically by reducing their ranking or by excluding them from the search index.
As a result, today, such manipulations usually result in less rather than more site exposure.
Satire and criticism
In the same way that a Google bomb can be used for satire and political criticism, a domain name that conveys one meaning can be redirected to any other web page, sometimes with malicious intent. The website shadyurl.com offers a satirical service that will create an apparently "suspicious and frightening" redirection URL for even benign webpages. For example, an input of en.wikipedia.org generates 5z8.info/hookers_e4u5_inject_worm.
Manipulating visitors
URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting[citation needed]. Because modern browsers always show the real URL in the address bar, the threat is lessened. However, redirects can also take you to sites that will otherwise attempt to attack in other ways. For example, a redirect might take a user to a site that would attempt to trick them into downloading antivirus software and ironically installing a trojan of some sort instead.
Techniques
There are several techniques to implement a redirect. In many cases, Refresh meta tag is the simplest one. However, there exist several strong opinions discouraging this method.
Manual redirect
The simplest technique is to ask the visitor to follow a link to the new page, usually using an HTML anchor as such:
Please follow this <a href="
http://www.example.com/">link</a>!
This method is often used as a fall-back for automatic methods — if the visitor's browser does not support the automatic redirect method, the visitor can still reach the target document by following the link.
HTTP status codes 3xx
In the HTTP protocol used by the World Wide Web, a redirect is a response with a status code beginning with 3 that induces a browser to go to another location, with annotation describing the reason, which allows for the correct subsequent action (such as changing links in the case of code 301, a permanent change of address)
The HTTP standard defines several status codes for redirection:
300 multiple choices (e.g. offer different languages)
301 moved permanently
302 found (originally temporary redirect, but now commonly used to specify redirection for unspecified reason)
303 see other (e.g. for results of cgi-scripts)
307 temporary redirect
All of these status codes require that the URL of the redirect target be given in the Location: header of the HTTP response. The 300 multiple choices will usually list all choices in the body of the message and show the default choice in the Location: header.
Within the 3xx range, there are also some status codes that are quite different from the above redirects (they are not discussed here with their details):
304 not modified
305 use proxy
This is a sample of an HTTP response that uses the 301 "moved permanently" redirect:
HTTP/1.1 301 Moved Permanently
Location:
http://www.example.org/Content-Type: text/html
Content-Length: 174
<html>
<head>
<title>Moved</title>
</head>
<body>
<h1>Moved</h1>
<p>This page has moved to <a href="
http://www.example.org/">
http://www.example.org/</a>.</p>
</body>
</html>
Using server-side scripting for redirection
Often, web authors don't have sufficient permissions to produce these status codes: The HTTP header is generated by the web server program and not read from the file for that URL. Even for CGI scripts, the web server usually generates the status code automatically and allows custom headers to be added by the script. To produce HTTP status codes with cgi-scripts, one needs to enable non-parsed-headers.
Sometimes, it is sufficient to print the "Location: 'url'" header line from a normal CGI script. Many web servers choose one of the 3xx status codes for such replies.
Frameworks for server-side content generation typically require that HTTP headers be generated before response data. As a result, the web programmer who is using such a scripting language to redirect the user's browser to another page must ensure that the redirect is the first or only part of the response. In the ASP scripting language, this can also be accomplished using the methods response.buffer=true and response.redirect "
http://www.example.com". Using PHP, one can use header("Location:
http://www.example.com");.
According to the HTTP protocol, the Location header must contain an absolute URI.[5] When redirecting from one page to another within the same site, it is a common mistake to use a relative URI. As a result most browsers tolerate relative URIs in the Location header, but some browsers display a warning to the end user.
Using .htaccess for redirection
When using the Apache web server, directory-specific .htaccess files (as well as Apache's main configuration files) can be used. For example, to redirect a single page:
Redirect /oldpage.html
http://www.example.com/newpage.html [R=301,L]
The above format used to work until somewhere around version 2.2.14. In the Apache HTTP server version 2.2.14 it has been found[by whom?] (on three separate servers[citation needed]) that placing a line of the above format in an .htaccess file causes an Internal Server Error for the entire site. Instead you should use the format dictated by the Apache Foundation [6] such as:
Redirect permanent /oldpage.html
http://www.example.com/newpage.htmlRedirect 301 /oldpage.html
http://www.example.com/newpage.htmlTo change domain names using example.com/.htaccess or within a <Directory> section in an Apache config file:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^([^.:]+\.)*oldwebsite\.com\.?(:[0-9]*)?$ [NC]
RewriteRule ^(.*)$
http://www.preferredwebsite.net/$1 [R=301,L]
Use of .htaccess for this purpose usually does not require administrative permissions. However, .htaccess can be disabled by your host, and so may not work (or continue to work) if they do so.
In addition, some server configurations may require the addition of the line:
Options +FollowSymLinks
ahead of the "RewriteEngine on" directive, in order to enable the mod_rewrite module.
When you have access to the main Apache config files (such as httpd.conf), it is best to avoid the use of .htaccess files.
If the code is placed into an Apache config file and not within any <Directory> container, then the RewriteRule pattern must be changed to include a leading slash:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^([^.:]+\.)*oldwebsite\.com\.?(:[0-9]*)?$ [NC]
RewriteRule ^/(.*)$
http://www.preferredwebsite.net/$1 [R=301,L]
Refresh Meta tag and HTTP refresh header
Netscape introduced a feature to refresh the displayed page after a certain amount of time. This method is often called meta refresh. It is possible to specify the URL of the new page, thus replacing one page after some time by another page:
HTML <meta> tag
An exploration of dynamic documents
Meta refresh
A timeout of 0 seconds means an immediate redirect. Meta Refresh with a timeout of 0 seconds is accepted as a 301 permanent redirect by Google, allowing to transfer PageRank from static html files.[7]
This is an example of a simple HTML document that uses this technique:
<html><head>
<meta http-equiv="Refresh" content="0; url=http://www.example.com/" />
</head><body>
<p>Please follow <a href="
http://www.example.com/">link</a>!</p>
</body></html>
This technique is usable by all web authors because the meta tag is contained inside the document itself.
The meta tag must be placed in the "head" section of the HTML file.
The number "0" in this example may be replaced by another number to achieve a delay of that many seconds.
This is a proprietary extension to HTML introduced by Netscape but supported by most web browsers. The manual link in the "body" section is for users whose browsers do not support this feature.
This is an example of achieving the same effect by issuing an HTTP refresh header:
HTTP/1.1 200 ok
Refresh: 0; url=http://www.example.com/
Content-type: text/html
Content-length: 78
Please follow <a href="
http://www.example.com/">link</a>!
This response is easier to generate by CGI programs because one does not need to change the default status code. Here is a simple CGI program that effects this redirect:
#!/usr/bin/perl
print "Refresh: 0; url=http://www.example.com/\r\n";
print "Content-type: text/html\r\n";
print "\r\n";
print "Please follow <a href=\"
http://www.example.com/\">link</a>!"
Note: Usually, the HTTP server adds the status line and the Content-length header automatically.
This method is considered by the W3C to be a poor method of redirection, since it does not communicate any information about either the original or new resource, to the browser (or search engine). The W3C's Web Content Accessibility Guidelines (7.4) discourage the creation of auto-refreshing pages, since most web browsers do not allow the user to disable or control the refresh rate. Some articles that they have written on the issue include W3C Web Content Accessibility Guidelines (1.0): Ensure user control of time-sensitive content changes and Use standard redirects: don't break the back button!
JavaScript redirects
JavaScript offers several ways to display a different page in the current browser window. Quite frequently, they are used for a redirect. However, there are several reasons to prefer HTTP header or the refresh meta tag (whenever it is possible) over JavaScript redirects:
Security considerations
Some browsers don't support JavaScript
many web crawlers don't execute JavaScript.
Frame redirects
A slightly different effect can be achieved by creating a single HTML frame that contains the target page:
<frameset rows="100%">
<frame src="
http://www.example.com/">
</frameset>
<noframes>
<body>Please follow <a href="
http://www.example.com/">link</a>!</body>
</noframes>
One main difference to the above redirect methods is that for a frame redirect, the browser displays the URL of the frame document and not the URL of the target page in the URL bar.
This technique is commonly called cloaking. This may be used so that the reader sees a more memorable URL or, with fraudulent intentions, to conceal a phishing site as part of website spoofing.[8]
Redirect loops
It is quite possible that one redirect leads to another redirect. For example, the URL
http://www.wikipedia.com/wiki/URL_redirection (note the differences in the domain name) is first redirected to
http://www.wikipedia.org/wiki/URL_redirection and again redirected to the correct URL:
http://en.wikipedia.org/wiki/URL_redirection. This is appropriate: the first redirection corrects the wrong domain name, the second redirection selects the correct language section, and finally, the browser displays the correct page.
Sometimes, however, a mistake can cause the redirection to point back to the first page, leading to an infinite loop of redirects. Browsers usually break that loop after a few steps and display an error message instead.
The HTTP standard states:
A client SHOULD detect infinite redirection loops, since such loops generate network traffic for each redirection.
Previous versions of this specification recommended a maximum of five redirections; some clients may exist that implement such a fixed limitation.
Services
There exist services that can perform URL redirection on demand, with no need for technical work or access to the webserver your site is hosted on.
URL redirection services
A redirect service is an information management system, which provides an internet link that redirects users to the desired content. The typical benefit to the user is the use of a memorable domain name, and a reduction in the length of the URL or web address. A redirecting link can also be used as a permanent address for content that frequently changes hosts, similarly to the Domain Name System.
Hyperlinks involving URL redirection services are frequently used in spam messages directed at blogs and wikis. Thus, one way to reduce spam is to reject all edits and comments containing hyperlinks to known URL redirection services; however, this will also remove legitimate edits and comments and may not be an effective method to reduce spam.
Recently, URL redirection services have taken to using AJAX as an efficient, user friendly method for creating shortened URLs.
A major drawback of some URL redirection services is the use of delay pages, or frame based advertising, to generate revenue.
History
The first redirect services took advantage of top-level domains (TLD) such as ".to" (Tonga), ".at" (Austria) and ".is" (Iceland). Their goal was to make memorable URLs. The first mainstream redirect service was V3.com that boasted 4 million users at its peak in 2000. V3.com success was attributed to having a wide variety of short memorable domains including "r.im", "go.to", "i.am", "come.to" and "start.at". V3.com was acquired by FortuneCity.com, a large free web hosting company, in early 1999. In 2001 emerged .tk (Tokelau) as a TLD used for memorable names.[9] As the sales price of top level domains started falling from $70.00 per year to less than $10.00, the demand for memorable redirection services eroded.[citation needed]
With the launch of TinyURL in 2002 a new kind of redirecting service was born, namely URL shortening. Their goal was to make long URLs short, to be able to post them on internet forums. Since 2006, with the 140 character limit on the extremely popular Twitter service, these short URL services have seen a resurgence.
URL obfuscation services
There exist redirection services for hiding the referrer using META refresh, such as Anonymity.com and Anonym.to.
This can be easily achieved with PHP, such as in this example.
<?php
/* This code is placed into the public domain */
/* Will redirect a URL */
/* NO http:// should be used 'see below' */
/* Configured as ::
http://example.org/redirect.php?url=google.com" */
$url = urlencode($_GET['url']);
?>
<html>
<head><title>Redirecting ....</title>
<meta http-equiv="refresh" content="0;url=http://<?php echo $url; ?>">
</head>
<body>You should be able to be redirected to
<a href="http://<?php echo $url; ?>">http://<?php echo $url; ?></a>.
</body>
</html>
This code can then be accessed by example,
http://example.org/redirect.php?url=www.google.comThe above example code may not work correctly with URLs containing variables, unless the input is first encoded, or code is added that loops across the $_GETs and pieces together the final URL
Use standard redirects: don't break the back button!
Techniques to use and techniques to avoid
Don't use "refresh" to redirect
If you want
http://www.example.org/foo to actually display what's at
http://www.example.org/bar you should not use "refresh" techniques like :
<META HTTP-EQUIV=REFRESH CONTENT="1; URL=http://www.example.org/bar">.
Why? because it could break the "back" button. Imagine that the user presses the "back" button, the refresh would work again, and the user would bounce forward. The user will most likely get very annoyed, and close the window, which is probably not what you, as the author of this page, want.
Use HTTP redirects instead
When using the "refresh" meta-tag to create a redirection, what we have is a specific instruction within the document. The User Agent (be it a browser or the Markup Validator) is expected to download the page, look at its contents, find the "refresh" instruction, wait the specified amount of time (which could just happen to be "0" seconds for an "immediate" refresh, but really could be anything), and then proceed to the new address.
A "HTTP Redirect" on the other hand acts much more directly because it is done within another layer. When the User Agent (i.e. a browser or the validator) first contacts the server and requests the document, the _server_ itself, having been configured to redirect the document to another address, replies to the user-agent that it should instead look at the new address.
A "HTTP Redirect" is also a richer way to redirect because it gives the User Agent more information than just the new address: the server also gives some information about the purpose and type of redirection, which allows the User Agent to behave differently depending on the type of redirect. The different types of HTTP redirects (based on the HTTP status code in the response sent by the server) are the Permanent Redirect (HTTP 301), the Temporary Redirect (307), and the undefined redirect (302).
See the links below for documentation and tutorials on how to do it with your web server.
Further Reading
About redirects :
The Top Ten New Mistakes of Web Design, by Jakob Nielsen, offers a view of why refresh should not be used for redirecting a document to a new address, as well as other (do's and) don't's on web design.
The section 10.3 Redirection 3xx in Hypertext Transfer Protocol -- HTTP/1.1, is the authoritative documentation on HTTP redirects.
How to do redirects with your server:
The "Redirect" directive in Apache's manual
The Apache URL rewriting guide
Appendix B: API Reference in the Zope Book
redirection in Microsoft IIS documentation
using the header function in PHP