Karla

can someone tell me how to trick a visitor counter?

23 posts in this topic

Okay so there is this website that has a hit counter on it. It counts each person who goes onto the webpage. I tried refreshing it to see if i could make more hits but that doesnt work. It only counts each person individually. Is there anyway to minipulate this hit counter so i can get the veiws to go up? Ive tried researching it but have found nothing. can anyone help?

0

Share this post


Link to post
Share on other sites

Okay so there is this website that has a hit counter on it. It counts each person who goes onto the webpage. I tried refreshing it to see if i could make more hits but that doesnt work. It only counts each person individually. Is there anyway to minipulate this hit counter so i can get the veiws to go up? Ive tried researching it but have found nothing. can anyone help?

it is counting individuals one of two ways...

either by a tracking cookie, or by IP address...

if it is doing so with a tracking cookie, delete your cookies, and try to refresh the page..

if it is doing it by IP address, then just go to the site with a different IP address - open wifi hotspots, proxy servers, etc...

0

Share this post


Link to post
Share on other sites

Here you go:

  1. Get a firefox add on (assuming you use firefox) that swaps your user agent for a false user agent.
  2. Run a squid + privoxy proxy server on your localhost with the paranoid or strict anonymous settings
  3. Install NoScript in firefox

Good information here:

It's probably a good idea to skip the "Open Proxy" route and to skip the "SSH Forwarding setup" because both are quite a pain to put up with.

0

Share this post


Link to post
Share on other sites

Okay so there is this website that has a hit counter on it. It counts each person who goes onto the webpage. I tried refreshing it to see if i could make more hits but that doesnt work. It only counts each person individually. Is there anyway to minipulate this hit counter so i can get the veiws to go up? Ive tried researching it but have found nothing. can anyone help?

it is counting individuals one of two ways...

either by a tracking cookie, or by IP address...

if it is doing so with a tracking cookie, delete your cookies, and try to refresh the page..

if it is doing it by IP address, then just go to the site with a different IP address - open wifi hotspots, proxy servers, etc...

I figured out that it is not doing the tracking by cookies so it must be tracking it by ip adress. can you tell me what i should do? im kinda new at this whole thing and not good at computers. lol

0

Share this post


Link to post
Share on other sites

If it's checking by IP address the only way to really be able to cheat it is to connect with different ip addresses...

0

Share this post


Link to post
Share on other sites

If it's checking by IP address the only way to really be able to cheat it is to connect with different ip addresses...

Connecting through the tor network would be a good way to do this.

0

Share this post


Link to post
Share on other sites

If it's checking by IP address the only way to really be able to cheat it is to connect with different ip addresses...

Connecting through the tor network would be a good way to do this.

tor didnt work. i tried deleting the cookies that didnt work either. maybe its tracking by something else other than ip and cookies? by like maybe each individual profile on the sight? anyways the website im talking about is quizilla.com idk. if that helps anything. lol.

0

Share this post


Link to post
Share on other sites

If it's checking by IP address the only way to really be able to cheat it is to connect with different ip addresses...

Connecting through the tor network would be a good way to do this.

tor didnt work. i tried deleting the cookies that didnt work either. maybe its tracking by something else other than ip and cookies? by like maybe each individual profile on the sight? anyways the website im talking about is quizilla.com idk. if that helps anything. lol.

Try disabling javascript while using a proxy. I understand that can rat you out at times.

Also, does the site use flash? There are flash cookies that aren't easy to erase, but Firefox has an add on called Better Privacy that makes that super easy.

0

Share this post


Link to post
Share on other sites

Where on the site is the counter? Are you referring to profile views?

I tried 3 browsers (firefox, epiphany and elinks) and none increased the counter in the other. I also went through a web proxy which didnt help. Its after 4am right now so i'll check it out again later.

Edited by phr34kc0der
0

Share this post


Link to post
Share on other sites

Where on the site is the counter? Are you referring to profile views?

I tried 3 browsers (firefox, epiphany and elinks) and none increased the counter in the other. I also went through a web proxy which didnt help. Its after 4am right now so i'll check it out again later.

yeah. It has a counter on everything. like on things published and profile veiws. i know people minuplate the counter because i see buissness advertizements with like 3,000 veiws. theres no way. lol. its obviously tough to crack. -_- thanks for trying. :) i really appreciate it. hahah. it seems really really challenging.

0

Share this post


Link to post
Share on other sites

If everything that you are saying is true, that you cleaned out the cookies, tried proxies, used other networks such as Tor then two more possibilities present themselves. One is that the counter is delayed. Perhaps it only updates once an hour, a day, etc., and two that it tracks you by login. That is, much like this website you must login to access all the features. If you are logging in then despite your IP or network or cookie status, it won't keep counting during a session once one count has already occurred. If this is the case there might be a session timeout that resets, determined by the board. This is different than a standard cookie which only attempts to determine whether it is the same machine. This is why going to proxies wouldn't work...unless it keeps a list of proxies, but now it is becoming convoluted.

Why would they do this? Well, oftentimes for small sites an external website, does the counting for a site. You just push some code onto your page and viola it will keep count. These types usually are simple dumb counters and every refresh will cause a new count since you are exercising the code. In a more advanced site like this, and depending on the users a continuous update of counters could slow things down especially if there are many users and especially if it is php. But it does seem odd as unless it was a really busy site this shouldn't effect operation so my bet is that you are being tracked by the website by your login session and in order to ensure a solid unique number count they have implemented so barriers to prevent unscrupulous individuals from enhancing their popularity.

Can you provide a link? Did you check out the websites code for hints?

0

Share this post


Link to post
Share on other sites

If everything that you are saying is true, that you cleaned out the cookies, tried proxies, used other networks such as Tor then two more possibilities present themselves. One is that the counter is delayed. Perhaps it only updates once an hour, a day, etc., and two that it tracks you by login. That is, much like this website you must login to access all the features. If you are logging in then despite your IP or network or cookie status, it won't keep counting during a session once one count has already occurred. If this is the case there might be a session timeout that resets, determined by the board. This is different than a standard cookie which only attempts to determine whether it is the same machine. This is why going to proxies wouldn't work...unless it keeps a list of proxies, but now it is becoming convoluted.

Why would they do this? Well, oftentimes for small sites an external website, does the counting for a site. You just push some code onto your page and viola it will keep count. These types usually are simple dumb counters and every refresh will cause a new count since you are exercising the code. In a more advanced site like this, and depending on the users a continuous update of counters could slow things down especially if there are many users and especially if it is php. But it does seem odd as unless it was a really busy site this shouldn't effect operation so my bet is that you are being tracked by the website by your login session and in order to ensure a solid unique number count they have implemented so barriers to prevent unscrupulous individuals from enhancing their popularity.

Can you provide a link? Did you check out the websites code for hints?

sure the website is www.quizilla.com and here is a perfect example link :

http://quizilla.teennick.com/stories/17327108/wealthy-affiliate-review

see the counter to the right?

0

Share this post


Link to post
Share on other sites

Here's why:


<h2><span>About this Story</span></h2>
<dl>
<dt>Created by </dt>
<dd><a href="/user/wilfred2willi8am/profile">wilfred2willi8am</a> on 09/12/2010</dd>

<dt>Viewed </dt>
<dd>1,347 times </dd>
</dl>

It is hard coded. BTW, this site seems pretty shady. I might want to stay away.

So I was wrong there was a third possibility...Hardcoded...lol

0

Share this post


Link to post
Share on other sites

Here's why:


<h2><span>About this Story</span></h2>
<dl>
<dt>Created by </dt>
<dd><a href="/user/wilfred2willi8am/profile">wilfred2willi8am</a> on 09/12/2010</dd>

<dt>Viewed </dt>
<dd>1,347 times </dd>
</dl>

It is hard coded. BTW, this site seems pretty shady. I might want to stay away.

So I was wrong there was a third possibility...Hardcoded...lol

what does that mean? that it is too complex?

0

Share this post


Link to post
Share on other sites

No. That the counter is fake. That whoever put that site up simply wrote that in, like text, like any old regular sentence. It isn't a counter at all.

0

Share this post


Link to post
Share on other sites

InsaneAutomata:

What are you talking about? Just because the figure appears in the HTML does not mean that it is hard coded. If you visit the site again, you'll notice that the counter has incremented. The counter is being put into the page dynamically, server-side. Dynamic, hence the 'D' in DHTML.

For instance, the following code will keep track of the count server-side:

<?php
$file = 'count.txt';
$count = file_get_contents($file);
$count = $count + 1;
echo $count;
file_put_contents($file, $count);
?>

0

Share this post


Link to post
Share on other sites

InsaneAutomata:

What are you talking about? Just because the figure appears in the HTML does not mean that it is hard coded. If you visit the site again, you'll notice that the counter has incremented. The counter is being put into the page dynamically, server-side. Dynamic, hence the 'D' in DHTML.

For instance, the following code will keep track of the count server-side:

<?php
$file = 'count.txt';
$count = file_get_contents($file);
$count = $count + 1;
echo $count;
file_put_contents($file, $count);
?>

oh. well is there anyway around it? or no?

0

Share this post


Link to post
Share on other sites

InsaneAutomata:

What are you talking about? Just because the figure appears in the HTML does not mean that it is hard coded. If you visit the site again, you'll notice that the counter has incremented. The counter is being put into the page dynamically, server-side. Dynamic, hence the 'D' in DHTML.

For instance, the following code will keep track of the count server-side:

<?php
$file = 'count.txt';
$count = file_get_contents($file);
$count = $count + 1;
echo $count;
file_put_contents($file, $count);
?>

Thanks for your contribution. You are pretty rude you know. This thread has been open for a little while with a lot of people contributing. I was just adding my thoughts. My original thoughts are correct on some of the possibilities and my conclusion was possibly valid considering that the original poster indicated that the counters never seemed to increment.

However, I might remind you that you still didn't answer the original question.

I did a cursory check of the code and didn't look into it deep enough, but all you did was look into it just to prove me wrong. You really didn't contribute much...My advice to you would be to learn some people skills so you can dialog with people better.

0

Share this post


Link to post
Share on other sites

Please dont fight. can we get back on topic? My original question was can you minipulate the counter. youve found how it works. now is there a way of minipulating it?

Edited by Karla
0

Share this post


Link to post
Share on other sites

Please dont fight. can we get back on topic? My original question was can you minipulate the counter. youve found how it works. now is there a way of minipulating it?

anybody know?

0

Share this post


Link to post
Share on other sites

anybody know?

I do not RECOMMEND you spend your days on this forums asking easily answered questions. Research will help you expand your mind and your willpower to think with logic. Asking without looking is frowned upon by many.

Now that you know that, something like this will work:

YOU -> Privoxy -> Squid -> User Agent Spoof -> Read spoofed  IP List -> HTTP GET -> Ettercap IP replace ->  HTTP POST -> Connection Closed.

  • Ettercap can find and replace anything in a HTTP header. Use this to spoof your IP address from a predefined list.
  • Set up Privoxy to block DNS leaks. Set up squid to anonymize your computer fingerprint, browser, and web referrer.
  • Write a python or ruby script to craft your HTTP Get, Post, and Log in cookie on the web site
  • The trick is to keep yourself anonymous or this is pointless and your account will be banned.
  • You can also install Paros and modify the settings to spoof your system specs and modify packet headers on the fly followed by crafted HTTP Requests.

I am not going to show you exactly how to do this. I do not believe in handing out free information anymore, laziness is futile these days. But I will link you the appropriate reading materials. This is quite an elementary spoofing attack, just be aware that you are executing a HTTP Header Injection and probably breaching the Terms of Service on this site in doing so. Someone else might have a better idea of what your consequences will be for doing this. You are hacking there server, and the counter application. That counter will effect other users too.
I am sure a XSS attack of sorts will allow you to make other people double post the page, for extra hits.
===================
Ruby NET HTTP Library

Paros - web application vulnerability assessment

Squid + Privoxy

Ettercap

0

Share this post


Link to post
Share on other sites

well... never really cared much for website coding but hardcoded? surely u jest ;)

if changing ip/deleting cookies didnt work

then i guess theyve got some other requirements like beeing registered or having a cookie ^^

if nothing works just hack their database xD

0

Share this post


Link to post
Share on other sites

Here are some other ways I could think of that I didn't see mentioned. They probably don't apply to this particular site, but its worth pointing out.

1. Hidden form data. sometimes webapps **cough ASP** will track users with data in hidden form elements. If you were to change your IP, and delete all of your cookies this could still tag you as the same user. The fix is to clear your cache.

2. Flash cookies. Flash stores cookies, and the browser does not have the ability to delete them. Adobe has a tool you can use to view/delete Flash cookies. Definitely worth checking out.

3. Ad Networks. This one is a bit more theory, but it is definitely possible. If you notice Google has its hooks into most websites now a days. So if you're clearing all of your browser data, but are still logged into Google some other way (gchat, etc.) they could pass that information back to the site. They absolutely do keep it internally, I don't know what they give to web masters.

::off topic

While I'm on the anti-biginformationgatheringorganizations kick.. One thing I recently learned is that by default Firefox sends every URL to Google. You have to turn off the "Block reported..." options to stop it.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now