Jump to content


Photo

Hxxp


  • This topic is locked This topic is locked
13 replies to this topic

#1 Alpha_Blue

Alpha_Blue

    Malware Fyta

  • Full Member
  • PipPipPipPip
  • 417 posts

Posted 24 May 2005 - 09:46 PM

I know http is almost always used, but what in the world is "hxxp"? Sounds to me like this is only used for spyware/viruses/adware/worms/trojans?
I'm not sure, I googled it and didn't find any safe-looking info to look at :blink:

#2 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,758 posts

Posted 24 May 2005 - 09:49 PM

hxxp is what we place into known malicious links so people can't just click and load on them - that way, it takes direct action to load the pages they link to.
Signature file is under revision. This will be back shortly.

#3 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,540 posts

Posted 24 May 2005 - 09:49 PM

It is used to munge links so that they can't be used... usually by a moderator or admin who wants to protect people on the forum from accidentally clicking on a potentially dangerous link... In other words, it won't work and doesn't exist in the wild.... :p
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#4 Alpha_Blue

Alpha_Blue

    Malware Fyta

  • Full Member
  • PipPipPipPip
  • 417 posts

Posted 25 May 2005 - 12:23 AM

Ah!!! Many thanks!

#5 jackolan

jackolan

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 30 July 2005 - 05:16 AM

I know http is almost always used, but what in the world is "hxxp"?  Sounds to me like this is only used for spyware/viruses/adware/worms/trojans? 
I'm not sure, I googled it and didn't find any safe-looking info to look at  :blink:

View Post


Ha ha ha - sorry lads, but you got it all wrong. The main reson Hxxp is used by certain forums is to defeat google and other searches for pirate software sites, adult porn sites, back doors and pirated serial numbers, user names and passwords. Direct links in some forums [ particularly forums where you MUST be a registered user ] .. is forbidden, otherwise simple google search's would pinpoint secret coms and illegal disclosures. I'm afraid that Hxxp is normally never used for anything else because its a protocal that has no meaning to the net..

#6 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,540 posts

Posted 30 July 2005 - 05:24 AM

jackolan,

Did you read the other responses at all?? We use it here to make the links unusable... I don't much care why it is used in other forums, that isn't the question here... However, it sounds like you are saying they use it the same way that we do... Before you go telling people that they "got it all wrong", get your information straight...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#7 ITPro

ITPro

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 03 May 2007 - 10:19 PM

<snip> The main reson Hxxp is used by certain forums is to defeat google and other searches for pirate software sites, adult porn sites, back doors and pirated serial numbers, user names and passwords. Direct links in some forums [ particularly forums where you MUST be a registered user ] is forbidden, otherwise simple google search's would pinpoint secret coms and illegal disclosures. I'm afraid that Hxxp is normally never used for anything else because its a protocal that has no meaning to the net..


Quite Right, Jack, my man...!

So, basically, what you do is post a link replacing the "http" prefix with "hxxp" and in that way you can provide a link in a post to anyone who comes across it, but it is not able to be picked up and indexed by any search engine. It is a method used to prevent any link from becoming "clickable" or from being picked up and archived by the search engines. Or put yet another way, it is simply a method of forcing a link to remain "text based", or "inactive", and hidden from the search engines, if you prefer to think of it that way.

The interesting thing is that although it is not recognized as an "official" protocol (it's actually a "munged"* protocol) if a user copies and pastes the entire link, including the "hxxp" prefix, into a browser, the browser will simply convert the "hxxp" prefix to the correct "http" prefix and bring them to the correct location. A simple copy and paste of the entire text based link into a browser on the users part is all that is required.

Cheers...! :thumbsup:

*Definition: Munged ("muhnj") - To imperfectly transform information.

Edited by ITPro, 04 May 2007 - 12:08 PM.


#8 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Retired Staff
  • PipPipPipPipPip
  • 15,830 posts

Posted 04 May 2007 - 02:36 AM

So was there any particular point to you resurrecting a two year old topic in order to restate the obvious? :scratchhead:
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#9 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,540 posts

Posted 04 May 2007 - 06:00 AM

Which is to support a more obnoxious post saying that we are all wrong in spite of the fact that we were not?? Do you really have nothing better to do??
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#10 ITPro

ITPro

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 04 May 2007 - 12:06 PM

Look fella's, it's about the information... not about who's right vs. wrong here...okay?

The Point being that the explanations which had previously been given were unclear. Period.

...and just what does it matter how 'old' the post is...?
...are you really so ready to tell everyone that you can't comprehend that for anyone searching for this information for the first time, it is perceived as "new" to them when they finally come across it...?

Really, just take a step back for a moment, take a deep breath, and think about that last thought for a minute or or two...

The fact is, I myself came across a page full of links all starting with "hxxp" myself just yesterday.
This is something that I'd never seen in 30 years of working in IT. Being an IT guy, I found that simply cutting and pasting the information into the browser brought me to the sites just fine, but I was curious and found myself wondering if this was some new protocol or something. The nature of IT is that you have to stay up on current changes, as I'm sure you're both aware, and it's become second nature to do research for me about things like this when they come up.

This forum had one of the better explanations as far as the gist of what was being conveyed goes, at least enough for someone experienced like myself to make sense of... but still, the explanations were somewhat cryptic for someone who is not familiar with some of the aspects and terminology that those of us who deal with this stuff all the time take for granted. As I also work with new people and outside customers extensively and write documentation for these groups for a living, I've developed an ability to see things through a new persons eyes over time. The documentation that I have written includes training manuals, procedure manuals, orientation documentation, etc. for major corporations and is used world-wide. I say this not to boast, but simply for your awareness.

So, I write for people who are unfamiliar with various terms and processes, and the purpose and intent of what I write is always with the purpose of providing clarity of whatever I have written about to the extent that the person reading the material can teach themselves and has a high degree of proficiency after reading the material alone without needing any other source of reference.

So, having provided this background information for you, I hope you can now see that no, my intent of posting was not to say that anyone was right or wrong, but simply to provide a more clear, concise, and complete explanation for anyone who might happen to be searching for an explanation of this not-so-commonly known method of hiding links from search engines. I really had no desire to enter into your petty little squabble whatsoever, though I was aware of there being a chance that some one or two of you might rear your head and think you'd felt some slight pin prick... however, 'twas not intended to be taken as such... trust me... I intended to keep the post light-hearted and positive, for the benefit of any newbie just searching and coming across the information for the first time, and I had very much hoped that enough time had passed that no one would really be concerned with any prior spat that had gone on and that my providing this additional clarity would not ruffle anyones feathers...

It's time to let it go, guys... think of the new person who is searching for this information for the first time... all he cares about is the information, to him it is new enlightenment regardless of when it was posted. If this is still being indexed five years from now, someone coming across it in response to a search will see this as if it was just posted, and it will seem as fresh to him as when the post was only a couple of hours old from his perspective...

Okay...?

No harm intended.... no harm done...
...and hopefully a benefit has been very much provided to anyone searching for this information long after our conversation has been completed and we've moved on to more important and pressing matters...

With Kindest Regards & All Due Respect... :cool:

#11 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,540 posts

Posted 04 May 2007 - 01:13 PM

So, having provided this background information for you, I hope you can now see that no, my intent of posting was not to say that anyone was right or wrong, but simply to provide a more clear, concise, and complete explanation for anyone who might happen to be searching for an explanation of this not-so-commonly known method of hiding links from search engines.

The point is that this is not the point... The reason we use that here and the only reason I have seen it used elsewhere is to cripple the link without completing obscuring it... We are not trying to avoid it being picked up by search engines and don't really care all that much if Google finds it... We are simply trying to protect the people that visit here from harm... When you preface your comments with:

Quite Right, Jack, my man...!

who posted:

Ha ha ha - sorry lads, but you got it all wrong.

- You are taking sides... and missing the point in the process... It is true that this will have the effect of masking the link and it is true that anyone can still get to the link with very little effort, but that isn't why we do it and the original question was:

I know http is almost always used, but what in the world is "hxxp"? Sounds to me like this is only used for spyware/viruses/adware/worms/trojans?
I'm not sure, I googled it and didn't find any safe-looking info to look at

We were answering that question...

That said, I appreciate your desire and effort to make communication clear... I have encountered more than enough technological writing that cannot be deciphered without an advanced engineering degree (and sometimes even with it)... Your explanation here clarifies another aspect of using that method of munging links and that is helpful... My objection was to the tone established by your preface, not to the content...

I hope you keep providing clear explanations of tech matters and that you leave out the more provocative part which will tend to munge your point...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#12 racooper

racooper

    Master of my own Domain

  • Retired Staff
  • PipPipPipPipPip
  • 1,420 posts

Posted 30 May 2007 - 06:41 PM

I'm curious as to where you could paste a link with "hxxp://" and have it open anyway. If it was IE, that explains a lot, including why Microsoft's browser is still the best way to get infected....if it was Firefox or another browser, that needs to be reported to them so it can be fixed....

EDIT: Firefox comes back with an "unknown protocol" error. I guess it was another security hole in IE.

Edited by racooper, 30 May 2007 - 06:42 PM.


#13 Geronica

Geronica

    Member

  • New Member
  • Pip
  • 1 posts

Posted 16 May 2009 - 06:50 AM

I intended to keep the post light-hearted and positive, for the benefit of any newbie just searching and coming across the information for the first time

Thanks ItPro, I am one of those people. I am researching a practice HJT log and am seeking info on this prefix.

I think the one I am researching is a Wareout infection as it is part of a 'clicksearch' web address. I still don't see why Wareout would put in a link that is not clickable, so am I right in assumiing that it is written in this way to avoid being detected by AV etc as well as Google?

Keep up tha banter - it's good for my education!

Kin regards

Geronica

#14 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,479 posts

Posted 16 May 2009 - 09:15 AM

Geronica, the whole point before was that the information that jackolan and ItPro posted was simply incorrect. The reason for using hxxp in a post is to prevent the board software from creating a clickable active link. The post will still be indexed by Google or any other search engine. If you were selecting text to copy, and accidentally clicked a link to a potentially bad malware related link, would you want that page to open? I don't think so. That's why that method is used to prevent an active link in the post.

If you had a need (or didn't know any better) to post an address where your pop-up window was going, which do you think is safer for others to read:

http://www.possiblem...te.com/bad.html
or
hxxp://possiblemalwaresite.com/bad.html

Both have the same domain address, but one is a clickable link, and the other isn't

If that was really a bad site serving up malware, and someone accidentally clicked on the link (or clicked to see where it was going and simply didn't know it was an unsafe practice), would you want someone to possibly be infected because you posted a live link? Of course you wouldn't, and we wouldn't either.

The address could also be posted in a code box to prevent the active link:
http://www.possiblemalwaresite.com/bad.html
But that also breaks up the text when you put that in the middle of your paragraph, and many people wouldn't even know that was an option.

As there is no need to dredge up incorrect information from a post made two years ago, this topic is closed.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





Member of UNITE
Support SpywareInfo Forum - click the button