St. Petersburg Times Online
 Devil Rays Forums

printer version

Snare tactics

Unscrupulous Webmasters can pull from a bag of dirty tricks to ensnarl surfers.

By By J.D. BIERSDORFER, New York Times

© St. Petersburg Times, published November 1, 1999

Page-jacked. Mouse-trapped. Innocent surfers diverted from perfectly benign sites to online pornography enclaves and unable to escape. Streaming Webcast at 11.

On the Web, dirty tricks are everywhere. In September, would-be visitors to 25-million popular Web pages were intentionally rerouted to and then stuck at pornography sites. The incident brought to light one of the annoying aspects of Web surfing: You cannot always go where you want and, if you are in a place you don't want to be, you cannot always get out easily.

Some side trips are the result of mistakes by surfers, but many are the work of Webmasters who bend and twist HTML code into trapping people in one spot like overeager used-car salesmen. Sites that specialize in pornography are the most obvious practitioners of user manipulation.

"From my experience, they were definitely the ones leading it," Daniel Glovich, the manager of Web development at the e-commerce site Cybershop, said of the use of these tricks. "But then, like a lot of things on the Web, everybody saw that it worked -- and followed."

All of these tricks are irritating. Some are downright deceptive. The Federal Trade Commission filed an injunction against the parties responsible for the September page-jacking case. One reason the agency took such aggressive action was that "There isn't a whole lot the consumer can do," said Paul Luehr, assistant director of marketing practices at the FTC. "They were deceptively driven to these sites and then held there against their will."

The FTC has a form on its Web site ( and a toll-free number, (877) FTC-HELP (382-4357), for consumers to file complaints about misleading sites.

Of course, creative coders are constantly thinking up new ways to turn Web pages evil. Here are some of the more common and more frustrating dirty Web tricks.

Breaking your back button

You're clicking your way around the Web, exploring pages and following links. On one site, you click on the Back button at the top of the browser. Nothing happens. You click again and repeat until bedtime. Most likely, the button was intentionally disabled by the Web page itself. The button may be "grayed out" on some sites.

Why does it do this? To keep you right where you are so you will look at the content (and the advertising). This type of rude behavior was used in the scheme in September: The user's Back and Home buttons were rigged to lead to more pornography sites.

The dastardly deed is commonly performed with JavaScript, a powerful programming tool used with HTML, the programming language used for making Web pages. Programmers can use JavaScript to create a loop: Each time a window closes, a new one opens. Because the window is "new," there is no Back button because the browser thinks there is no place to go back to.

"Every time that window closes," Glovich said, "there's another JavaScript that will do the same thing. You try to close it, and it opens up another one."

Is there any way out of these endless loops? "There really isn't a way to beat it," Glovich said. "You just have to shut it down."

You can disable JavaScript: Netscape will let the user do this in the program's preferences. "There are some trade-offs in doing that," Luehr said. "Turning off your JavaScript reduces the power and interactivity of the Internet in some respects."

A game of metatag: You're it

Has your favorite search engine ever brought back all sorts of results that had nothing to do with your request? Take the tale of a certain volunteer who was teaching a roomful of 10-year-old girls how to use search engines during a Take Our Daughters to Work Day event. (Okay, it was me.)

The class wanted information on pop star Britney Spears. Back came the results, most from pornography sites that had cleverly embedded variations on the Britney Spears name -- which the girls had misspelled -- in a special area of their pages that search engines use for indexing.

A metatag is a place in the HTML code where information about the page can be listed -- such as who made it and how often they update it -- as well as keywords that indicate what the page is about. HTML coders can put whatever they want in the metatags, including things that have nothing to do with the page. According to a recent list in a site that tracks search terms, "MP3," "sex" and "Hotmail" were the most popular search words. Imbedding popular terms in the metatags of a site on, say, lobster traps in Nova Scotia will draw many more surfers, not just the ones that searched for "traps and lobsters."

Some companies will imbed the name of business rivals into the metatags on their own home page. "That way, if someone searches for them, they'll find you," said Danny Sullivan, editor of the Search Engine Watch site.

"It's kind of part art, part science, but they really know how to work the search engines using metatags," Glovich said. "But metatags are only a part of it. It's keyword density, how many times that word appears in the document, in what locations in appears, in what format does it appear in -- a bunch of things like that contribute to the placement in the results. They totally know how to work it, and it's not all that difficult to do."

The solution lies with the search engines, not the surfers. "Search engines are moving away from crawling and just indexing anything automatically," Sullivan said. "Now, what the search engines are doing is relying on humans to categorize Web sites." Lycos and the search engines on AOL and the Microsoft Network are adopting this tactic, he said. "It's harder to spam, if you will, a human being," he said. "You can't just flip it past them, because they're smarter than a machine."

The law has caught up with a few companies using trademarked terms just to get search hits. Playboy has sued numerous sites for embedding its name in their code.

Windows begetting windows

Have you ever called it quits after hours of surfing, closed your browser window and discovered several other open browser windows still on your screen, piled one on top of another?

That trick is used to keep users connected to one site, even if they are looking at another. The HTML code writer can tell the browser to treat the desired link as a new window, which opens on top of the first one.

Many sites use this tactic to smack you in the eyes with advertisements, display supplementary information or lead you to a different section of the site. Sites that specialize in MP3 downloads often are guilty of this "window farming."

Some sites will open windows that contain paid advertisements. "They get paid per view in general for these cases," Glovich said. "So the more they pop, the more they make."

One way to put a stop to this sort of thing is to visit your favorite shareware archive for inexpensive programs that keep browser windows from breeding like bunnies. Intermute ( sells such a program, which works for Windows and the AOL browser, for $20.

Spellcheck won't save you now

Everyone makes a typo now and then. Some of the craftier Web entrepreneurs rely on these slip-ups to send you to sites you were completely unprepared for.

Yahoo! had the foresight to pay for an extra "O" and claim as its own, which properly leads to If you don't know how it is spelled, though, and try by mistake, you go to the Net One, a different search site. In another case of competitors trumping their rivals, leads to the home page of Linux, the operating system that is challenging Windows.

Sometimes, a transposed keystroke can be more problematic, especially if you are teaching a child how to search the Web. Mistyping can whisk you to a porn site. Missed punctuation, such as the period after the "www," also may result in unplanned visits.

Some sites gamble on your guessing wrong when you don't know the exact address of a site. Many browser versions will let you type just the middle part of the domain name, adding the "http://www." and the ".com" automatically. A classic example of a sex site preying upon unsuspecting users is a variation of the White House site address, If you want to visit the president's house, take special note of the .gov suffix.

Two years ago, the FTC was involved in a case in which an Australian company was selling domain names through a Web site called (as opposed to, the real site, run by Network Solutions). The company was charging $250 for domain-name registration, sending the regular fee to Network Solutions and pocketing the rest. As many as 13,000 people in nine countries were duped.

Look, don't touch

Have you ever noticed two Web sites that look exactly like each other except for the domain names and contact information? One may be a clever copy, made to steal the economic or creative thunder of the original. And you may have no other clues that you are not looking at the original site.

In September's Internet case, as many as 25-million popular Web pages were copied onto Web servers and code was added to reroute viewers to pornography sites. When search engines displayed the fake pages as search results and the users clicked on the links, they were taken on a triple-X ride. Some people are slicker than others about doing this type of thing.

"This is the equivalent of somebody taking a shotgun, pointing it at the sky and hitting a whole bunch of ducks," Sullivan said. "It wasn't subtle at all. In contrast, people who are really sophisticated don't throw up 25-million pages and hope to pick up traffic."

The copied-pages syndrome often happens to sites celebrating pop-culture icons such as Xena the Warrior Princess, but corporate theft, such as stealing a business competitor's pages and changing the contact information, also abounds. A successful digital communications company had its Web site stolen by someone in Russia who presented it as his own. (Fearing further security breaches, the company refused to comment on the matter.) For the common user, though, paying close attention to what is on the screen -- look out particularly for Web addresses that bear little resemblance to the site name -- might be the best defense.

What you see isn't what you get

A few years ago, when Netscape's Navigator was slugging it out with Microsoft's Internet Explorer to be king of the browser hill, some sites would optimize their pages for their browser of choice, intentionally make their content look bad for the competition and even block access to the site. Although these browser wars have pretty much ended, a few stalwarts are still clinging to old grudges.

Another reason a page may look bad is that it was never intended to be looked at in the first place. Some companies slap together Web "landing pages," also called "bridge" and "spam" pages, that are meant to be seen not by people but by search engines. By playing these pages into a search engine's algorithm, businesses that specialize in Web placement can boost a client's ranking on the search results page.

"There are actually companies out there that their whole purpose is just to create and maintain landing pages like that and redirect the traffic," Glovich said. Although driving up search-engine results is a lot harder now, he said, it was not that way a few years ago. "It got to the point where, literally, inside of 10 minutes, you could manipulate Infoseek and take over the top five positions for any given query."

"It's definitely not that easy anymore," said Bill Rose, vice president of search and content at Infoseek. "We have a lot of technology that's analyzing the URLs that people are submitting to be sure they're not trying to spam or create bad search results."

Sullivan said that some major search engines were starting to use different criteria to rank a page, including how many other pages are linking to it. "If lots of links are pointing at it, then maybe it will rank higher," he said. "It's a harder thing for somebody to go through and try to manipulate for spam."

Advertisements in disguise

Some Web links are intentionally misleading, or they will display an advertisement before you can continue to your desired destination, or they will camouflage themselves. One box on Alta Vista's Computers and Internet page looks like a site-search line for hardware and software, but clicking on it takes you to an online computer store.

Another increasingly popular trick is a banner ad -- the horizontal strip of commercialism found at the top and bottom of Web pages -- disguised as something else, such as a form to fill out or a trivia question to answer. Yet another popular trick involves a system-alert box.

Duplicitous banner advertisements can be designed by graphics professionals to resemble ominous computer messages, and new users may be nervous enough to click on anything that says "OK" to make it go away. Only after you end up in an unexpected sales environment with a perfectly functioning computer does the ruse become apparent.

Next time you are on the Web and think your computer is complaining about something with an alert box, look closely. Real system alert boxes pop up in the middle of the screen and float above the active window. Fakes are usually nestled right in there with the Web page content. Of course, Macintosh users will probably spot them right away -- most of the ads resemble Windows messages.

Back to Tech Times

Back to Top
© St. Petersburg Times. All rights reserved.