When A.H.S. Boy secured the domain graphics.com this month for a nonprofit Web resource for graphic designers he was building, it seemed like a real coup for his nascent site. That is, until the address started logging thousands of hits while it still consisted merely of an "under construction" marker page. It soon became apparent that the flood of links was caused by a browser quirk that caused certain kinds of badly-coded graphics URLs to link to his domain. Boy seized upon the serendipitous glitch as an opportunity to passively hack those sites that erroneously linked to his, loading them with banners featuring subversive slogans.
For the past several weeks, therefore, unwary visitors to sites, including those for such corporate and political powers as Packard Bell, Corel, and the government of Hong Kong, have been confronted with graphics telling them, "You are only a resource for profit" or, "Revolution is the most beautiful word."
"Of course returning these very subversive graphics that some of these sites are getting, probably won't make the owners of these sites very happy," says Boy, who runs sites for a situationist organization, an Austrian arts group, a bookstore, and his own shareware business off the same server. To show there's no ill-will intended, however, he puts the URL to his site on all the banners, and offers a page explaining how to fix the broken links.
Since many webmasters put their graphics files in a folder labeled "graphics," the "hack" takes advantage of intelligent browsers' default tendency to interpret "graphics" in badly-coded links as "www.graphics.com." The problem is exacerbated when visitors to a site mistype its URL with a question mark instead of a slash. Boy says that almost half of his server's current traffic of 1,500 daily hits are from these errors.
When this plethora of hits began showing up on his site, Boy simply adapted a randomized error-page system he had designed for avoiding static 404 messages on his own site. Now when graphics.com gets a graphics request, a CGI script randomly serves up one of 11 slogans.
Netscape spokesman Christopher Hoover says this is the first time his company has heard of this kind of problem associated with their browser's ability "for resolving these kinds of conflicts" by adding .com to links - a feature which generally provides a useful coding shortcut. He says it's a quirk that's due to the near ubiquity of "graphics" as the name for the folder holding a Web site's art files, and that there's unlikely to be another domain name of similar vulnerability.
Despite Boy's efforts to help sites remedy the underlying code problems, his prank has provoked a number of mystified and angry messages from surfers and site administrators. One "irate webmaster" from a computer reseller's site even threatened to alert the FBI's computer security division, but so far no legal actions have been taken. And Boy isn't particularly worried that they will be, since he never touches anybody else's site. "Their servers are hacking mine," he says. "I'm just controlling it."
