INeedAttention.com

Rants on business, science, technology, society, politics, police, and justice, plus life hacks and tricks, since 2003.

INeedAttention.com header image 2

Using CSS to Conceal Extreme Tracking Code; Avoiding the Code Tampering Detection

September 8th, 2006 · No Comments

Extreme Tracking (dot com) is a basic web site statistics service. They offer free web site traffic reports, viewable to visitors and the site owner alike, as well as a paid version of the same service that is private, and viewable only by the person that pays the bills. In the past, it was possible to modify the Extreme Tracking code such that a public tracker could be made essentially non-public. By changing the image’s size properties to to 1 pixel wide and 1 pixel high, the tracker would appear only as a faint dot on the screen.

<img xsrc=”http://t1.extreme-dm.com/i.gif” mce_src=”http://t1.extreme-dm.com/i.gif” height=38
border=0 width=41 alt=””>

Would become:

<img xsrc=”http://t1.extreme-dm.com/i.gif” mce_src=”http://t1.extreme-dm.com/i.gif” height=1
border=0 width=1 alt=””>

At some point today, their system implemented a code-checking mechanism. Modifying their tracker source code is against their terms of service apparently, so they implemented an automated solution to combat this tampering. Now, their systems load a client website and ensure the code is properly embedded in the HTML source of the page.

However, a simple combination of HTML and style sheets (or inline CSS) can conceal the tracker code as-is but leave it loaded properly. Adding a “<div>” tag around the tracker code, and setting the style property “visibility” to “hidden” causes the code to be loaded and the javascript wrapper to be executed properly, while avoiding direct tampering with the tracker code.

After embedding the Extreme Tracking code in a page, add <div> tags as follows:

<div style=”visibility:hidden”>
— Extreme Tracker code goes here —
</div>

The tracker code will be invisible, albeit still clickable, and will still pass code validation. Note that this service is pretty sweet though, so although it’s a bit uncool to hide the code, if you want your reports to be private, you should consider paying for the non-public tracker. Of course if you’re not interested in paying, Google Analytics offers free tracking of arguably higher intensity, at the cost that your website becomes a part of Skynet.

Tags: Computers · pwn3d! (Hacks and Tricks) · Technology

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment