Fusker

Last updated

Fusker is a type of website or utility that extracts images in bulk from a website (typically from free hosted galleries) by systematically loading and downloading images following a pattern in the website's URL scheme. Fusking or fuskering is often used to extract private and nude photos without consent of the owner. [1]

Contents

Fusker software allows users to identify a sequence of images with a single pattern, for example: http://www.example.com/images/pic[1-16].jpg. This example would identify images pic1.jpg through pic16.jpg. When this pattern is given to a fusker website, the website would produce a page that displays all sixteen images in that range. Patterns can also contain lists of words, such as http://www.example.com/images/{small,medium,big}.jpg, which will produce three URLs, each with one word from the bracketed list. The web page is then presented to the person who entered the fusker, and can also be saved on the fusker web server so that other people may view it.

Fusker implementations

Server-side fusker software extracts content (e.g. image or video) from its original location and displays it in a new page on the client-side (user's web browser). Content is separated from the surrounding information that the content host may have intended (e.g. links to affiliates or pay-per-click ads). However, the content is not downloaded locally to the client by the fusker server; the new page that the fusker server produces instructs the client web browser to retrieve each piece of content from the content host web server and display it in the new page. This can lead to excessive internet bandwidth usage and waste. Many server-side implementations of the Fusker technology are available on the web.

In addition, a fusker can also be implemented as client software that completely bypasses the need for a third-party fusker web site. By eliminating the need to fusker via a web site, the need to use a web browser is also eliminated. Due to not using a web browser, fusker client software will often store downloaded content locally on the client machine. This reduces Internet bandwidth usage since fusker client software, unlike a web browser, only retrieves content once (no repeat visits to web pages). Fusker client software is able to do this because it can effectively emulate a web browser; referrer and user agent headers are rewritten to an acceptable value, and more complex implementations can also emulate a web browser to the point of being able to click links and log in to accounts. However, just like server-based fuskers, client software fuskers also separate content from its original surroundings, which may have included advertisements on the content host's web site.

With the sophistication of the modern web browser it is now possible to run a client-side fusker software application fully within a web browser such as Internet Explorer. These web browser implementations are capable of reading and extracting the image information in the web pages you browse. They no longer rely on searches of domains with random search strings nor IP address spoofing by impersonating a referrer or user agent. Web browser fusker applications essentially provide a scrapbooking interface within the web browser which allows direct and customized access to the web image content. Some implementations allow you to save sets of fusker information as a collection file which can be electronically shared with other users of the fusker application without the need to store or transmit gigabytes of image data.

Criticism

Visitors to a fusker website frequently see copyrighted pornographic images that have been separated from their intended context, known as hot-linking. Fuskers have been used to obtain media from nude photos hosted on private or password-protected album in Photobucket without the consent of the media owners. [2] [3] Some of these images were then uploaded to the r/photobucketplunder Reddit community, which had 8000 subscribers before it was shutdown when Photobucket sent a DMCA request to the community's moderators. [4]

Companies that provide free hosted galleries strongly dislike fuskers because they have the potential to cost them a lot of money in bandwidth bills, and because the only reason the free galleries are provided is to entice the user into clicking on a more profitable link, and those links are no longer displayed when a fusker is used. [ citation needed ]

Some client-side fusker implementations blindly search domains for images based on common file names and directory structures. Some argue the numerous HTTP 404 file not found and HTTP 403 forbidden server errors generated constitute a denial of service attack. [5] In response, most web site administrators check the referrer and user agent headers sent by the requesting client software to prevent their images from being "fuskered", or require users to log in. [6] However, some fusker software has the ability to emulate a legitimate web browser. referrer and user agent headers are rewritten to an acceptable value, and more complex implementations can also emulate a web browser to the point of being able to click links and log into accounts.

Web browser implementations running within a legitimate browser offer a more legitimate access to the web content. Access through these applications is very similar to having saved a bookmark to the image. However, unlike a bookmark, these implementations may access thousands of images at the same time and may also overload servers not capable of servicing this amount of content.

Etymology

"Fusker" is a Danish term which originally meant a person covertly doing work outside the official guilds. It came into Danish around 1700 from German pfuscher, meaning botcher. Later it came to mean someone cheating (for example using company resources for personal benefit) or alternately doing shoddy work. [7]

History

The original fusker technology was created by Carthag Tuek, [8] [9] who made the Perl CGI script as a work-alike of the UNIX/Linux cURL tool, specifically its URL-globbing functionality.

The idea has been continued by others and ported to other scripting languages.

See also

Related Research Articles

<span class="mw-page-title-main">HTTP</span> Application protocol for distributed, collaborative, hypermedia information systems

The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.

<span class="mw-page-title-main">World Wide Web</span> Linked hypertext system on the Internet

The World Wide Web (WWW), commonly known as theWeb, is an information system enabling documents and other web resources to be accessed over the Internet.

<span class="mw-page-title-main">Web server</span> Computer software that distributes web pages

A web server is computer software and underlying hardware that accepts requests via HTTP or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initiates communication by making a request for a web page or other resource using HTTP, and the server responds with the content of that resource or an error message. A web server can also accept and store resources sent from the user agent if configured to do so.

<span class="mw-page-title-main">Proxy server</span> Computer server that makes and receives requests on behalf of a user

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource.

<span class="mw-page-title-main">Squid (software)</span> Caching and forwarding HTTP web proxy

Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL, TLS and HTTPS. Squid does not support the SOCKS protocol, unlike Privoxy, with which Squid can be used in order to provide SOCKS support.

Inline linking is the use of a linked object, often an image, on one site by a web page belonging to a second site. One site is said to have an inline link to the other site where the object is located [REMOVE LINK]

A thumbnail gallery post (TGP) is a website that provides links to free Internet pornography. TGP sites consist of categorized lists of small pictures linked to full-size images or redirected to another website. Sites containing thumbs that lead to galleries with video content are called movie gallery posts (MGP). The main benefit of TGP/MGP is that the surfer can browse through the thumbnails to get an impression of the content provided by a gallery without actually visiting it, saving on broadband usage.

URL redirection, also called URL forwarding, is a World Wide Web technique for making a web page available under more than one URL address. When a web browser attempts to open a URL that has been redirected, a page with a different URL is opened. Similarly, domain redirection or domain forwarding is when all pages in a URL domain are redirected to a different domain, as when wikipedia.com and wikipedia.net are automatically redirected to wikipedia.org.

<span class="mw-page-title-main">Zero Install</span> Software packaging mechanism

Zero Install is a means of distributing and packaging software for multiple operating systems.

Image sharing, or photo sharing, is the publishing or transfer of digital photos online. Image sharing websites offer services such as uploading, hosting, managing and sharing of photos. This function is provided through both websites and applications that facilitate the upload and display of images. The term can also be loosely applied to the use of online photo galleries that are set up and managed by individual users, including photoblogs. Sharing means that other users can view but not necessarily download images, and users can select different copyright options for their images.

Link prefetching allows web browsers to pre-load resources. This speeds up both the loading and rendering of web pages. Prefetching was first introduced in HTML5.

Photobucket is an American image hosting and video hosting website, web services suite, and online community. Photobucket hosts more than 10 billion images from 100 million registered members. Photobucket's headquarters are in Denver, Colorado. The website was founded in 2003 by Alex Welch and Darren Crystal and received funding from Trinity Ventures. It was acquired by Fox Interactive Media in 2007. In December 2009, Fox's parent company, News Corp, sold Photobucket to Seattle mobile imaging startup Ontela. Ontela then renamed itself Photobucket Inc. and continues to operate as Photobucket.

An image hosting service allows individuals to upload images to an Internet website. The image host will then store the image onto its server, and show the individual different types of code to allow others to view that image. Some of the best known examples are Flickr, Imgur, iMGSRC and Photobucket, each catering for different purposes.

In HTTP networking, typically on the World Wide Web, referer spoofing sends incorrect referer information in an HTTP request in order to prevent a website from obtaining accurate data on the identity of the web page previously visited by the user.

<span class="mw-page-title-main">HTTP referer</span> HTTP header field

In HTTP, "Referer" is an optional HTTP header field that identifies the address of the web page, from which the resource has been requested. By checking the referrer, the server providing the new web page can see where the request originated.

A home server is a computing server located in a private computing residence providing services to other devices inside or outside the household through a home network or the Internet. Such services may include file and printer serving, media center serving, home automation control, web serving, web caching, file sharing and synchronization, video surveillance and digital video recorder, calendar and contact sharing and synchronization, account authentication, and backup services. In the recent times, it has become very common to run literally hundreds of applications as containers, isolated from the host operating system.

Mobile web analytics studies the behaviour of mobile website users in a similar way to traditional web analytics. In a commercial context, mobile web analytics refers to the data collected from the users who access a website from a mobile phone. It helps to determine which aspects of the website work best for mobile traffic and which mobile marketing campaigns work best for the business, including mobile advertising, mobile search marketing, text campaigns, and desktop promotion of mobile sites and services.

Change detection and notification (CDN) is the automatic detection of changes made to World Wide Web pages and notification to interested users by email or other means.

Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website or web application where unauthorized commands are submitted from a user that the web application trusts. There are many ways in which a malicious website can transmit such commands; specially-crafted image tags, hidden forms, and JavaScript fetch or XMLHttpRequests, for example, can all work without the user's interaction or even knowledge. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser. In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account.

References

  1. "Photobucket shuts down Reddit's nude photo thieves". NBC News. Retrieved 2021-08-14.
  2. Read, Max. "Ladies: 8,000 Creeps on Reddit Are Sharing the Nude Photos You Posted to Photobucket". Gawker Media. Archived from the original on 12 August 2012. Retrieved 16 August 2012.
  3. Notopoulos, Katie. "The Dark Art Of "Fusking"". BuzzFeed. Retrieved 16 August 2012.
  4. Gilbert, Jason (2012-08-16). "Photo Site Cracks Down On Peeping Toms". HuffPost. Retrieved 2021-08-14.
  5. Limmer, Eric. "What a DDoS Attack Looks Like".
  6. "How to block Fusker". 2005-03-13.
  7. "Fusker". Ordbog over det Danske Sprog.
  8. Sensible Erection Accessed August 1, 2015
  9. Sensible Erection Accessed August 1, 2015
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.