« duben 2005 »
PoÚtStČtSoNe
    
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
       
Today

Navigation

Speaker Profile
Roumen's Weblog
Login
Sun Bloggers
Technorati Profile

Am I popular?

Today's Page Hits: 966

Contacts

Name: Roman Strobl
E-mail: roman dot strobl
at sun dot com

NetBeans

Java Sites

Javalobby
The Server Side
Java Tips
Java Blogs
java.net
java.sun.com
java.cz

Blogs

NetBeans:
Geertjan
Brian Leonard
Gregg Sporar
Lukas Hasik
Ludovic Champenois
Vincent Brabant
Alexis Moussine-Pouchkine
Jullion-Ceccarelli
Tom Ball
Tim Boudreau
Jesse Glick
Petr Blaha
Ruth Kusterer
Jara Uhrik
xzajo
Jan Lahoda
James Branam
nbextras.org

Sun:
Kazem - bug cartoons ;-)
Tor Norbye
Romain Guy
James Gosling
Chief Gaming Officer
Bill Vass
Jim Grisanzio
Jonathan Schwartz

Planets:
Planet Netbeans
Planet Sun
Planet Eclipse

Other:
netbeans-blog.org
Joel Spolsky
Bruce Eckel

License info

Creative Commons License
This work is licensed under a Creative Commons License.

Recent Entries

Map of visits

Locations of visitors to this page
All | Books | Duke with Megaphone | Flash Demos | Fun | General | Hacking NetBeans | Java | Movies | NetBeans | OpenSolaris | Podcasts | Quick Tips | Travel | Usability
« Previous day (Apr 1, 2005) | Main | Next day (Apr 2, 2005) »
20050402 Sobota duben 02, 2005
Blog Stats not Accurate? (and Exploitable?)

Ever since I wrote my first post here, I had a strange feeling about the "Today's Page Hits" number on the right side of the page. You can imagine I was checking the number again and again to see if I am already popular. But it was not changing! It seemed like I sometimes didn't get the number I expected.

There must be some caching, I thought, perhaps I need to change my browser settings. I remember Internet Explorer having such options refresh every visit to the page, etc. Including the "automatic detect" option I never understood. I'm using Firefox, but there are no such settings there.

Anyway, this would not be a geek enough solution. So I came with this one - add some random get variable to the URL, like:

http://blogs.sun.com/roller/page/roumen/20050401?r=217868734568

If you do this, you can be pretty sure you get the right number of visits. There's no chance for caches, proxies or any other monsters on the way to cheat the client. They all know this is dynamic content and only the server has the right data.

Before you try it, there's a little trick. You need to change the number all the time, because if it remains the same, some caches might become clever enough to pretend they know the answer. You can choose any arbitary variable name, so

http://blogs.sun.com/roller/page/roumen/20050401?tgif=14654654

works too. Oh btw: and it seems to be a small "security" hole, you can get a lot of hits this way, too.

P.S. I've added this way 50 hits to my blog. It's time to go to sleep. Maybe I'll write a small script for this.

Update: I just wrote the script. I have no bad intentions whatsoever (I'm a white hat), just want to try to change the number of hits. I've placed some sleep into the script so that I do one hit per 10 seconds or so to avoid any DoS-like behaviour. Once tested, I'll report this issue to the author of the blog engine and will not do it again. If you have comments, let me know...

Update no.2:

Saturday's table, real, no photoshop.
Permalink Comments [9] ( V 27 2005, 12:13:34 odp. CEST / IV 02 2005, 12:34:37 dop. CEST )
Trackback: http://blogs.sun.com/roumen/entry/blog_stats_not_accurate_and


    Disclaimer: The contents of my blog represent my personal opinions which may differ from official views of my employer, Sun Microsystems.