Noticed it here
https://twitter.com/wikileaks/status/446263047812702208
wwwwwwwwwwwwwwwwwwwwww.bitnik.org
Is this some security feature?
Asked
Active
Viewed 856 times
1
-
And also, while www stands for world wide web (besides other meanings), what does wwww, wwwwww or wwwwwwwwwwwwwwwwwwwww stand for? – Moritz Both Mar 21 '14 at 11:21
2 Answers
4
It has nothing to do with security. Anyone who controls DNS records for a domain name (e.g., bitnik.org) can create any number of A records. Using dig (which queries DNS records) from my location, I'm getting the same two servers (cloudflare) for anywhere from 3-22 w in a row.
drjimbob:~$ for i in $(seq 3 22); do dig +nocmd $(printf 'w%.0s' $(seq 1 $i)).bitnik.org +nocomments +nostats +noquestion; done
www.bitnik.org. 290 IN A 162.159.243.12
www.bitnik.org. 290 IN A 162.159.242.12
wwww.bitnik.org. 290 IN A 162.159.243.12
wwww.bitnik.org. 290 IN A 162.159.242.12
wwwww.bitnik.org. 290 IN A 162.159.243.12
wwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.242.12
wwwwwwwwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwwwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.243.12
wwwwwwwwwwwwwwwwwwwwww.bitnik.org. 290 IN A 162.159.242.12
Note the semi confusing command is just a bash loop to run the commands:
dig +nocmd www.bitnik.org +nocomments +nostats +noquestion
dig +nocmd wwwwwwwwwwwwwwwwwwwwww.bitnik.org +nocomments +nostats +noquestion
with all the values from 3 to 22 w's. Note querying more or fewer w's will result in no record found, SOA (source of authority) is dns.cloudflare.com.
Just someone randomly decided to set it up like that -- why? Who knows. Also, if you make an HTTP request to the root for any of the other domains, you will get a temporary redirect (HTTP: 302 Found) to the one with 22 w's ( http://wwwwwwwwwwwwwwwwwwwwww.bitnik.org/). See the HTTP response headers, which tells your web browser to make another request at the URL given in the Location line.
jimbob:~$ curl -I www.bitnik.org
HTTP/1.1 302 Found
Server: cloudflare-nginx
Date: Thu, 20 Mar 2014 21:13:47 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Set-Cookie: __cfduid=d742e5312b8eb7d1ff745449ae453dfc61395350027711; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.bitnik.org; HttpOnly
Location: http://wwwwwwwwwwwwwwwwwwwwww.bitnik.org/
Vary: Accept-Encoding
CF-RAY: 10e4ea69390e01ed-EWR
dr jimbob
- 39,312
- 8
- 94
- 164
-
-
-
@gabe - No I do each query once; note each query returns back two A records (for
*.242.12and*.243.13) telling your browser to use either IP address. This is what DNS servers are meant for, doing ~20 queries is not "excessive" (and a single DNS query is ~100 bytes). Visiting a standard web page typically requires dozens of queries if the domains aren't already hashed. If anything their configuration of having a TTL of only 290 seconds (telling your browser and other DNS servers they should only cache the DNS query for 290 seconds) is the much more significant penalty. – dr jimbob Mar 21 '14 at 15:59 -
1
-1
This is more likely a way to hide where the true server is on wikileaks side not as much for your security as much as for them to be able to hid all of their true server locations behinds tons and tons of subdomains which are actually impossible to know them all unless you are the name server hosting this domain name. You can guess some of the many they have using google and something in the search like "bitnik.org" a ton of them might show up or none might show up as if they don't allow bots to crawl their site it would be much harder to find all of the subdomains.
or it's just the owner wanting something to stand out from normal websites who like small domains...
Edit:
in this case it's most likely because it forces users on twitter to visit the link so that the url does not give anything away...
gabeio
- 139
- 6
-
2In this case, it's more likely to be the second reason (the last line of your answer). Any number of
Ws >3 will redirect to the long one. – Adi Mar 20 '14 at 16:04 -
yeah I don't surf those sites often so I wanted to cover the possibilities. – gabeio Mar 20 '14 at 16:05
-
1What do you mean its a way to hide where the true server is? It's a public-facing DNS A record. It doesn't hide anything. – dr jimbob Mar 20 '14 at 21:28
-
try finding all of the subdomains of google, or facebook, or anything you can't there's no way to know that you have them all without either beating the crap out of their dns server or a public dns server I didn't mean that those servers wouldn't be visible... – gabeio Mar 21 '14 at 05:33