It seems it's been shut down already [1] --apparently after threats of legal action. I can see though how such a site would easily become a major liability honeypot for anyone.<p>[1] <a href="http://t.co/ctKD8VcLpp" rel="nofollow">http://t.co/ctKD8VcLpp</a>
I think a lot of us have come up with variations on this idea over the years. (I know I have. The holy grail is surreptitiously installing a Greasemonkey script on a co-worker's computer, so that the URL is the real URL.)<p>But what's changed in the last year or two is that people are now much more familiar with URL shortener links. Every major media site is using them, and just about everybody understands what their purpose is.<p>I can totally see how someone who would spot a phishing page from a mile away because of the strange URL might overlook the fact that a URL shortener doesn't actually redirect you to the legit page, but rather presents a spoofed version.
An example of a link to a GitHub page: <a href="http://shrturl.co/VUYHJ" rel="nofollow">http://shrturl.co/VUYHJ</a>. (Original: <a href="https://github.com/mozilla/rust/issues/14657" rel="nofollow">https://github.com/mozilla/rust/issues/14657</a> .)<p>I see that SHRTURL deleted the page title, which users might also notice – but it’s better than keeping the original title, which would now be wrong. SHRTURL also can’t handle GitHub’s custom font with which they render their icons, so the site logo is missing. And you are logged out in the linked page, which is pretty visible, but there’s no way SHRTURL could get around that.
Unsophisticated journalists routinely fall for Onion articles getting picked up as actual news items.<p>I can only wonder how often they're going to get pranked by something that really does look like a news site but for a subtle change.
This is pretty funny and well done - but doesn't a real short url just redirect to the original so you end up with the full url in your browser bar?<p>Of course we all know how much attention most people pay to what their browser is telling them.
If you're feeling particularly nefarious, run the URL that Shtrurl.co gives you through often used and more readily "trusted" shorteners like bit.ly or tinyurl.com.
Here's one (Amazon's new phone, title from a /r thread): <a href="http://shrturl.co/Wme7K" rel="nofollow">http://shrturl.co/Wme7K</a>
We had one of these posted earlier today about AH buying YC:<p><a href="https://news.ycombinator.com/item?id=7851238" rel="nofollow">https://news.ycombinator.com/item?id=7851238</a>
One suggestion. Put an annoying top menu / banner up and pretend to load the target content in a frame. There are some url shorteners / sites that do that sort of thing. To a lot of people it will be annoying, but it will hide the fact that they're not actually being served from the target web site.
Error:<p><pre><code> Warning: file_get_contents() [function.file
get-contents]: php_network_getaddresses: getaddrinfo
failed: Name or service not known in /nfs/c04/h02/mn
/180736/domains/shrturl.co/html/create.php on line 18
Warning: file_get_contents(http://gnehmeh)
[function.file-get-contents]: failed to open stream:
php_network_getaddresses: getaddrinfo failed: Name or
service not known in /nfs/c04/h02/mnt/180736/domain
/shrturl.co/html/create.php on line 18</code></pre>
This is really funny, but some points for improvement:<p>1. The editing UI is a bit shaky, for example - not handling links that great.<p>2. It doesn't replicate a site perfectly (This shows even on simple sites like HN)<p>3. If you click on a link you go back to the original site.<p>A modest proposal for improvement - check out TOMODO API.(<a href="http://tomodo.com/api/" rel="nofollow">http://tomodo.com/api/</a>).<p>Their site allows for exactly this kind of modification but, being a commercial startup, is much more polished. They already solved problems 2 and 3 for you and you can use that tech through the API.
Bitdefender Free Edition blocks <a href="http://shrturl.co/" rel="nofollow">http://shrturl.co/</a> (says it's phishing) but doesn't block <a href="http://shrturl.co/AtYui" rel="nofollow">http://shrturl.co/AtYui</a> or other short URLs generated with the site. Seems like pretty poor logic.
I can think of a nefarious way to use this: Amazon.com price matching at brick and mortar stores like Target.<p>Step 1 - Find a product you want to buy<p>Step 2 - Shorten it and change the price manually to a "believable" number<p>Step 3 - Go into Target and show the price to a customer service agent (usually not tech saavy) and they will see that it looks like Amazon.<p>Step 4 - Profit???
Well, every shortened URL I want to access goes through <a href="http://unshort.me/" rel="nofollow">http://unshort.me/</a> . Not only I don't like surprises, but I also hate being tracked for no reason and I'm hoping unshort.me doesn't send everything their way anyway.
Gotta` prepare for HN dude...<p>Warning: mysqli::mysqli() [mysqli.mysqli]: (42000/1203): User db180736 already has more than 'max_user_connections' active connections in /nfs/c04/h02/mnt/180736/domains/shrturl.co/html/inc/bootstrap.php on line 18
Tech from 1942...<p>Warning: mysqli::mysqli() [mysqli.mysqli]: (42000/1203): User db180736 already has more than 'max_user_connections' active connections in /nfs/c04/h02/mnt/180736/domains/shrturl.co/html/inc/bootstrap.php on line 18<p>Warning: mysqli::real_escape_string() [mysqli.real-escape-string]: Couldn't fetch mysqli in /nfs/c04/h02/mnt/180736/domains/shrturl.co/html/view.php on line 6<p>Warning: mysqli::query() [mysqli.query]: Couldn't fetch mysqli in /nfs/c04/h02/mnt/180736/domains/shrturl.co/html/view.php on line 7<p>Fatal error: Call to a member function fetch_object() on a non-object in /nfs/c04/h02/mnt/180736/domains/shrturl.co/html/view.php on line 9
Reminds me of the great prank vaticano.org in 1998: <a href="http://0100101110101101.org/vaticano-org/" rel="nofollow">http://0100101110101101.org/vaticano-org/</a><p>A real piece of art.