Synthetic Monitoring

Simulate visitor interaction with your site to monitor the end user experience.

View Product Info

FEATURES

Simulate visitor interaction

Identify bottlenecks and speed up your website.

Learn More

Real User Monitoring

Enhance your site performance with data from actual site visitors

View Product Info

FEATURES

Real user insights in real time

Know how your site or web app is performing with real user insights

Learn More

Infrastructure Monitoring Powered by SolarWinds AppOptics

Instant visibility into servers, virtual hosts, and containerized environments

View Infrastructure Monitoring Info

Comprehensive set of turnkey infrastructure integrations

Including dozens of AWS and Azure services, container orchestrations like Docker and Kubernetes, and more 

Learn More

Application Performance Monitoring Powered by SolarWinds AppOptics

Comprehensive, full-stack visibility, and troubleshooting

View Application Performance Monitoring Info

Complete visibility into application issues

Pinpoint the root cause down to a poor-performing line of code

Learn More

Log Management and Analytics Powered by SolarWinds Loggly

Integrated, cost-effective, hosted, and scalable full-stack, multi-source log management

 View Log Management and Analytics Info

Collect, search, and analyze log data

Quickly jump into the relevant logs to accelerate troubleshooting

Learn More

Things a hacked URL shortening service could do to you


URL shortening services have been around for a long time (TinyURL started back in 2002) but it wasn’t until Twitter started gaining momentum that they became widely popular. Now we have a TON of them, including the original TinyURL, Bit.ly, Is.gd, and many, many more.
We have all placed an enormous amount of trust in these services by using them to such a large extent. They offer a legitimate, highly useful service, but we should at least be aware of the flip side of the coin.

Inherent problems with URL shortening services

There are several inherent problems with the use of URL shortening service, especially the widespread use that has become common on the Web lately.

  • It’s a middleman service that can break or cause slowdown. A URL shortening service acts as a middleman, redirecting you to the page that matches the shortened URL. Not only will that add overhead to how quickly you can access the target website, but if the service breaks you won’t be able to access the URL at all.
  • What if the service disappears? If the service gets shut down for some reason, goes out of business, loses control of its domain name, or suffers from an irredeemable crash, your shortened URLs will never work again. (Although not a shortening service, remember how Del.icio.us competitor Ma.gnolia had to shut down after losing its data. These things do happen.)
  • Hidden target link. You can’t look at a shortened URL and see where it leads which makes them popular for spam links.

And of course, there is always this nightmare scenario, which is what we referred to in the headline of this article:

Worst-case scenario, a hacked URL shortening service

Imagine if an enterprising hacker manages to compromise the URL shortening service you use (it’s happened). That hacker could potentially redirect ALL traffic going through the URL shortening service to whatever URL(s) he or she wants.
A compromised service could:

  • Redirect you to websites with malicious code. You can end up being redirected to a web page with malware that could compromise your computer.
  • Make you part of a DDoS attack. If all traffic (or a good part of it, especially for one of the larger services) is redirected to a specific target, the large amount of traffic would effectively become a DDoS attack on the target website.

Why we’ll keep using them anyway

In spite of everything we said in this article, URL shortening is a smart service, and in the era of Twitter pretty much a necessary one. You don’t want half of those 140 characters taken up by a long URL. Still, we suspect that it’s only a matter of time before one or more of the scenarios we have mentioned above become a reality. Hopefully we’re wrong. Knock on wood.
Photo by Ian Hampton.

Facebook, Instagram, and WhatsApp Down for Over Five Hours

Did you unconsciously open Instagram, Facebook, or WhatsApp several times throu [...]

The Pingdom Guide to the Internet

By Rachel Frnka We may be biased, but we think we’ve had some great blogs [...]

end user data
Extend Your APM Capabilities With End-User Data

In the internet-driven economy, businesses rely on applications for different f [...]

Troubleshooting End-User Issues With a DEM Tool

In the last decade, businesses have made massive investments in the digital eco [...]

Proactive End User Monitoring
A Riddle, a Sale, and the Importance of Proactive End-User Monitoring

By Rachel Frnka Finally, the days are getting longer, the sun is heating up, [...]

Monitor your website’s uptime and performance

With Pingdom's website monitoring you are always the first to know when your site is in trouble, and as a result you are making the Internet faster and more reliable. Nice, huh?

START YOUR FREE 30-DAY TRIAL

MONITOR YOUR WEB APPLICATION PERFORMANCE

Gain availability and performance insights with Pingdom – a comprehensive web application performance and digital experience monitoring tool.

START YOUR FREE 30-DAY TRIAL
Start monitoring for free