Tips & How To's

Website Detective 102 or How To: Figure Out Who Made A Site

For one reason or another, it’s often interesting to find out who’s responsible for a website. For example, when I find sites a great website I like to dig around the designer’s portfolio and look at their other work for ideas and inspiration. Example 2, in pervious jobs I’ve had to track down content thieves. Maybe you’re part of a vigilante mob, and need to figure how where to send a bunch of pizza. Whatever.

Due to a whole slew of – perfectly legitimate reasons – it’s fairly uncommon for a website to clearly identify the parties responsible for design, development, hosting, support, etc. It can be a little difficult to figure out sometimes.

Typically when trying to figure out who made a website I take the following steps (in order):

  1. Google the domain name (in quotes). If the site is listed in the body of the portfolio, it’ll often show up in the first page of results. You could probably throw other keywords – like “portfolio” or “design” or something – into the search. I usually don’t bother.
  2. Take a look at the HTML, Javascript and CSS source. Sometimes the comments contain copyright notices, author names or other clues. companyname.js is always a good one.
  3. Do a whois lookup of the domain. Sometimes the designer will be listed as one of the contacts or the design company will actually run their own nameserver. But with domain privacy services this is becoming less fruitful.
  4. When that fails I load up Among a variety of other tools, the site has a utility (under the “shared” tab at the top) that lists domains sharing the same IP, sharing the same name server, sharing the same mail server. If you’re lucky, one of those domains will be designer.

Number 4 was my old pro-tip that made me feel smarter than everyone else online.


Recently I’ve discovered Google Analytics ID databases.

A Google Analytics ID is the part of Google Analytics tracking code that identifies a website, it sits in the tracking javascript running on every website using Google Analytics. The look like “UA-#####-#”. Each site has a unique ID, except when you set up a website’s profile under a parent account, the first part of the ID is shared by all the child accounts. So, UA-12345-1 and UA-12345-2 are in the same account, probably controlled by the same person or company.

Evidently, there are a number of services that crawl the intertube recording which Google Analytics IDs are found on which sites. seems to be a good one, but if that fails, you can always Google the ID (in quotes).

TL;DR: This is how I found out was run by @klondike, before he tweeted about it.

Tips & How To's

How To: Hack Into OS X Lion

Yesterday one of two things happened, either a) I completely an entirely forgot my OS X login password or b) OS X refused to accept my password. I have no way of knowing which was the case, but regardless, I was unable to access my computer.

I almost had a major meltdown, until Google informed me that OS X Lion is horribly insecure! Horribly, horribly insecure.

You can gain access to (almost) anyone’s Lion account in 3 simple steps.

  1. Restart the machine in recovery mode by holding down cmd+r on reboot.
  2. Open terminal in the utilities menu.
  3. Type `resetpassword`.
Am I missing something? Is this not as bad as I think it is?
Google Tips & How To's

How To: Tumblr Style Google+ Redirect

Tumblr just added a feature to redirect to your google plus account.

Neat idea.
You can do it yourself in .htaccess. Just add:
Redirect 301 /+ {insert your profile url here}

Check it:

Thanks to Isaac Lewis

Tips & How To's

Assault on the Hash (or how to make secure your passwords)

In a recent episode of Build & Analyze Marco Armet (creator of Instapaper) explained that the standard practice of salting a hash is no longer a really good way to secure passwords. CPUs (and GPUs) are so fast that they can effectively guess your salt in a reasonable amount of time*.

The solution, use bcrypt. Essentially, it’s an extremely slow hashing algorithm.

To me this seems a little bit like security through obscurity, every once in awhile – as CPU speed increases – you’ll have to update your algorithm to generate hashes even slower.

See also.

*A modern server can calculate over 300MB of hash data per second!

Tips & How To's

How To: File Upload Progress Bar. No Flash. No PHP addons.

Upload progressbars are pretty common on the web these days, they add a touch of feedback to the long and mysterious process of uploading a file to a website. Unfortunately, the most common methods for doing so involve flash or baring that PHP addons that require a recompiling.

In this post I’m going to talk about creating an upload progress bar without the need for a clunky flash object. I’m going to do it with PHP, jQueryUI and a gracefully-degrading framework-independent library.