Hide Your Files in a Web Account, on your office LAN, etc...

Your generous donations help keep this site online! ~~Click here~~ to support cexx.org.

Unlimited Free File Storage

Got files to store? Don't know what to do with them? Use a Free Webpage Provider (FWP)! Having a filestore can often come in handy, e.g. if you want to share programs among multiple computers, pass apps, pictures, MP3s, etc. to friends, or as a temporary extension to your puny overstuffed hard drive.

The Basics: Finding free Web servers

The easiest way to find a FWP to use as your storage space is to search on the Internet. Not only will this turn up oodles of providers themselves, but also sites which list 'em by the bundle. You'll find helpful ratings and reviews that will help you pick the best servers for your needs. If all else fails, you can try some of the old file-storage favourites e.g. Tripod (11meg), Geocities (11meg), Angelfire (5meg), Xoom ("unlimited") ... The best server for you personally depends on a number of factors including:

Server speed

Will you be uploading large files, and accessing them often? You will want the fastest server you can get your hands on. For more modestly-sized files, or ones you will access infrequently (or only once?), server speed is of much less concern.

Reliability

Are your files mission-critical? If you need 'em when you need 'em, a reliable server is a must. Server downtime is not as much of an issue for unimportant files, or if you don't mind downloading them some other time if the server is down. (Better to have files on a 75% reliable server with lax enforcement than a 100% reliable server with both thumbs on the Delete button)

Space allotment

How much file space do you need? A typical FWP will offer between 5 and 25 megs of space, with other offers of every description out there for the taking. Some will even offer unlimited bandwidth or disk space. In general, if you need 50 megs it's probably better to get 5 10-meg sites than one 50-meg, in the event your account comes to the attention of the higher-ups. And remember, use those "unlimited" disk quotas with caution! There's no such thing as an unlimited account, and any account that stands out with an excessive usage of space or traffic will find itself squarely in the admins' crosshairs for investigation. Unless you've camoed those contraband files well, this normally means the sysops will throw a delete party in your account.

Provider Size/Population

Smaller providers tend to catch counter-exploitation more quickly than bigger servers that have a lot of area to police. Be wary of servers with a reputation for rapidly finding and ejecting violations, or ones that have volunteer policing mechanisms in-place (GeoCities, Tripod et al). Additionally, smaller "homey"-feeling providers may actually be in the FWP racket for fun over profit, or to give back to the internet community that has given so much. Using a "goodhearted" provider for file storage or some other unwelcome activity simply isn't in the spirit of counter-exploitation--the idea is to beat true exploiters to the punch, not to take unfair advantage of actual generosity.

Account turnover rates

Turnover refers to the rate at which new users tend to replace old ones, as accounts get deleted. A high rate of account turnover could mean users aren't particularly fond of the service and are leaving to seek better. It can also mean that the provider is zapping a lot of accounts for TOS violations or other reasons. Some common earmarks of high-turnover sites include a lot of "Member not found" or 404 errors, as well as a specific link (on another page, search results, etc.) leading to a completely unrelated page--this usually means the account has been deleted and another user has since moved into the same space or account name. You can get an idea of a particular server's turnover by asking around, or by checking out the general level of development of members' sites. The longer a site has been around, the more complex and developed it will be, much like a tree develops over time. A high percentage of "one-pagers" or contentless monstrosities ("Come back soon/I haven't moved in yet" are a dead giveaway) indicate newly-signed accounts. A red flag should go off whenever the turnover is high.

Second Chances

If your account is found in violation, will you get advanced warning that your files are about to be zapped? Typically, some services will give a warning message before nuking a delinquent account--if the violation is minor. Accounts with no redeeming value, being used blatantly in violation of the TOS, seldom get second chances. The second chance gives you time to move your files before their imminent deletion, and maybe bring the account into compliance with established rules (if applicable). If you can ever find a provider with a guaranteed "second chance", hang onto it like gold.

(Be sure to read carefully the section on protecting your privacy when signing up an FWP account before you fill out that sign-up form!)

If you intend this account to be "permanent" in that you can give out the address to your friends, people who maintain linklists, etc. and not worry about your URL going dead in event of deletion, get yourself an easy-to-remember redirector URL in case the worst happens. If your stuff does get zapped, just update your forwarding URL on one of these services and you're back in business!

So now you've got an account or two (or three of four or five) with some free Webspace providers...now what? If you're thinking, "Upload the filez", please take a moment right now to pick up a blunt object and hit yourself over the head repeatedly with it. Unless you only need a few days (minutes) of storage, you're just asking those administrators to have that wild deleting party and put it on your tab. The idea is to set it up so those boneheads don't know you're counterexploiting them for free file storage. Since they're giving you space in hopes of profiting off of you in one way or another, you have to make it look like you're just another webpage slave so they'll stay off your back.

Part One: Ground Cover

Before you even think about dumping files into the account, you will have to set up at least an index.html page so you appear to serve some worthwhile purpose to the FWP, as well as gets rid of the telltale "Directory listing of /" that otherwise showcases all your contraband files. It doesn't have to be anything too elaborate, a simple "newbie page" will suffice for now. Newbie pages are cheap, slapped-together-in-15-minutes homepages typical of new Web writers who haven't fully mastered HTML or decided yet what their site's going to be about. Pictures of your pets, useless personal trivia ("My favorite colour is purple, I have a goldfish named Silver and I like spanish olives..."), "under construction" logos, complex email-me animations (stolen, of course) featuring letters folding themselves into paper airplanes and being swallowed by mailboxes or whatever, a handful of broken/outdated links and a low/broken counter are priceless earmarks of newbie webpages. If you want to keep the account more permanently, consider crafting yourself a small, content-containing website on the subject(s) of your choice ("deformed Alaskan bullfrogs", etc.), of maybe 5 interlinked pages or so, that you can upload as cover for any filez account you create.

Don't know HTML? No problemo! A number of FWPs have an online pagewizard of some sort, that will let you create an inane-looking, poorly-coded homepage that just screams newbie (using the online editor will invariably create for you the perfect "clueless newbie" look, no matter how much HTML prowess you may have). Yes, you may want to try the editor even if you're an HTML pro...what FWP is going to suspect the clueless newbie for account violations?

Part Two: Obfuscation and Camouflage

You're at the point now where you've got a couple FWP accounts out there in the ether and have plastered your five-page "Stuffed Talking 'Yo Quiero Taco Bell' Chihuahuas Are Really Nifty" site into each of them as a diversion from all the files you're about to dump there. You have a very important task at hand now. This being to provide full, unrestricted access to yourself and your friends (whomever you care to share your cyber booty with) while at the same time keeping nosey websurfing lusers, Community Leaders, the server admin, etc. as far off the trail as possible. By using the following tricks and tactics, you can hide your contraband files more-or-less transparently and with little hassle.

Basic obfuscation techniques

Finally, we get to the part where you drop off your files! I've been saying throughout this entire document, "Not yet!"...but I mean come on, your files account isn't very useful if there are no files in it. So how do you disguise your files so they don't look like contraband?

To start off with, you need to know a little about file extensions. (Unless you're a complete newbie luser you should know this, but file extensions are the .xyz or whatever at the end of a filename that tell the computer what kind of file it is.) Common extensions on the internet are .htm/.html (webpages), .gif (compressed images), .jpg (high-colour compressed images), .wav (audio), .bmp (big fat uncompressed pain-in-the-ass-to-download images)...you get the idea. Some of the files you'll probably want to store include .exe (runnable programs), .zip (compressed archive files), and of course .mp3's (if you don't know what these are by now, I'm not gonna tell you). Unfortunately, these are among the "raciest" of files, the kind that make server admins' blood boil when they find a bunch of 'em being stored in the webspace account that is supposed to be making them all sorts of free money. When a server admin sees .exe or .zip, a lightbulb comes on over their heads and they say "Yep, warez!". When they find a directoryfull of MP3 files, they assume "Illegal, Pirated, Bandwidth Hogs!"...even if they're recordings of your own band, doesn't matter. But regardless of the il/legality of your files, to the FWP administrator, they're just pretty much sitting there like lumps of lead and not making the FWP any money. It can be safely assumed that any type of file that sits there and doesn't make the FWP any money is bound to make the administrator very, very unhappy.
So what do we do? We trick that pesky administrator. We all know that a bunch of humungous .zip files collecting dust in a hidden directory are going to wind up collecting dust in the dustbin...but what if he thinks the files are there to attract eyeballs to advertisements? See, you have to think like a greedy FWP. Take those huge .zip files, rename them all to .wav, for example, and throw them in there. Next, make a page to fit in with that little phony site you whipped together...if you use the "deformed Alaskan bullfrogs" example above, make a page of "Click on these files to hear genuine bullfrog mating calls!"...then a bunch of links to your (teehee) .WAV files which you have of course given innocous names like long_northern_male_ribbit.wav, etc. Now whenever you want your files, go to your Mating Call Sounds page, save those (snicker) .WAV's to disk, and change the extension back to what it was! Anyone else surfing onto your pages will see an innocent-looking page of (yawn) bullfrog mating calls...in the unlikely event that your hapless surfer actually wants to hear (yawn) bullfrog mating calls, they'll click on one of your ".wav"s and get some kind of "file is corrupt" error. Not exactly pretty, but on the other hand, do you really suppose Geocities et al will kick you out for having dead links?
Avoiding those "risky" file extensions is not only to fool the dumbass administrators, though. It's also to dupe any nosey bots, spiders, scripts, whatever you want to call them that search thru members' accounts for these types of naughty files (usually MP3s, but porno graphics and large video files may also be targeted) and report back to said dumbass with their findings. If you're paranoid about "spyders" flagging your files or some luser complaining that your .wav's don't work, it isn't too difficult to come up with your own (bogus) filetypes and extensions--be creative!. Say I want to leave myself some files....

Awesome Webbware Files!
These are hilarious audio files for WebbPlayer 3.0...

bob_dole_battles_impotence.webb
No_ossifer_im_sotally_tober.webb
bill_gates_meets_the_devil.webb
etc., etc....

Now unless that FWP dope has WebbPlayer (of course he doesn't, I just made it up!), how in the hell is he going to know whether these files are in a valid format or not?

More basic obfuscation

Bugman Most, if not all, FWPs require that every file you have be linked in an HTML document; this is to keep leeches like you from using your account as your own personal storage locker for large files. There are most likely some kind of automated spyder processes that go around looking for unlinked files. Additionally, most FWPs explicitly forbid private or password-protected pages. Despite this "full disclosure" policy on your account, it's still easy to keep your files relatively private while not technically breaking any of the rules regarding private files.
The ol' Link trick: Say I made a really long, innocent-looking link to any old page on my site. Suppose this link stretched accross one or t wo lines! A normal websurfer would click on it (or not) to get whatever page it links to, and think nothing of it. But, look carefully at this link. Run your mouse all over it, and see if you notice anything odd about this link. Did you find it? If not, click on the "t" in "two". Surprise! You might have found it because I told you to look for it...but do you think any old slackass surfer would've noticed? Statistically, the odds of a surfer clicking in the right spot by pure chance are near nil. There are of course some general pointers for using this trick successfully: Set your link, vlink and alink to the same colour! On most pages, virgin links are blue in colour and ones that have already been visited turn purple. So, if your surfer clicks that link, and all of it turns purple except for one letter, this obviously blows your cover. If you want to get really fancy, use a Javascript OnMouseOver command to further camouflage your hidden-file link. For this you just make your hidden A HREF tag as usual, and add the necessary JavaScript to the tag to make the hidden link behave just like the one it's hiding in. Your completed tag would look something like <A HREF="hiddenfile.zip" onMouseOver="parent.window.status='http://same_text_as_other_link';return true" onMouseOut="parent.window.status=' ';return true">. If you don't know how to use JavaScript, you can just stick to the links; it's fairly well hidden as it is.
Fun with Imagemaps: There is another easy way to construct a link that no-one will find. Put it in an imagemap! This allows you to link a file with very little chance of random surfers happening across it. If you don't know how the imagemap thing works, just click on Bugman's left nostril above. The idea is to make a teeny tiny hidden hotspot in an image, and tell your friends where exactly the clickable spot is. Be sure to set border=0 to get rid of that telltale blue box around the image that tells the whole world there's links in it. Generally, a bigger image will be harder to find the hidden link in, and more commonplace Web graphics (below) will raise little suspicion.

Semi-related: check out sonofsamiam's ~~link spunking~~ page.

Advanced Obfuscation Techniques involving CGI/Perl and JavaScript

For added security and convenience, you may want to add a little JavaScript to jazz things up and provide easy file access to your friends while keeping things hidden from the everyday luser. There are thousands of ways to provide selective access to your files with JavaScript; I'm not going to try and cover every possible way (this is just a page on getting free filespace; it's not here to teach you people JavaScript!) but here's a brief example of using JavaScript to hide files from everybody but your buddies.

Another goodie to have is a domain-banning CGI script to keep unwanted eyes out of your account. "Unwanted eyes", of course, refers to your friendly FWP admins and narcs. A domain-banning script looks and sees where every visitor's connection is from, and kicks them out if they are on the list of people you don't want prying in your files, e.g. if you have your naughty account on tripod.com, it kicks out any unprivileged Tripod employees/narcs (anyone viewing from tripod.com) or hides all your naughtybits from them. Domain-banners are also useful for ejecting known censors from controversial pages you may post, or keeping enemies/competitors/harassors at bay.

NB: Naturally, if you store files on a machine, the people who have physical access to the box can access your files locally, and your CGI won't even see them! You'll have to be content with booting out lower-level or "unpriveleged" folk (narcs often fall into this category) who must access over a network connection.

More Advanced (31337) File Obfuscation and Camouflage

Going beyond the basics and even beyond some of the more advanced file-hiding methods, this stuff is reserved for the truly dedicated leech. Some of this stuff will be beyond the scope of the everyday FWP counterexploiter...but for those who need the best protection intelligence can buy, delve into...

Eleet Obfuscation