How to stop click jacking on your site #HackerSeries

By IT Security
Click jacking on your website

Click jacking is a hacking technique whereby a user is tricked into clicking something that they otherwise would not have clicked. Let me give you an example. Have you ever been onto a video streaming website where the red cross in the top right of the video player does not cause it to close? Well, this is an example of a click jack – it can cause a piece of malware to be downloaded, turn on your web cam and plenty of other things.

Generally, click jack websites are a spoof of a well known website with a slightly different URL (that most people won’t notice). This can be done through the use of iFrames with buttons, text and images overlayed over it.

Facebook is actually a source of a lot of click jacking. Have you ever seen the sort of story pop up “You won’t believe what this girl did….”, well, some of these links will present a user with a CAPTCHA which, once completed, will mean that the user likes / shares the story. It’s a great (but completely immoral) way to obtain lots of user details (name, date of birth, location….).

If you’re worried about your website being click jacked, there is a solution. Tools such as X-Frame will help you to stop click jacking being successful. Essentially, you can restrict how your web page can be iFramed and you can also force the framed window to be the most top level window (reducing the effectiveness of overlay items).

Image used under creative commons

This article was brought to you by Netshock. Netshock is your technology blog, providing technology news, guides and insight.

Tagged under:

2 Comments

  • Andrew

    These are the worst, and so annoying! I didn’t know that there was a way to get rid of them, but I am glad that I read this post. I am sure everyone will agree that nothing is worse than pop ups and spammy ads. Thanks!

  • Mandy

    Click jacking is horrible, and beyond irritating. I definitely want to prevent it and make it stop if possible. Thank you for your info!

Comments are closed.