IEEE Internet Computing
Protecting browser state from web privacy attacks
Proceedings of the 15th international conference on World Wide Web
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
Defeating script injection attacks with browser-enforced embedded policies
Proceedings of the 16th international conference on World Wide Web
Cryptographic strength of ssl/tls servers: current and recent practices
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Sessionlock: securing web sessions against eavesdropping
Proceedings of the 17th international conference on World Wide Web
Static detection of cross-site scripting vulnerabilities
Proceedings of the 30th international conference on Software engineering
Top 10 Free Web-Mail Security Test Using Session Hijacking
ICCIT '08 Proceedings of the 2008 Third International Conference on Convergence and Hybrid Information Technology - Volume 02
Action-Based Access Control for Web Services
IAS '09 Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 02
Exploring the ecosystem of referrer-anonymizing services
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Hi-index | 0.24 |
Hotlinking is a web behavior that links web resources on a hosting site into a webpage belonging to another site. However, unauthorized hotlinking is unethical, because it not only violates the interests of hosting sites by consuming bandwidth and detracting site visiting traffic but also violates the copyrights of protected materials. To fully understand the nature of hotlinking, we conduct a large-scale measurement study and observe that hotlinking widely exists over the Internet and is severe in certain categories of websites. Moreover, we perform a detailed postmortem analysis on a real hotlink-victim site. After analyzing a group of commonly used hotlinking attacks and the weakness of current defense methods, we present an anti-hotlinking framework for protecting materials on hosting servers based on existing network security techniques. The framework can be easily deployed at the server-side with moderate modifications, and is highly customizable with different granularities of protection. We implement a prototype of the framework and evaluate its effectiveness against hotlinking attacks.