Hot-linking Countermeasures
INTEGRATION SERVICES FOR WEBSITE SECURITY

Hot-linking is a method where a site includes links to resources like images from another site. It is used extensively and relies on weaknesses of the HTTP protocol. Hot-linking is done for various reasons including image copying/theft, bandwidth consumption to generate Denial of Service (DOS) attacks, Cross Site Scripting (XSS) and phishing attempts, as well non-intentional and authorized resource usage. For the aforementioned cases here are few details along with examples.

Authorized usage
Authorize usage is when the site owner has agreed to such resource usage by external sites. An example is when the site owner uploads a prototype software with an advertising logo or image to the target site where the later can promote this particular product or service. Other methods like certain popular sites that offer an exclusive service (ex: live chat) may also fall into this area/category. Sharing images across servers like advertising banners is a legitimate marketing avenue where the creator of an image has made an agreement with a marketing company.

Non-intentional usage
Non intentional use s when someone hot-links a resource with a purpose of indicating a problem and has no intention of abusing or stealing the work of someone else. Such examples can be found across the web for instance in a forum where someone may post questions about a product of a specific manufacturer and he hot-links as there is a specific copyright in place where the duplication or using an image on another site is prohibited. As a consumer such a person may need to get advice or information for this particular product and a link to the image may seem appropriate. We consider this case as lack of understanding of the consequences of hot-linking.

Denial of Service
DOS or denial of service using Hot-Linking can be complex but the aim in this case is to consume resources like server bandwidth. The attacker may use compromised systems or other methods to upload a script or directly the images to many sites. (Forums, Blogs or other places where the public can gain access and the content is directly displayed) are prime candidates. In the simple form the image is displayed directly therefore with every page visit a resource (like an image) is loaded automatically from the original server causing the bandwidth consumption. When using client-side scripts instead (assuming the target site permits those), the attacker can further coordinate his efforts and devastate the original server's resources. Many dedicated servers today offer an additional insurance against DOS at an extra fee.

Cross Site Scripting
Cross site scripting cases take place when client-side code like javascripts are used in conjunction with resources like images. Such images may offer a certain confidence level to the visitor. While the resource (image,mp3 etc) comes from the original server another layer of scripting code controls the image link itself. The aim here is to explore weaknesses on the original server towards the database, file structure, parameter passed with the links and many more and eventually gain access like administrative, super-user or account access to the original site. Such exploits for instance  may target popular eCommerce sites where the customer account details may then be used for fraudulent transactions.

Resource Copy Theft
Resource copying takes place when the resources from hot-linking methods are used for illegal gain. An example of this case is when someone advertises and sells an image from his site, while hot-linking it to the original server.

Many methods are available today using server scripts or attempting to recognize the HTTP headers to avoid hot-linking. Such methods are ineffective and do very little to protect the site owner. The referer, user-agent or any other header can be manipulated from a variety of tools available today. Here is an example of an extension available for FireFox.

http://modifyheaders.mozdev.org/

A plethora of similar methods and plugins are available today, for various browsers, where the user for security purposes may very well install and use them. Hiding headers that convey private information (for instance what site a visitor comes from or the browser's name) is highly recommended. 

Reversing the effects of hotlinking
Asymmetric Software has created a protection system against non-authorized hot-linking that operates at the PHP level of an e-commerce store. A module that can be controlled by the eCommerce administrator and fully reverses the side-effects of hot-linking. This method does not rely on HTTP headers and offers high protection against hot-linking. It can be configured from the administrator level to perform various tasks among them reversing the effects of hot-linking to favor exposure of the original site and create problems for whoever hot-links a resource.

It is implemented for the I-Metrics Layer and the osCommerce MS2.2 engine. We will briefly explain the principle and its operation here using the image resource along with products of an eCommerce store as an example.

The way the module operates is this. Images deemed by the store-owner as copyrighted, or those that must not be hot-linked, are first removed from the regular images folder. Such image folders are typically set where the product images are stored. Instead, the images are stored outside the web root of the server, or in an unknown to the public folder within the root of the domain.

The tep_image function can then be altered to contain a secondary layer of processing such that all product images are filtered through it. The tep_image function is already used for all images within the store so when following the standard guidelines such a method can be achieved with minimal coding effort.

The tep_image function by default generates the HTML image code upon exit. If instead a php script is used to invoke the image upon request, every single image that passes through that function is altered with the PHP script appended. To better grasp this principle you should consider how a thumbnailer module operates and hooks at the tep_image function.

Many modules are available for osCommerce under the contributions section to study this approach. The difference here is that the additional layer is invoked always and can take into account thumbnails as well as watermarks if necessary so the finalized image remains as is (in other words its output is generated as desired by the store owner). Different customization can be added to the base code depending on the store requirements.

As a result and in its simplest form, the secondary layer copies and simply displays the original image only when the correct parameters are given. Different configuration options from the administrator's end, can take advantage of hot-linking of incorrect parameters and in its advanced form this module may redirect or utilize the hot-linking traffic to service and benefit the eCommerce store owner, boosting his site exposure and/or bringing havoc to the external site that hotlinks resources. That is achieved regardless of HTTP headers as mentioned earlier.

The secondary layer can be expanded and emit any client-side content or code necessary which can even render the hot-linking site useless for browsing. The only solution the hot-linker has is to remove the hot-linked resources.

This solution does not affect the cache modules, it is transparent to visitors and search engines through its highly efficient algorithm. It benefits both the eCommerce site owner, as well as the unaware administrator of the site that hot-links. In a non-intentional use case, an administrator will be alarmed by the side effects and will rectify his software to prohibit or discipline his own users from repeating such attempts.

You should also be aware that some tips circulate for handling images suggesting to split an image into smaller ones. This kind of procedure can damage the site's optimization because images are used as links. Therefore splitting an image into smaller segments requires a link beneath each smaller image. Also using product images as backgrounds does not change anything because the locations are references in the stylesheet. Automated scripts can easily pull this information out of the resource files and download the images.

Review: Hot-linking Countermeasures
Please enter your comment for this technical article based on your experience.

NOTE: HTML is not translated. Reviews are manually approved by the administrator.

Tags supported for code presentation purposes:
- For PHP enclose the code in [code1][/code1] tags
- For MySQL queries use [code3][/code3] tags
- For HTML content use [code5][/code5] tags
- For CSS use [code6][/code6] tags		  
Your Email (Will not be published):
Your Name:
Your Comments:
Rate it:  BAD GOOD

Blog and News

The CheetahMail Spam Internal Links Structure Blind Redirects and Exploits
 
Customer FAQ |  Version Descriptors/Notation |  All E-Commerce Services | Blog and News | Sitemap
 
E-Commerce Modules and Services
 
Terms of Use |  Delivery Schedule |  Cancellation Policy |  Service Requests |  Maintainance Services |  Contact
 
 
I-Metrics Layer by Asymmetric Software
E-Commerce Engine Copyright © 2003 osCommerce (MS2.2)
Copyright © 2003-2012 Asymmetric Software - All rights reserved.
 
 
  Advanced Search
E-Commerce by Asymmetric Software - Innovation and Excellence
  • LOG IN
  • CREATE ACCOUNT
Now Browsing: Hot-Linking Countermeasures
Abstract Zones enhances the products management of your eCommerce store
 
 
Hot-linking Countermeasures Sitemap