Hacking a Website with just a backlink
Go and Fix it Quickly :P
Your website can be hacked if it has a backlink to a malicious website.
Let's say you have added a backlink to a great website for whatever reason. But for some reason, they closed the shop and that domain was available for sale OR somehow a hacker got control of that domain.
The screenshot of expired domains shows that there are many domains with millions of backlinks to them. If a hacker gets hold of some domain which has a backlink from a legitimate site, and Boom !!
Their users are vulnerable to this kind of hack. Even a simple email ID theft can also cause larger damages.
Really !! How?
This is interesting. When a page is opened via a backlink provided it has the context of parent page via window.opener property.
That malicious website can do anything like
- Accessing the cookies
window.opener.document.cookiewill get access to all the cookies - Manipulating the DOM
- Replace it completely with a similar page and do Phishing !!
window.opener.location = www.something-similar.com
The Options are endless.
Ugh !! How to fix it?
To prevent it from happening, when adding a backlink you should also add rel='noopener'
<a href="external-site.com" target="_blank" rel="noopener">Reference</a>
How did this work?
It removes the reference to the parent page. When the malicious website tries to access it, it returns 'null' and your website is saved from those prying eyes of hacker.
To know more about all the options for the 'rel' property
https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/rel
