Answer

Learning from the MySQL.com hack: How to stop website redirects

Hackers recently took control of Oracle's MySQL.com and installed a JavaScript code on the site that redirected visitors and attacked their systems with a BlackHole exploit kit. Is there any way to prevent websites from automatically redirecting?

    Requires Free Membership to View

In a bold attack earlier this year, malicious attackers were able to plant malware on Oracle Corp.'s MySQL.com website so visitors would become infected simply by visiting the site's homepage. Upon visiting the site, users' browsers were automatically instructed to load JavaScript redirects to third-party URLs that served up dangerous malware.

There are ways to disable or block JavaScript redirects on the client side by using browser plug-ins like Noscript, or you can disable JavaScript in the browser. Potentially, you can also use a more general browser security tool that might be included in a host intrusion-prevention system (HIPS) or antimalware suite to block JavaScript redirects. You could also use a Web proxy and potentially block redirects from the network.

Unfortunately, disabling JavaScript won’t stop website redirects entirely, like the one used in the MySQL.com hack. A Web server can be configured to redirect webpages by issuing a HTTP 3xx redirect command and sending a browser to a different website. There is even an HTML tag for meta-refreshes that can generate a redirect. However, many popular websites now perform URL shortening, which is a form of redirection, so you may want to evaluate if blocking redirection is worth the effort given the functionality trade-off.

If your endpoints are hardened against malware attacks, the minimal information security risk from a website redirect should not significantly increase the number of malware infections.

This was first published in November 2011

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: