Broken Link Hijacking - Click and Protect

You might think of broken links on your website as just a tiresome chore to fix, that you’ll get around to ‘one day’ … but they could become a security risk.

No doubt your website links to other web pages and other external resources. Maybe a PDF or two; maybe a video. That’s generally seen as useful for your visitors, and therefore good for search engine optimisation (SEO).

However, if the owner of one of those resources you’ve linked to lets that domain expire—perhaps they got taken over, or went out of business—then your link now goes nowhere. It’s broken.

That’s a nuisance for a visitor who is interested in that useful resource you linked to, and is potentially brand-damaging. If elements of your website are broken, it reflects badly on your company. Unfairly, perhaps, but it does.

But there’s more to it than that: if someone with bad intentions then buys that domain name, they could turn it into a malicious site… which you are linking to, and sending visitors to. That site could trick your visitor into giving away sensitive information, or installing malicious software.

That’s even worse for your reputation, with customers and with the search engines.

If it had been a link to an image that you had been displaying on your site, that image could be replaced with something offensive, that would definitely damage your reputation, and/or get you in legal trouble.

And even worse: if that link had been calling a script, an attacker could replace that script with one of their own choosing, that would run every time somebody loaded your website page.

That could potentially be very bad. The attacker could:

Capture passwords or other sensitive information from your visitors.

Get access to a visitor’s account.
Add content to your site (such as ads—or even more unpleasant things).
Send your visitor somewhere unexpected.
And, they may be able to find vulnerabilities to exploit in your visitor’s browser.

There are preventative measures you can take, such as:

Hashing the resource, and verifying it—only loading it on your site if it hadn’t changed since the page was published.
Adding a Content-Security-Policy HTTP header to restrict which domains resources could be loaded from—any others would be blocked. This wouldn’t solve the problem of a trusted domain going down, of course…
And, perhaps most importantly, setting up a routine check for broken links (and then fixing them quickly).

Need some help? Contact us or call the Click and Protect team on 0113 733 6230.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

You might also be interested in: