Rich Kahn is CEO of eZanga.com.
By now magazine publishers have expanded their properties to the web, providing readers a fast, easy way to access content. Though it provides another funnel to increase readership and sell ad space, it also opens the door to more risks. The harsh reality is that the internet is a breeding ground for fraudsters who constantly scheme of illicit ways to scam publishers and advertisers.
A recently discovered threat is coming from software carefully hidden within browser plugins. Internet users download these extensions, and the corrupted software then takes control of their devices. From there, the hijacked browsers can do just about anything developers can dream up, including injecting scripts into your site to make it easier to hack, and stealing money from your advertisers through click-fraud.
According to Ziff Davis CEO Vivek Shah, about 36 percent of all online traffic is fake. Pretty scary, right? But besides frightening us, this statistic also springs a few questions. HOW are fraudsters doing this? And, HOW can they be stopped?
Well, the answers can get a bit complicated. Click fraud isn't a one-trick-pony; it comes in many different forms. And so there are multiple defensive strategies that can be applied to prevent further damage or a disaster.
Where Bad Traffic Comes From
Simply put, this problem starts with the people who matter most: your visitors. Each year, millions of machines become slaves to botnets simply due to the fact that users download software from questionable sources. One can only know if they're affected by checking active plugins and extensions, but, regrettably, many don't do that often enough.
Why wouldn't users simply update their browsers and eradicate this? Unlike most malware, newer threats are tailored to fool users into thinking everything is running smoothly when, in reality, their browser is compromised. The software doesn't interfere with their machine, or slow it down, leaving them oblivious to its existence.
What Publishers Can Do to Protect Their Sites
Fortunately, there's a solution where publishers don't have to rely on the common internet user's cognizance of browser protection. As the old saying goes, "If you want something done right, you have to do it yourself," and that's exactly what publishers need to live and die by in order to protect their sites.
Website owners have tools running on their webservers that are capable of declaring document headers and tightening up security. All they need to do is specify them to log the threats and prevent them from running on the user's machine while visiting their sites. As responsible website owners, it's a duty to strengthen security to certain standards to stop this problem.
This security, or a CSP (Content Security Policy), is based on some of the built-in protection that browsers already have. It allows the website owner to instruct the browser of which behavior is expected, and can be used to enforce their policy. Website owners simply decide what to turn on and how they want to use it.
Be that as it may, it's easier said than done. However, there are a few resources that explain the implementation of this on your website. Each webmaster may want to personalize the use of these protections, but they can still look at other sites and see how others use and integrate them. For instance, a great starting place to learn about Content Security Policy is found here.
For those who want detailed technical information, this is a great resource as well.
A good webmaster can read through the material, spend time deciding what's right for their site, and have policies in place within a day or two.
It's highly suggested to log everything before enforcing the policies, so you can see everything going on within your website. You'll be surprised! From there, you can then decide the best course of action.
Looking Forward
As threats continue to grow, it's important that common internet users exercise caution and consistently update their browsers. If they fail to do so, they leave themselves vulnerable to becoming part of a bot farm, and can potentially cost publishers and advertisers a lot of money.
Likewise, it's imperative that publishers make sure to always monitor online security, both on the hardware and software side. If you aren't frequently checking for breaches in security, your traffic could become corrupted, and you may never even know it.
Online security threats are like bacteria; as they evolve, they learn to adapt to defenses and become harder to prevent. In order to suppress them, we need to be more aware of the hidden threats that lurk about the web, and perform more due diligence in securing our properties from them.
Richard K. Kahn, CEO of eZanga.com, has been a leader in the online advertising and publishing industry since 1993. He founded eZanga in 2003. You can find him here: rich@ezanga.com | Twitter: @richkahn
- Categories:
- Web Strategy
Richard K. Kahn, CEO of eZanga.com, has been a leader in the online advertising industry since 1993. He founded SEM and search engine eZanga in 2003. Over the past 15 years, Rich has specialized in all areas of the Industry. In 1993, he organized and wrote an e-magazine that later transitioned into his next endeavor, the First Street Corporation, an Internet Service Provider. Mr. Kahn operated the First Street network out of his home and managed the customers and sales from an office nearby. In 2000, he sold the company to a publicly traded organization. In 2001, Rich joined AdOrigin Corp., a pay per click advertising network, as the COO.