For your Web page, here’s strong anti-framejacking and anti-clickjacking code, which has been tested and currently busts nasty frame-jackers such as In.is (aka Linkis). As such these snippets may be useful for journals and other academic services, to prevent legitimate content from being hijacked and surrounded by frames advertising ‘essay-writing services’ or predatory publisher services or worse.

Source: Stanford Security Lab via a recent blog post by Zipline Interactive, where there’s also additional defensive code to add to your website’s root .htaccess file (if you have FTP access and your host will allow upload of a changed .htaccess)…

Header set X-Frame-Options SAMEORIGIN

The .htaccess code is ‘as well as’, serving as a second line of deeper defence, and is not required for the first code suggestion to work in your Web page. Most modern Web browsers understand the self-explanatory SAMEORIGIN command when they hear it from a website.

Those with a hosted WordPress blog or journal may also want to consider the Frame Buster plugin. So far as I know there’s nothing similar for the Open Journal System (OJS) or Omeka or similar academic content plug-and-play systems. But perhaps there should be, if they don’t already have such counter-measures baked in?

Advertisements