Clickjacking and Its Prevention

Maybe you ever seen a download page with many of download buttons and you are confused to choose which one the correct button. But, when you click the wrong button, it redirects you to another page which is not expected. It's a not big deal if that page just shows you a advertisement, but it will be a big problem if that page has a malware and your computer going to be infected. So, you have to know about click jacking and beware about it.

Clickjacking Victims

What is the worst thing from clickjacking? There are many worst things that caused by clickjacking and I know you ever been experienced about this scenarios :

1. When you are infected by clickjacking, your facebook account is going to share a unexpected link to your newsfeed without your permission.
2. Your twitter account is going to follow a stranger twitter account.
3. Your webcam will be turned on automatically then capturing a photo or recording a video without your notice and send that captured video/image to anyone who create that link.

There are other scenarios that can be happen when you click the infected link. Clickjacking can be combined with other techniques like phising and it will harms the user.

How does it work?

Basically, some scripts or codes are inserted into a link and when it's clicked, that scripts/codes will be executed and user's computer will takes an action without user's notice. For example, you may see this below picture :

Above picture will tempts user to click it, doesn't it? So, when you or other user click above button, some hidden scripts or codes will trick you and all unexpected scenarios will be happen to user. For better illustration, you may see this picture below :

With above picture, you can understand that in "Claim your FREE iPad" button has been inserted with "Facebook Like" script by attacker. So, without user's notice, they will like some facebook page as attacker wish and maybe attackers will gets any financial profit.

Prevention From Website Owner

Clickjacking prevention can be done from website owner side who doesn't want his website as a clickjacking target. There are many ways to prevent it :

1. Website owner can create some confirmation code for user which click some button. For example in javascript code, you can create confirmation for button action with alert(); or confirm();.
2. Website owner can give a some captcha if his website has some polling or data input fields.
3. Website owner can create his website can not be shown in frame with add this code : "<style>html{display:none;}</style><script>if (self==top) {document.documentElement.style.display = 'block'}else {top.location = self.location;}</script>". This code is used for showing the page always on top.

Prevention From User 

The easiest way to prevent clickjacking especially for common user is user can installs browser plugin or extention which have a ability to block clickjacking. You may download No-Script extention for Mozilla Firefox from this link and for Chrome from this link
. Also, user should always updates his browser to fix all security bugs and vulnerabilities. But, the strongest way is your own awareness because all disadvantages from clickjacking are caused  by users them self. In my country, Indonesia, we have own quote that is "Kejahatan bukan karena niat pelakunya, melainkan karena ada kesempatan dan kelengahan" if in english is "Crimes are not always from

the intention of offenders, but because there are chances and inadvertence".