U.S. patent application number 14/290805 was filed with the patent office on 2015-12-03 for selectively protecting valid links to pages of a web site.
This patent application is currently assigned to Shape Security, Inc.. The applicant listed for this patent is Shape Security, Inc.. Invention is credited to JUSTIN CALL, SUBRAMANIAN VARADARAJAN.
Application Number | 20150350213 14/290805 |
Document ID | / |
Family ID | 54703138 |
Filed Date | 2015-12-03 |
United States Patent
Application |
20150350213 |
Kind Code |
A1 |
VARADARAJAN; SUBRAMANIAN ;
et al. |
December 3, 2015 |
SELECTIVELY PROTECTING VALID LINKS TO PAGES OF A WEB SITE
Abstract
In an embodiment, a method comprises intercepting, using a
server computer, a first set of instructions that define a user
interface and a plurality of links, wherein each link in the
plurality of links is associated with a target page, and the
plurality of links includes a first link; determining that the
first link, which references a first target page, is protected; in
response to determining the first link is protected: generating a
first protected link that is different than the first link and
includes first data that authenticates a first request that has
been generated based on the first protected link and that
references the first target page; and generating a first decoy link
that includes second data that references a first decoy page and
not the first target page; rendering a second set of instructions
comprising the first protected link and the first decoy link, but
not the first link, and which is configured to cause a first client
computer to present the first protected link in the user interface
and hide the first decoy link from the user interface; sending the
second set of instructions to the first client computer.
Inventors: |
VARADARAJAN; SUBRAMANIAN;
(San Jose, CA) ; CALL; JUSTIN; (Santa Clara,
CA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Shape Security, Inc. |
Mountain View |
CA |
US |
|
|
Assignee: |
Shape Security, Inc.
Mountain View
CA
|
Family ID: |
54703138 |
Appl. No.: |
14/290805 |
Filed: |
May 29, 2014 |
Current U.S.
Class: |
713/189 ;
726/29 |
Current CPC
Class: |
H04L 63/1416 20130101;
G06F 2221/2123 20130101; G06F 21/50 20130101; G06F 2221/2119
20130101; H04L 63/168 20130101; H04L 63/06 20130101; G06F 21/6218
20130101; H04L 63/1491 20130101; H04L 63/10 20130101; H04L 67/02
20130101 |
International
Class: |
H04L 29/06 20060101
H04L029/06; G06F 21/62 20060101 G06F021/62 |
Claims
1. A method comprising: intercepting, using a server computer, a
first set of instructions that define a user interface and a
plurality of links, wherein each link in the plurality of links is
associated with a target page, and the plurality of links includes
a first link; determining that the first link, which references a
first target page, is protected; in response to determining the
first link is protected, generaing, for the first link, a first
protected link and a first decoy link that corresponds to the first
protected link; wherein the first protected link is different than
the first link and includes first data that authenticates a first
request that has been generated based on the first protected link
and that references the first target page; wherein the first decoy
link includes second data that references a first decoy page and
not the first target page., wherein the first decoy page includes
false information; rendering a second set of instructions
comprising the first protected link and the first decoy link, but
not the first link, and which is configured to cause a first client
computer to present the first protected link in the user interface
and hide the first decoy link from the user interface; sending the
second set of instructions to the first client computer; wherein
the method is performed by one or more computing devices.
2. The method of claim 1 further comprising: intercepting, from the
server computer, a third set of instructions that defines the first
link; determining that the first link defined in the third set of
instructions is protected; in response to determining the first
link is protected: generating a second protected link, wherein the
second protected link is different than the first link and the
first protected link, and includes third data that authenticates a
second request that has been generated based on the second
protected link; and generating a second decoy link that includes
data that references a second decoy page and not the first target
page; rendering a fourth set of instructions comprising the second
protected link and the second decoy link, but neither the first
link nor the first protected link, and which is configured to cause
the first client computer to present the second protected link in
the user interface; and hide the second decoy link from the user
interface; sending the fourth set of instructions to the first
client computer.
3. The method of claim 1 further comprising: determining that a
second link in the plurality of links is not protected; in response
to determining the second link is not protected, the step of
rendering the second set of instructions comprises rendering one or
more instructions that define the second link.
4. The method of claim 1 further comprising: receiving, from the
first client computer, a second request indicating that the first
decoy link was selected; in response to determining the first decoy
link was selected, generating a decoy page with one or more decoy
links, which when selected generate an additional request for an
additional decoy page with one or more additional decoy links;
sending, to the first client computer, the decoy page.
5. The method of claim 1, wherein the first protected link includes
a key, and the method further comprising: storing the key
indicating that the key is valid; receiving, from the first client
computer, the first request with the key indicating the first
protected link was selected; determining the key is valid; in
response to determining the key is valid, sending a second request
to the server computer for a set of valid data to generate the
first target page; generating the first target page with the set of
valid data; sending the first target page to the first client
computer.
6. The method of claim 5 further comprising: invalidating the key;
receiving, from a second client computer, a third request with the
key; determining that the key is invalid; in response to
determining that the key is invalid, generating a decoy page with
one or more decoy links that are configured to cause generating an
additional request for an additional decoy page with one or more
additional decoy links; sending, to the second client computer, the
decoy page.
7. The method of claim 6, wherein the first client computer and the
second client computer are a single computer.
8. The method of claim 1, wherein the first protected link includes
a key that is valid for an interim time, and the method further
comprising: storing a mapping between the key and the interim time;
receiving, from the first client computer, the first request with
the key for the first target page at a particular time; determining
that the key is valid when the particular time is less than or
equal to the interim time; in response to determining that the key
is valid, sending a second request to the server computer for a set
of valid data to generate the first target page; generating the
first target page with the set of valid data; sending the first
target page to the first client computer.
9. The method of claim 1, wherein the first protected link includes
a key that is valid for an interim time, and the method further
comprising: storing a mapping between the key and the interim time;
receiving, from the first client computer, a second request with
the key for the first target page at a particular time; determining
that the key is invalid when the particular time is greater than
the interim time; in response to determining that the key is
invalid, generating a decoy page with one or more decoy links that
are configured to cause generating an additional request for an
additional decoy page with one or more additional decoy links;
sending the decoy page to the first client computer.
10. The method of claim 1 further comprising: encrypting one or
more requirements to produce an encrypted set of requirements,
which identify a particular page from which the first protected
link is valid, wherein the first protected link includes the
encrypted set of requirements; receiving, from the first client
computer, the first request with the encrypted set of requirements
and identifying a previous page from which the first link was
selected; decrypting the encrypted set of requirements; determining
the particular page is the previous page; in response to
determining the particular page is the previous page, sending a
second request to the server computer for a set of valid data to
generate the first target page; generating the first target page
with the set of valid data; sending the first target page to the
first client computer.
11. The method of claim 1 further comprising: encrypting one or
more requirements to produce an encrypted set of requirements,
which identify a particular page from which the first protected
link is valid, wherein the first protected link includes the
encrypted set of requirements; receiving, from the first client
computer, a decoy request with the encrypted set of requirements
and identifying a previous page from which the first link was
selected; decrypting the encrypted set of requirements; determining
the particular page is not the previous page; in response to
determining the particular page is not the previous page,
generating a decoy page with one or more decoy links, which when
selected generate an additional request for an additional decoy
page with one or more additional decoy links; sending, to the first
client computer, the decoy page.
12. The method of claim 1 further comprising: encrypting one or
more requirements to produce an encrypted set of requirements,
which identify a particular page from which the first protected
link is valid and a particular time, wherein the first protected
link includes the encrypted set of requirements; receiving, from
the first client computer, the first request at a first time with
the encrypted set of requirements identifying a previous page from
which the first link was selected; decrypting the encrypted set of
requirements; determining the particular page is the previous page;
determining the first time is less than or equal to a the
particular time; in response to determining the particular page is
the previous page and the first time is less than or equal to the
particular time, sending a second request to the server computer
for a set of valid data to generate the first target page;
generating the first target page with the set of valid data;
sending the first target page to the first client computer.
13. The method of claim 1 further comprising: encrypting one or
more requirements to produce an encrypted set of requirements,
which identify an interim time, wherein the first protected link
includes the encrypted set of requirements; receiving, from the
first client computer, a decoy request at a particular time with
the encrypted set of requirements, indicating the first link was
selected; decrypting the encrypted set of requirements; determining
the particular time is greater than the interim time; in response
to determining the particular time is greater than the interim
time, generating a decoy page with one or more decoy links, which
are configured to cause generating an additional request for an
additional decoy page with one or more additional decoy links;
sending the decoy page to the first client computer.
14. The method of claim 1 further comprising: receiving a plurality
of source pages, wherein each source page comprises a set of
instructions, each set of instructions includes one or more links,
and each link in the one or more links references a targeted page;
storing, for each link in each source page of the plurality of
source pages, a link mapping between the link on the source page
and the targeted page that the link references; presenting one or
more link mappings in an administration interface to an
administrator; receiving, through the administration interface, one
or more inputs designating a particular link from a particular
source page to a particular targeted page as protected, wherein the
particular link has a particular link identifier; determining a
first link identifier for the first link; determining the first
link is protected by determining that the first link identifier
matches the particular link identifier.
15. The method of claim 1 further comprising: receiving, through an
administration interface, one or more inputs associating the first
link and a second link, wherein the first link references a first
targeted page and the second link references a second target page;
routing the first link with the second link; receiving the first
request based on the first link; determining that the first link is
routed to the second link; sending a second request to the server
computer for a set of valid data to generate the second target
page; generating the second target page with the set of valid data;
sending the second target page to the first client computer.
16. A computer system comprising: a processor; a memory; a
processing module configured to: intercept, from a server computer,
a first set of instructions that define a user interface and a
plurality of links, wherein each link in the plurality of links is
associated with a target page, and the plurality of links includes
a first link; determine that the first link, which references a
first target page, is protected; in response to determining the
first link is protected, generaing, for the first link, a first
protected link and a first decoy link that corresponds to the first
protected link; wherein the first protected link is different than
the first link and includes first data that authenticates a first
request that has been generated base on the first protected link
and that references the first target page; wherein the first decoy
link includes second data that references a first decoy page and
not the first target page, wherein the first decoy page includes
false information; render a second set of instructions comprising
the first protected link and the first decoy link, but not the
first link, and which is configured to cause a first client
computer to present the first protected link in the user interface
and hide the first decoy link from the user interface; send the
second set of instructions to the first client computer.
17. The computer system of claim 16, wherein the processing module
is further configured to: intercept a third set of instructions
that defines the first link; determine that the first link defined
in the third set of instructions is protected; in response to
determining the first link is protected: generate a second
protected link, wherein the second protected link is different than
the first link and the first protected link, and includes third
data that authenticates a second request that has been generated
based on the second protected link and that references the first
target page; and generate a second decoy link that includes data
that references a second decoy page and not the first target page;
render a fourth set of instructions comprising the second protected
link and the second decoy link, but neither the first link nor the
first protected link, and which is configured to cause the first
client computer to present the second protected link in the user
interface; and hide the second decoy link from the user interface;
send the fourth set of instructions to the first client
computer.
18. The computer system of claim 16, wherein the processing module
is further configured to: determine that a second link in the
plurality of links is not protected; in response to determining the
second link is not protected, render one or more instructions that
define the second link in the second set of instructions.
19. The computer system of claim 16, wherein the processing module
is further configured to: receive, from the first client computer,
a second request indicating that the first decoy link was selected;
determine that the second request is based on the first decoy link;
in response to determining that the second request is based on the
first decoy link, generate a decoy page with one or more decoy
links, which when selected generate an additional request for an
additional decoy page with one or more additional decoy links;
send, to the first client computer, the decoy page.
20. The computer system of claim 16 comprising a storage, wherein
the first protected link includes a key and the processing module
is further configured to: store, in the storage, the key indicating
that the key is valid; receive, from the first client computer, the
first request with the key indicating the first protected link was
selected; determine the key is valid based, at least in part, on
finding the key in the storage; in response to determining the key
is valid, send a second request to the server computer for a set of
valid data to generate the first target page; generate the first
target page with the set of valid data; send the first target page
to the first client computer.
21. The computer system of claim 20, wherein the processing module
is further configured to: invalidate the key; receive, from a
second client computer, a third request with the key; determine
that the key is invalid; in response to determining that the key is
invalid, generate a decoy page with one or more decoy links that
are configured to cause generating an additional request for an
additional decoy page with one or more additional decoy links;
send, to the second client computer, the decoy page.
22. The computer system of claim 21, wherein the first client
computer and the second client computer are a single computer.
23. The computer system of claim 16 comprising a storage, wherein
the first protected link includes a key that is valid for an
interim time and the processing module is further configured to:
store, in the storage, a mapping between the key and the interim
time; receive, from the first client computer, the first request
with the key for the first target page at a particular time;
retrieve the mapping from the storage; determine that the key is
valid when the particular time is less than or equal to the interim
time; in response to determining that the key is valid, send a
second request to the server computer for a set of valid data to
generate the first target page; generate the first target page with
the set of valid data; send the first target page to the first
client computer.
24. The computer system of claim 16 comprising a storage, wherein
the first protected link includes a key that is valid for an
interim time and the processing module is further configured to:
store, in the storage, a mapping between the key and the interim
time; receive, from the first client computer, a second request
with the key for the first target page at a particular time;
determine that the key is invalid when the particular time is
greater than the interim time based, at least in part, on the
mapping in the storage; in response to determining that the key is
invalid, generate a decoy page with one or more decoy links that
are configured to cause generating an additional request for an
additional decoy page with one or more additional decoy links; send
the decoy page to the first client computer.
25. The computer system of claim 16, wherein the processing module
is further configured to: encrypt one or more requirements to
produce an encrypted set of requirements, which identify a
particular page from which the first protected link is valid,
wherein the first protected link includes the encrypted set of
requirements; receive, from the first client computer, the first
request with the encrypted set of requirements and identifying a
previous page from which the first link was selected; decrypt the
encrypted set of requirements; determine the particular page is the
previous page; in response to determining the particular page is
the previous page, send a second request to the server computer for
a set of valid data to generate the first target page; generate the
first target page with the set of valid data; send the first target
page to the first client computer.
26. The computer system of claim 16, wherein the processing module
is further configured to: encrypt one or more requirements to
produce an encrypted set of requirements, which identify a
particular page from which the first protected link is valid,
wherein the first protected link includes the encrypted set of
requirements; receive, from the first client computer, a decoy
request with the encrypted set of requirements and identifying a
previous page from which the first link was selected; decrypt the
encrypted set of requirements; determine the particular page is not
the previous page; in response to determining the particular page
is not the previous page, generate a decoy page with one or more
decoy links, which when selected generate an additional request for
an additional decoy page with one or more additional decoy links;
send, to the first client computer, the decoy page.
27. The computer system of claim 16, wherein the processing module
is further configured to: encrypt one or more requirements to
produce an encrypted set of requirements, which identify a
particular page from which the first protected link is valid and a
particular time, wherein the first protected link includes the
encrypted set of requirements; receive, from the first client
computer, the first request at a first time with the encrypted set
of requirements identifying a previous page from which the first
link was selected; decrypt the encrypted set of requirements;
determine the particular page is the previous page; determine the
first time is less than or equal to a the particular time; in
response to determining the particular page is the previous page
and the first time is less than or equal to the particular time,
send a second request to the server computer for a set of valid
data to generate the first target page; generate the first target
page with the set of valid data; send the first target page to the
first client computer.
28. The computer system of claim 16, wherein the processing module
is further configured to: encrypt one or more requirements to
produce an encrypted set of requirements, which identify an interim
time, wherein the first protected link includes the encrypted set
of requirements, wherein the first protected link includes the
encrypted set of requirements; receive, from the first client
computer, a decoy request at a particular time with the encrypted
set of requirements, indicating the first link was selected;
decrypt the encrypted set of requirements; determine the particular
time is greater than the interim time; in response to determining
the particular time is greater than the interim time, generate a
decoy page with one or more decoy links, which are configured to
cause generating an additional request for an additional decoy page
with one or more additional decoy links; send the decoy page to the
first client computer.
29. The computer system of claim 16 further comprising: a
configuration module; a storage; an administrator computer
configured to: present one or more link mappings in an
administration interface to an administrator; receive, through the
administration interface, one or more inputs designating a
particular link from a particular source page to a particular
targeted page as protected, wherein the particular link has a
particular link identifier; wherein the processing module is
configured to: receive a plurality of source pages, wherein each
source page comprises a set of instructions, each set of
instructions includes one or more links, and each link in the one
or more links references a targeted page; store, in the storage,
for each link in each source page of the plurality of source pages,
a link mapping between the link on the source page and the targeted
page that the link references; determine a first link identifier
for the first link; determine the first link is protected by
determining that the first link identifier matches the particular
link identifier.
30. The computer system of claim 16 further comprising: a
configuration; an administrator computer configured to: receive,
through an administration interface, one or more inputs associating
the first link and a second link, wherein the first link references
a first targeted page and the second link references a second
target page; store a route from the first link with the second link
in the configuration; wherein the processing module is configured
to: receive the first request based on the first link; determine
that the first link is routed to the second link; send a second
request to the server computer for a set of valid data to generate
the second target page; generate the second target page with the
set of valid data; send the second target page to the first client
computer.
Description
FIELD OF THE DISCLOSURE
[0001] The present disclosure generally relates to security
techniques applicable to client/server systems, and relates more
specifically to selectively protecting links to pages of a web site
and determining whether to respond with the requested page or a
decoy page. SUGGESTED GROUP ART UNIT: 2447; SUGGESTED
CLASSIFICATION: 709/217.
BACKGROUND
[0002] The approaches described in this section are approaches that
could be pursued, but not necessarily approaches that have been
previously conceived or pursued. Therefore, unless otherwise
indicated, it should not be assumed that any of the approaches
described in this section qualify as prior art merely by virtue of
their inclusion in this section.
[0003] Web sites are typically comprised of a plurality of
inter-linking web pages, each containing public and proprietary
content to be presented to a user. Proprietary content may include
content created by a web site administrator, content provider,
and/or user. Proprietary content may include private, sensitive,
and/or personally identifying information about a person and/or
entity.
[0004] A user may traverse through web pages in a web site by
selecting links on various web pages. For example, on a social
networking web site, a user may select a link to a first friend's
profile page to see content related to the first friend. The first
friend's profile page may contain a link to a second friend, and
the user may select that link to view the second friend's profile
page.
[0005] Unfortunately, fraudsters, spammers, data miners, and others
may use bots to traverse web sites and collect the proprietary
content presented in each page. A bot may be a computer and/or
software executed by a computer that automates making requests for
page and storing data in the returned pages. For example, a bot may
be a web scraper, web crawler, automatic web browser, and/or any
other tool designed to submit and/or receive data from one or more
web servers autonomously and/or automatically. A bot may comprise
complex logic designed to respond to data received from one or more
web servers.
[0006] Malicious users may use bots to commit many types of
unauthorized acts, crimes or computer fraud, such as content
scraping, ratings manipulation, fake account creation, reserving
rival goods attacks, ballot stuffing attacks, password snooping,
web site scraping attacks, vulnerability assessments, and stack
fingerprinting attacks. As a specific example, a fraudster may
cause a bot to traverse through pages of a web site and collect
data, such as who is connected with whom on a particular social
networking web site. In the current example, the bot may generate a
social graph, following links from one person's profile page to a
connected, second person's profile page. The bot may also collect
personal information from each person's profile page.
[0007] Some web crawlers, however, are not malicious. For example,
search engines use web crawlers to find and index web pages on the
Internet. An administrator of a web site may want search engines to
index and link to various public pages on the web site. For
example, an administrator of a web site may want web crawlers to
find and index the web site's home page, help page, press release
page, and/or other public pages.
[0008] An administrator may wish to prevent malicious users from
attacking the site, while allowing legitimate users and search
engines full and/or partial access to both public and/or
proprietary data. However, determining whether the request for a
page is a legitimate request or malicious attack may be
difficult.
SUMMARY
[0009] The appended claims may serve as a summary of the
invention.
BRIEF DESCRIPTION OF THE DRAWINGS
[0010] In the drawings:
[0011] FIG. 1 illustrates a system comprising a server security
system, in an example embodiment.
[0012] FIG. 2 illustrates a process for intercepting a page from a
server computer, replacing one or more links with protected links,
inserting one or more decoy links, and determining whether to
respond to a subsequent request with the target page or a decoy
page, in an example embodiment.
[0013] FIG. 3A illustrates a process for generating a protected
link using a state-based intermediary, in an example
embodiment.
[0014] FIG. 3B illustrates a process for determining whether a
request is valid using a state-based intermediary computer in an
example embodiment.
[0015] FIG. 4A illustrates a process for generating a protected
link using a stateless intermediary, in an example embodiment.
[0016] FIG. 4B illustrates a process for determining whether a
request is valid using a stateless intermediary computer in an
example embodiment.
[0017] FIG. 5 illustrates a process for building a site map and
selecting links for an intermediary computer to protect, in an
example embodiment.
[0018] FIG. 6 is a block diagram that illustrates a computer system
600 upon which an embodiment of the invention may be
implemented.
DETAILED DESCRIPTION
[0019] In the following description, for the purposes of
explanation, numerous specific details are set forth in order to
provide a thorough understanding of the present invention. It will
be apparent, however, that the present invention may be practiced
without these specific details. In other instances, well-known
structures and devices are shown in block diagram form in order to
avoid unnecessarily obscuring the present invention.
[0020] Embodiments are described herein according to the following
outline:
[0021] 1.0 General Overview
[0022] 2.0 Example Network Topology [0023] 2.1 Browser [0024] 2.1.1
Objects [0025] 2.1.2 Links [0026] 2.1.3 Protected Links [0027]
2.1.4 Decoy Links [0028] 2.1.5 Decoy Pages [0029] 2.1.6 Differences
Between a Browser and a Bot [0030] 2.2 Web Infrastructure [0031]
2.3 Intermediary [0032] 2.4 Administrator computer
[0033] 3.0 Process Overview [0034] 3.1 Generating a Protected Link
in a Source Web Page [0035] 3.1.1 Generating a Protected Link using
a State-based Intermediary [0036] 3.1.2 Generating a Protected Link
using a Stateless Intermediary [0037] 3.2 Generating a Decoy Link
[0038] 3.3 Rendering and Sending a Second Set of Instructions to
the Client [0039] 3.4 Determining whether a Request for a Target
Page is Valid [0040] 3.4.1 Determining whether a Request is Valid
using a State-based Intermediary [0041] 3.4.2 Determining whether a
Request is Valid using a Stateless Intermediary [0042] 3.5
Responding to the Request [0043] 3.6 Including Additional Decoy
Links or Decoy Data Structures [0044] 3.7 Building a Site Map and
Selecting Links to Protect [0045] 3.7.1 Routing a Request From a
First Link to a Second Link [0046] 3.7.2 Setting Default Behaviors
[0047] 3.7.3 Deleting Link Mappings
[0048] 4.0 Implementation Mechanisms--Hardware Overview
[0049] 5.0 Other Aspects of Disclosure
[0050] 1.0 General Overview
[0051] In an embodiment, a method comprises intercepting, using a
server computer, a first set of instructions that define a user
interface and a plurality of links, wherein each link in the
plurality of links is associated with a target page, and the
plurality of links includes a first link; determining that the
first link, which references a first target page, is protected; in
response to determining the first link is protected: generating a
first protected link that is different than the first link and
includes first data that authenticates a first request that has
been generated based on the first protected link and that
references the first target page; and generating a first decoy link
that includes second data that references a first decoy page and
not the first target page; rendering a second set of instructions
comprising the first protected link and the first decoy link, but
not the first link, and which is configured to cause a first client
computer to present the first protected link in the user interface
and hide the first decoy link from the user interface; sending the
second set of instructions to the first client computer.
[0052] In an embodiment, the method comprises intercepting, from
the server computer, a third set of instructions that define the
first link; determining that the first link is protected; in
response to determining the first link is protected: generating a
second protected link, wherein the second protected link is
different than the first link and the first protected link, and
includes third data that authenticates a second request that has
been generated based on the second protected link and that
references the first target page; generating a second decoy link
that includes data that references a second decoy page and not the
first target page; rendering a fourth set of instructions
comprising the second protected link and the second decoy link, but
neither the first link nor the first protected link, and which is
configured to cause the first client computer to present the second
protected link in the user interface; and hide the second decoy
link from the user interface; sending the fourth set of
instructions to the first client computer.
[0053] In an embodiment, the method comprises receiving, from the
first client computer, a second request indicating that the first
decoy link was selected; in response to determining the first decoy
link was selected, generating a decoy page with one or more decoy
links, which when selected generate an additional request for an
additional decoy page with one or more additional decoy links;
sending, to the first client computer, the decoy page.
[0054] In an embodiment, the method comprises generating the first
protected link, wherein the first protected link includes a key;
storing the key indicating that the key is valid; receiving, from
the first client computer, the first request with the key
indicating the first protected link was selected; determining the
key is valid; in response to determining the key is valid, sending
a second request to the server computer for a set of valid data to
generate the first target page; generating the first target page
with the set of valid data.
[0055] In an embodiment, the method comprises encrypting one or
more requirements to produce an encrypted set of requirements,
which identify a particular page from which the first protected
link is valid; generating the first protected link including the
encrypted set of requirements; receiving, from the first client
computer, the first request with the encrypted set of requirements
and identifying a previous page from which the first link was
selected; decrypting the encrypted set of requirements; determining
the particular page is the previous page; in response to
determining the particular page is the previous page, sending a
second request to the server computer for a set of valid data to
generate the first target page; generating the first target page
with the set of valid data; sending the first target page to the
first client computer.
[0056] In an embodiment, the method comprises receiving a plurality
of source pages, wherein each source page comprises a set of
instructions, each set of instructions includes one or more links,
and each link in the one or more links references a targeted page;
storing, for each link in each source page of the plurality of
source pages, a link mapping between the link on the source page
and the targeted page that the link references; presenting one or
more link mappings in an administration interface to an
administrator; receiving, through the administration interface, one
or more inputs designating a particular link from a particular
source page to a particular targeted page as protected, wherein the
particular link has a particular link identifier; determining a
first link identifier for the first link; determining the first
link is protected by determining that the first link identifier
matches the particular link identifier.
[0057] While each of the drawing figures illustrates a particular
embodiment for purposes of illustrating a clear example, other
embodiments may omit, add to, reorder, and/or modify any of the
elements shown in the drawing figures. Furthermore, while the
instructions discussed in each example embodiment are HTML and
JavaScript instructions, in other embodiments, the instructions
intercepted and generated by the intermediary computer need not be
HTML and/or JavaScript instructions.
[0058] 2.0 Example Network Topology
[0059] Modifying instructions sent from a web infrastructure, which
comprises one or more web servers, to a browser may prevent, and/or
reduce the effectiveness of, one or more various attacks, such as
content scraping, ratings manipulation, fake account creation,
reserving rival goods attacks, ballot stuffing attacks, web site
scraping attacks, vulnerability assessments, stack fingerprinting
attacks, and/or other attacks. For example, each time a web page is
requested, such as an account creation page, order page, voting
page, and/or other page from a web server computer, an intermediary
computer may intercept the requested page sent from the web
infrastructure. The intermediary may transform the page, and/or the
page's instructions, to produce a new set of instructions which
include various security measures. The intermediary may send the
page with the new set of instructions to the browser that requested
the web page.
[0060] Each time the intermediary intercepts instructions from a
server computer, the intermediary may generate new, different
instructions to send to the browser. Thus, a bot requesting the
same page over and over may receive a different set of instructions
after each request and may not observe the same instructions twice.
Without receiving the same instructions with the same identifiers,
the bot may be incapable of determining what link(s) should be
selected.
[0061] FIG. 1 illustrates a system comprising a server security
system, in an example embodiment. System 100 includes web
infrastructure 105, client computer 199, intermediary computer 130,
data storage 140, and administrator computer 150 distributed across
a plurality of interconnected networks. While each of the
components listed above are illustrated as if running on a
separate, remote computer from each other, one or more of the
components listed above may be part of and/or executed on the same
computer. For example, intermediary computer 130, data storage 140,
web infrastructure 105, and/or administrator computer 150 may be
executed on the same computer, local area network, and/or wide area
network. Additionally or alternatively, intermediary computer 130
is a proxy server for web infrastructure 105. Additionally or
alternatively, intermediary computer 130 may be hardware and/or
software that are physically and/or logically positioned between a
router and web infrastructure 105, such that requests and/or data
sent to, and/or sent from, web infrastructure 105 over one or more
protocols may be intercepted by intermediary computer 130. For
example, intermediary computer 130 may be a software module that is
executed by a web server in web infrastructure 105.
[0062] A "computer" may be one or more physical computers, virtual
computers, and/or computing devices. As an example, a computer may
be one or more server computers, cloud-based computers, cloud-based
cluster of computers, virtual machine instances or virtual machine
computing elements such as virtual processors, storage and memory,
data centers, storage devices, desktop computers, laptop computers,
mobile devices, and/or any other special-purpose computing devices.
Any reference to "a computer" herein may mean one or more
computers, unless expressly stated otherwise.
[0063] 2.1 Browser
[0064] A browser may be one or more computer programs or other
software elements stored in electronic digital memory and executed
on a computer that receives instructions from a server computer,
performs one or more of the received instructions, causes to
display content, provides a user interface ("UI") to receive user
inputs, and/or receives and responds to one or more inputs from a
user based on or according to the one or more performed
instructions. A browser and/or components of a browser may be
implemented into an application. For example, a browser and/or
components of a browser may be implemented into a standalone,
web-based, and/or mobile application as part of a web view, and/or
web view controller, to send and/or receive data over HTTP, SPDY,
and/or other protocol(s). A user may use a browser to send data to
a server computer. The server computer may respond with additional
instructions.
[0065] Browser 195 may be a browser that is executed on client
computer 199. Additionally or alternatively, browser 195 may be a
browser operated by a user using client computer 199. Browser 195
may be configured to request, receive, and/or execute data from web
infrastructure 105. For example, browser 195 may request, receive,
and/or execute a web page comprising HTML, CSS, and/or JavaScript
which define one or more links, and which when executed cause the
web page to be displayed. In one or more examples herein, browser
195 may be a bot.
[0066] Browser 195 may also be configured to request data from web
infrastructure 105 based on one or more links. For example, in
response to a user selecting a link, browser 195 may request the
page referenced by the link (the "target page"). The request may
include data included in the link and/or in other parts of the
page. Alternatively, browser 195 may be a bot that is configured to
traverse the web page and request the target page(s) of one or more
links in a web page.
[0067] A page or web page may be a set of instructions that define
one or more objects and/or operations that may be executed
concurrently and may be visually displayed together. For example,
in response to a request from a client computer, a "home page" may
be sent to the client computer. The home page may be a set of
instructions that a web server sends to a remote client computer if
no parameters are included in the request. One page may reference
and/or include other pages. For example, in response to a user
selecting a link in a current page through a browser, the browser
may request and receive a partial page. The partial page may be
displayed in the interface currently displayed and defined by the
current page.
[0068] 2.1.1 Objects
[0069] An object may be a data structure that can be identified by
an identifier and/or a relationship with another object, such as a
link, form, button, image, field, input, and/or sub-page. For
example, an object may have a unique identifier, which can be used
to reference the object. An object may also be referenced by its
position in a hierarchy of object.
[0070] An object may have one or more identifiers. For example, a
link may be identified by a particular attribute in the link, such
as a "name", "id", or "class" attribute. A link may be identified
by an object that includes the link. For example, each link a
division or section of a page may be identified by the division or
section's identifier. Also for example, each link in a source page
may be identified by the identifier for the source page, such as
the URL of the source page. One or more links may be identified by
a target page. For example, each link in any page may be identified
by the target page that the link points to. Additionally or
alternatively, links may be identified by a combination of
identifiers.
[0071] An attribute may be data that identifies and/or describes
the appearance, behavior, and/or content of an object. For example,
an attribute may be a unique identifier, such as a name. An
attribute may indicate that an object is a type of text field, text
area, checkbox, and/or radio button. Other attributes may define or
describe dimension, position, color, visibility, value, and any
other functional or visual aspect of an object.
[0072] 2.1.2 Links
[0073] A link may be an object that references a page or web page.
The page referenced by the link may be referred to as a target
page. A link may reference a target page by including a URL and/or
other data that identifies a target page. A link may comprise one
or more parameters. Additionally or alternatively, a link may
comprise logic and/or instructions that are executed when the link
is selected. Additionally or alternatively, a link may comprise
and/or reference one or more objects that gather data and submit
the data to a web server. For example, a link may reference a form.
After data is entered into the form, and the link is selected, a
request for a target page may be sent and the data in the form may
be submitted with the request. The target page may comprise an
error and/or success code. A target page need not include HTML,
CSS, and JavaScript. Also for example, a link may comprise a form
that references a target page. After data is entered into the form,
and a submit button is selected, a request for the target page may
be sent and the data in the form may be submitted with the
request.
[0074] A link may be included in a page. The page the link is
included in may be referred to as the source page. Additionally or
alternatively, a link may be included in a short messaging service
"text" message, instant message, email, and/or other medium.
[0075] 2.1.3 Protected Links
[0076] A protected link may be a link that includes data that an
intermediary computer may use to verify that a request from a
client computer was generated from a valid link selected by a
legitimate user. In response to verifying that a request was
generated from a valid link selected by a legitimate user, the
intermediary computer may send the client computer the link's
target page. However, in response to determining that a request was
not generated from a valid link selected by a legitimate user, the
intermediary computer may send the client computer a decoy
page.
[0077] 2.1.4 Decoy Links
[0078] A decoy link may be a link that does not include data that
an intermediary computer may use to verify that a request from a
client computer was generated from a valid link selected by a
legitimate user. Additionally or alternatively, a decoy link may be
a link that includes data that an intermediary may use to determine
that a request was generated by a bot, malicious user, program,
and/or not a by a legitimate user. In response to receiving a
request based on a decoy link, the intermediary may respond with a
decoy page. Decoy links may be termed bogus links or false
links.
[0079] Decoy links need not be visible to a user using a web
browser. For example, a decoy link may be associated with a
"display" attribute that is set to false or zero, a "height" and/or
"width" attribute that is set to zero, a location that is outside
the visible bounds of the object the decoy link is in, and/or one
or more other attributes associated with the link that instructs a
browser not to display the decoy link to the user. Additionally or
alternatively, a decoy link may be included in one or more objects
that have one or more attributes associated with the object that
instructs a browser not to display the object and/or the decoy link
in the object to the user.
[0080] As discussed in detail herein, to prevent attacks and/or
discourage future attacks, an administrator may use one or more of
the methods and/or systems described herein to insert one or more
decoy links to be inserted into a page, which reference one or more
decoy pages. For example, if a bot merely generates requests based
on links within a page, and does not render a page and select a
link based on which link(s) are visible, then the bot may select a
decoy link to generate a request from. In contrast, a user, which
selects links rendered on a display, may not be presented with
decoy link and therefore may not select a decoy link to generate a
request from.
[0081] 2.1.5 Decoy Pages
[0082] A decoy page may have false information and/or additional
decoy links that link to additional decoy pages. A decoy page may
be generated by an intermediary computer in response to receiving a
request based on a decoy link and/or a protected link that is not
successfully validated. Additionally or alternatively, decoy pages
may be cached and server by the intermediary in response to
receiving a request based on a decoy link and/or a protected link
that is not successfully validated. Decoy pages may be termed bogus
pages or false pages.
[0083] A decoy page may have legitimate data. For example, a decoy
page for a user profile may have the user's actual name, but the
personal information may be false.
[0084] 2.1.6 Differences between a Browser and BOT
[0085] A web browser may be a tool through which application
programs can provide client computers with content in a dynamic,
custom user interface ("UI"). For example, in response to receiving
a request for data from a web browser, a web server responds with a
set of instructions and/or data comprising a web page. The
instructions may define one or more objects that include data
and/or other objects. The instructions may also define how the data
and/or objects may be presented in a UI to enable and/or facilitate
human/computer interaction.
[0086] In contrast, bots traverse web pages and/or web sites to
retrieve data from, and/or submit data to, one or more web servers
with little, if any, human/computer interaction. For example, in
response to receiving a request for data from a bot, a web server
responds with a set of instructions comprising a web page. As
discussed above, the instructions may define one or more objects
that include data and/or other objects. The instructions may also
define how the data and/or objects may be presented in a UI.
However, a malicious bot may merely parse a one or more of the
instructions looking for data to store and/or use to make
subsequent requests. A bot need not execute the instructions
because the bot is built to operate with little, if any,
human/computer interaction. A bot need not present a user with any
UI defined by the one or more instructions. The bot may simply look
for data by parsing one or more of the instructions looking for one
or more data structures defined in the instructions. Thus, a bot
may incorrectly assume that a user may select any link in a web
page, including a decoy link.
[0087] 2.2 Web Infrastructure
[0088] Web infrastructure 105 may be one or more server computers
that receive requests for data from users, such as a user using
browser 195, through intermediary computer 130. For example, web
infrastructure 105 may be one or more web servers serving web pages
for a particular web site. In response to a request for a web page,
web infrastructure 105 may send the requested page to browser 195,
through intermediary computer 130. As illustrated in FIG. 1 the
data sent from web infrastructure 105 may include instructions,
such as HTML, JavaScript, and CSS 110.
[0089] Instructions may mean one or more codes that define one or
more objects and/or one or more operations. For example,
instructions may comprise HyperText Markup Language ("HTML"),
eXtensible Markup Language ("XML"), cascading style sheets ("CSS"),
JavaScript, and/or any other standard or proprietary languages or
codes that define objects, attributes, relationships between
objects, and/or operations.
[0090] 2.3 Intermediary Computer
[0091] Intermediary computer 130 may intercept instructions sent
from web infrastructure 105, replace one or more links with one or
more protected links, and/or insert one or more decoy links.
Intermediary computer 130 may intercept one or more requests from
browser 195, determine whether a request is based on a valid link
or an invalid link. A request based on a valid link may be a
request based on a public link and/or a valid protected link. A
request based on an invalid link may be a request based on a decoy
link and/or a protected link that fails one or more validations. In
response to determining a request is based on a valid link, the
intermediary computer 130 may forward and/or modify the request
from browser 195 to web infrastructure 105. Otherwise, intermediary
computer 130 may generate and respond to browser 195 with a decoy
page.
[0092] Intermediary computer 130 may generate a site map that
describes how a collection of pages are interconnected through one
or more links in each page. As discussed herein, intermediary
computer 130 may generate the site map based on the pages
intermediary computer 130 intercepts from web infrastructure 105.
Intermediary computer 130 may use configuration 132 and the site
map to determine which links should be protected. Intermediary
computer 130 may store a site map in data storage 140.
[0093] For purposes of illustrating a clear example, intermediary
computer 130 is discussed herein as if a separate computer
performing one or more operations. However, in an embodiment,
intermediary computer 130 comprises one or more software modules,
such as link and request processing module 135. The one or more
software modules, such as link and request processing module 135,
may perform one or more methods discussed herein with respect
intermediary computer 130. The modules may be on a separate
computer from web infrastructure 105 and/or administrator computer
150 as illustrated in FIG. 1. Additionally or alternatively, the
modules may be executed on the same computer(s) as web
infrastructure 105 and/or administrator computer 150.
[0094] In an embodiment, each of the functional units of
intermediary computer 130 and/or link and request processing module
135 may be implemented using any of the techniques further
described herein in connection with FIG. 6; for example, the
intermediary computer 130 may comprise a general-purpose computer
configured with one or more stored programs which when executed
cause performing the functions described herein for the
intermediary computer, or a special-purpose computer with digital
logic that is configured to execute the functions, or digital logic
that is used in other computing devices.
[0095] 2.4 Administrator Computer
[0096] Administrator computer 150 broadly represents any computer
that may be used to manage, control, monitor or otherwise
administrate a web site or a set of web pages. The particular role
of a user of the computer is not critical and the label
"administrator" is used here merely for convenience to illustrate a
clear example. A user, such as an administrator for web
infrastructure 105, may use administrator computer 150 to retrieve
data from data storage 140. For example, administrator computer 150
may display a site map stored in data storage 140 through
administration interface 170.
[0097] Administration interface 170 may present a site map with
links from source pages to target pages. Administration interface
170 may also present which links and/or target pages are protected,
as defined in configuration 132. Administration interface 170 may
also provide controls for a user to change the status of a link
and/or target page from public to protected, or from protected to
public. Thus, a user, through administrator computer 150, may
modify configuration 132 based on the site map displayed.
Intermediary computer 130 may change which links are protected
based on the modified configuration 132.
[0098] 3.0 Process Overview
[0099] An intermediary may remove links from a web page, replace
one or more links with one or more protected links, insert decoy
links. The intermediary may include one or more instructions in a
web page to hide, and/or otherwise prevent a user from selecting,
the decoy links. Thus, a user using the browser may not select a
decoy link because the decoy link is not visible and/or is not
selectable. However, a bot, which does not parse and/or execute the
one or more instructions, and/or does not determine which links may
be visible to a user using a browser, may select one or more decoy
links and/or invalid links.
[0100] A legitimate bot may avoid selecting decoy links based on
data indicating whether a page is public and/or protected. For
example, a web site may have a "robots.txt" file that includes data
indicating which URL(s), path(s), web page(s), and/or any other web
page identifier(s) correspond to one or more web pages that are
public and/or protected. The intermediary need not generate decoy
links to pages that are public and/or not protected. Therefore, a
legitimate bot may download the robots.txt file and may traverse
each public page selecting one or more links that identify one or
more target pages deemed to be public and/or not protected based on
the robots.txt file. In contrast, a malicious bot, which does not
adhere to the data in the robots.txt file, may attempt to select
one or more links, including one or more decoy links and/or one or
more invalid links, that identify one or more target pages deemed
to be protected and/or not public based on the robots.txt file.
Thus, a legitimate browser may traverse the public pages without
selecting one or more decoy links, whereas the malicious bot may
select the one or more decoy links and/or one or more invalid
links.
[0101] FIG. 2 illustrates a process for intercepting a page from a
server computer, replacing one or more links with protected links,
inserting one or more decoy links, and determining whether to
respond to a subsequent request with the target page or a decoy
page, in an example embodiment. In step 210, an intermediary
computer intercepts, from a server computer to a client computer, a
first set of instructions that define a user interface and a
plurality of links. For example, intermediary computer 130 may
intercept a page from web infrastructure 105 comprising unmodified
HTML, JavaScript, and CSS 110.
[0102] In step 215, the intermediary computer determines one or
more links that are protected. For purposes of illustrating a clear
example, assume that configuration 132 indicates that one or more
links with one or more identifiers should be protected.
Intermediary computer 130 may traverse the source web page and
select the one or more links with the one or more identifiers.
[0103] In an embodiment, intermediary computer 130 parses and/or
executes the instructions received in step 210 and generates
in-memory objects that represent one or more links in the page.
Intermediary computer 130 may select one or more in-memory objects
that correspond to one or more links identified in configuration
132.
[0104] 3.1 Generating a Protected Link in a Souce Web Page
[0105] In step 220, the intermediary computer may generate one or
more protected links. "Generating a link" may mean creating a data
structure in memory that corresponds with a link that is, and/or
will be, in a page. For purposes of illustrating a clear example,
assume that intermediary computer 130 selects a link in step 215
from the source page intercepted in step 210. Intermediary computer
130 may generate a protected link that will replace the link
selected in step 215.
[0106] 3.1.1 Generating a Protected Link using a State-Based
Intermediary
[0107] FIG. 3A illustrates a process for generating a protected
link using a state-based intermediary, in an example embodiment. In
step 310, the intermediary generates one or more protected links
with a key embedded in each link. For example, intermediary
computer 130 may generate a new unique key. Intermediary computer
130 may generate a new link with the new unique key.
[0108] A new unique key may be generated each time the particular
source page is requested. Thus, even if a browser 195 requests the
same page twice, browser 195 need not receive the same link with
the same key twice. Bots that rely on finding a particular link may
be unable to find the desired link since intermediary computer 130
may generate a new unique key each time the particular source page
is requested.
[0109] A key may be used more than once. The key may be encrypted
using an initialization vector. In an embodiment, a key may be
encrypted with a new initialization vector each time the particular
source page is requested. Thus, the key need not be a new unique
key each time, but because the key is encrypted with a new
initialization vector, the encrypted key may appear to be different
each time the particular source page is requested.
[0110] In step 320, the intermediary may store the key. For
example, intermediary computer 130 may store the key in data
storage 140 to be used to validate a subsequent request with the
key.
[0111] Intermediary computer 130 may generate and store additional
data associated with the key to validate a subsequent request with
the key. For example, intermediary computer 130 may store a
reference to the source page that will contain the link with the
new key. Additionally or alternatively, intermediary computer 130
may store a user name, Internet Protocol ("IP") address and/or
Media Access Control ("MAC") address associated with the client
computer that the link will be sent to. Additionally or
alternatively, intermediary computer 130 may store data that
indicates a time the key was generated and/or a time at which the
key should expire.
[0112] Additionally or alternatively, a link may be a key. For
example, based on one or more polymorphic protocols, intermediary
computer 130 may generate a new link that corresponds to a
particular link that should be protected. The new link may include
a new target page reference. The new target page reference may
appear to be a reference to a new, random, and/or different target
page. However, the new target page reference may be the key.
Intermediary computer 130 may store a mapping between the new
target page reference and the original link's target page.
[0113] 3.1.2 Generating a Protected Link using a Stateless
Intermediary p FIG. 4A illustrates a process for generating a
protected link using a stateless intermediary, in an example
embodiment. In step 410, the intermediary generates one or more
protected links with an encrypted set of one or more values. The
encrypted set of one or more values may be referred to herein as an
opaque blob because the values are opaque to a client computer that
receives them, which is not intended to modify the values during
ordinary operation, and because the values may be carried in a data
segment of arbitrary length. For example, intermediary computer 130
may generate a set of one or more encrypted values that may be used
to validate a subsequent request that includes the encrypted
values.
[0114] The one or more values may include, among other things, one
or more of the factors associated with a key in step 320. For
example, the opaque blob may include a reference to the source page
that will contain the link. Additionally or alternatively, the
opaque blob may include a user name, Internet Protocol ("IP")
address and/or Media Access Control ("MAC") address associated with
the client computer that the link will be sent to. Additionally or
alternatively, the opaque blob may include data that indicates a
time the link was generated and/or a time at which the link should
expire.
[0115] Changing the opaque blob may invalidate the encryption. If a
client computer changes the encrypted one or more values and
includes the changed one or more values in a request, then
intermediary computer 130 may be unable to decrypt the values.
Thus, intermediary computer 130 may be unable to validate a request
with an opaque blob that has been changed by a client computer.
[0116] An intermediary computer may generate a protected link using
one or more methods discussed herein. For example, intermediary
computer 130 may generate a link that has a key stored in data
storage 140, as discussed with a state-based intermediary, and an
opaque blob, as discussed with a stateless intermediary. In an
embodiment, the encrypted blob may also be a key stored in data
storage 140. In an embodiment, the encrypted blob may include a key
stored in data storage 140.
[0117] 3.2 Generating a Decoy Link
[0118] Returning to FIG. 2, in step 225, the intermediary computer
generates one or more decoy links. For example, intermediary
computer 130 may generate a decoy link with a bad key and/or an
invalid opaque blob. Additionally or alternatively, intermediary
computer 130 may generate a decoy link without a key and/or opaque
blob. Additionally or alternatively, intermediary computer 130 may
generate a decoy link that includes a key in data storage 140, but
is associated with data, and/or is included in a data structure,
indicating that the key corresponds with a decoy link. Additionally
or alternatively, intermediary computer 130 may generate a decoy
link that includes an opaque blob with data, and/or a data
structure, indicating that the link is a decoy link.
[0119] Intermediary computer 130 may generate one or more decoy
links that corresponds with one or more protected links. For
example, a particular decoy link that corresponds with a particular
protected link may include the same reference to the target page as
the particular protected link. Intermediary computer 130 need not
generate a decoy link that corresponds with a public link. For
example, if a link to a help page is designated as public, then
intermediary computer 130 need not create a decoy link that
corresponds to, and/or or is near, the help link, which may
otherwise distract bots or search engines from requesting the
target help page. Additionally or alternatively, intermediary
computer 130 may generate one or more decoy links that do not
correspond to any particular protected link.
[0120] Intermediary computer 130 may generate one or more decoy
data structures that contain and/or reference decoy links. A decoy
data structure may include one or more divisions, sections, images,
blocks, text, paragraphs, and/or any other data or structures. The
data in a decoy data structure and/or decoy link may be random,
nonsensical, and/or other data not intended to be rendered on a
display for a legitimate user to see. A decoy data structure may be
part of, and/or comprise, a hierarchy objects.
[0121] More than one decoy link may be generated for each protected
link. For example, to decrease the chance of a bot selecting a
valid protected link, intermediary computer 130 may generate more
than one decoy link that is near, and/or corresponds to, a valid
protected link. Providing additional decoy links may cause a bot to
traverse decoy paths created by decoy links, decoy data structures,
and/or decoy pages instead of receiving data and/or pages intended
for legitimate users to see. Causing a bot to traverse a decoy path
may be referred to as a reverse denial of service attack, because a
bot may be effectively prevented from finding data and/or pages
intended for legitimate users to see while spending a substantial
amount of time traversing a decoy path. Furthermore, intermediary
computer 130 may relieve web infrastructure 105 from providing
service to clients with requests based on decoy links.
[0122] 3.3 Rendering and Sending a Second Set of Instructions to
the Client
[0123] In step 230, the intermediary computer renders a second set
of instructions comprising the one or more protected links and the
one or more decoy links, and which when executed on a first client
computer, causes the client computer to present the one or more
protected links in the user interface, and hide the one or more
decoy links and/or data structures from the user interface. Since a
user typically relies on visual renderings of links and/or data
structures, a user need not be distracted with, and/or select a
decoy link or decoy data structure. The second set of instructions
need not comprise the one or more links determined to be protected,
and for which the protected links were generated to replace. For
example, intermediary computer 130 may render modified HTML,
JavaScript, and CSS 190, which include the protected link(s), decoy
link(s), and/or decoy data structure(s) discussed above.
[0124] In step 235, the intermediary computer sends the second set
of instructions to the client computer. For example, intermediary
computer 130 sends modified HTML, JavaScript, and CSS 190 to
browser 195.
[0125] 3.4 Determining Whether a Request for a Target Page is
Valid
[0126] In step 240, the intermediary computer receives a request.
For example, a user using browser 195 may select a link that
references a particular target page. In response, browser 195 may
generate a request for the target page based on the selected link.
Also for example, browser 195 may be a bot configured to crawl one
or more web sites. Browser 195 may generate a request for a target
page based on a link selected by browser 195. In either example,
intermediary computer receives the request from client computer
199, which browser 195 is executed by.
[0127] In step 245, the intermediary computer determines whether
the request for the target page is based on a decoy link.
Additionally or alternatively, the intermediary computer may
determine whether the request for the target page was based on a
protected link and whether the protected link was valid or invalid.
Additionally or alternatively, the intermediary computer may
determine whether the request is based on a public link, or is for
a target page that is deemed to be public, and/or not deemed to be
protected by configuration 132.
[0128] 3.4.1 Determining whether a Rquest is Valid using a
State-Based Intermediary
[0129] FIG. 3B illustrates a process for determining whether a
request is valid using a state-based intermediary computer in an
example embodiment. In step 350, the intermediary computer
determines the key from the request. For purposes of illustrating a
clear example, assume that intermediary computer 130 receives a
request for a target page that includes a parameter that
corresponds to a key, the "key" parameter. Intermediary computer
130 may extract the key from the request accordingly. Additionally
or alternatively, the key parameter may be embedded in the path of
the target URL. Additionally or alternatively, the key parameter
may be appended to the path of the target page. Additionally or
alternatively, the parameter need not be labeled "key", and the
parameter need not be included in the URL of the target page. For
example, the key may be included in the payload of a HTTP Post
request, a TCP/IP packet, and/or any other standard or proprietary
protocol.
[0130] In step 360, the intermediary computer determines whether
the key is valid. For example, intermediary computer 130 may query
for the key in data storage 140. If the key is found, then
intermediary computer 130 may determine that the key, and thus the
request, is valid and proceed to step 370. Otherwise, intermediary
computer 130 may determine the key, and thus the request, is
invalid and proceed to step 260.
[0131] Additionally or alternatively, the key may be associated
with a source page. If the request identifies the source page and
the referral page, then intermediary computer 130 may determine
that the key, and thus the request, is valid and proceed to step
370. Otherwise, intermediary computer 130 may determine the key,
and thus the request, is invalid and proceed to step 260.
[0132] Additionally or alternatively, the key may be associated
with a target page. If the request is for the target page, then
intermediary computer 130 may determine that the key, and thus the
request, is valid and proceed to step 370. Otherwise, intermediary
computer 130 may determine the key, and thus the request, is
invalid and proceed to step 260.
[0133] Additionally or alternatively, the key may be associated
with a Boolean value or flag value. If intermediary computer 130
determines that the Boolean value is set to true, then intermediary
computer 130 may determine that the key, and thus the request, is
valid and proceed to step 370. Otherwise, intermediary computer 130
may determine the key, and thus the request, is invalid and proceed
to step 260.
[0134] Additionally or alternatively, the key may be associated
with a user identifier, such as a user name. If intermediary
computer 130 determines that the request includes the user
identifier then intermediary computer 130 may determine that the
key, and thus the request, is valid and proceed to step 370.
Otherwise, intermediary computer 130 may determine the key, and
thus the request, is invalid and proceed to step 260.
[0135] Additionally or alternatively, the key may be associated
with an IP address and/or MAC address. If intermediary computer 130
determines the request was received from the same IP address and/or
MAC address, then intermediary computer 130 may determine that the
key, and thus the request, is valid and proceed to step 370.
Otherwise, intermediary computer 130 may determine the key, and
thus the request, is invalid and proceed to step 260.
[0136] Additionally or alternatively, the key may be associated
with a time at which the key was created, a time at which the key
become invalid, and/or an interval over which the key is valid. If
intermediary computer 130 determines that the request was made
within the time period that the key was valid for, then
intermediary computer 130 may determine that the key, and thus the
request, is valid and proceed to step 370. Otherwise, intermediary
computer 130 may determine the key, and thus the request, is
invalid and proceed to step 260.
[0137] Additionally or alternatively, if a request does not include
a key, then intermediary computer 130 may query configuration 132
for the target page in the request. If the target page is
designated as public and/or is not designated as protected
according to configuration 132, then intermediary computer 130 may
determine the request is valid and proceed to step 250.
[0138] In step 370, the intermediary computer invalidates they key
for future requests. For example, intermediary computer 130 may
delete the key from data storage 140. Additionally or
alternatively, if additional data is associated with the key in
data storage 140, then intermediary computer 130 may update the
data to invalidate the key for subsequent requests. For example,
intermediary computer 130 may set an associated Boolean value to
false, delete one or more associated user identifiers, IP
addresses, MAC addresses, references to source pages and/or a
target pages, times, and/or intervals.
[0139] In an embodiment, intermediary computer 130 need not
invalidate the key. For example, if the key is associated with a
particular time, then intermediary computer 130 may validate one or
more requests that are received on and/or before the particular
time, and proceed to step 250. Additionally or alternatively,
intermediary computer 130 may proceed to step 260 for each request
received on and/or after the particular time.
[0140] Some keys may be valid indefinitely. For example, a key may
be invalid until an administrator, through administration interface
170, removes and/or invalidates the key in data storage 140.
[0141] 3.4.2 Determining whether a Request is Valid using a
Stateless Intermediary
[0142] FIG. 4B illustrates a process for determining whether a
request is valid using a stateless intermediary computer in an
example embodiment. In step 450, the intermediary computer decrypts
the one or more requirements included in the request. For purposes
of illustrating a clear example, assume that intermediary computer
130 receives a request for a target page that includes an opaque
blob of the type described above with one or more requirements,
such as a source page reference, target page reference, user
identifier, IP address, MAC address, time, and/or any other factor
discussed herein. Intermediary computer 130 may decrypt the opaque
and each of the one or more requirements.
[0143] If a request does not include an opaque blob, then
intermediary computer 130 may query configuration 132 to identify
the target page in the request. If the target page is not protected
according to configuration 132, then intermediary computer 130 may
proceed to step 250.
[0144] In step 460, the intermediary computer may determine whether
the request meets the one or more requirements. For example,
intermediary computer 130 may verify that each requirement in the
opaque blob received in step 450 is satisfied. If so, then
intermediary computer 130 may determine that the request is valid
and proceed to step 250. Otherwise, intermediary computer 130 may
proceed to step 260.
[0145] 3.5 Responding to the Request
[0146] Returning to FIG. 2, in step 250, the intermediary computer
generates and/or sends the target page to the client computer. For
example, intermediary computer 130 may forward the request received
in step 240 to web infrastructure 105. In response, intermediary
computer 130 may receive the target page from web infrastructure
105. Intermediary computer 130 may repeat steps 210 through 235 to
produce a modified target page, and send the modified target page
with protected and/or decoy links to browser 195. In an embodiment,
if the target page is designated as public in configuration 132,
then intermediary computer 130 need not insert decoy links and/or
decoy structures.
[0147] In step 260, the intermediary computer generates and sends a
decoy page with one or more decoy links to the client computer. For
example, intermediary computer 130 may generate a new decoy page
that includes one or more decoy data structures and/or decoy
links.
[0148] Intermediary computer 130 may include, in a decoy page, some
data and/or data structures from a target page that a legitimate
user is intended to see. For example, intermediary computer 130 may
request the target page from web infrastructure 105. In response,
intermediary computer 130 may receive the target page. Intermediary
computer 130 may strip out sensitive data designated as such in the
target page, as defined in configuration 132, data storage 140,
and/or by web infrastructure 105. Intermediary computer 130 may
replace the sensitive data with one or more decoy link and/or decoy
structures. Additionally or alternatively, intermediary computer
130 may insert one or more decoy links and/or decoy data structures
throughout the decoy page.
[0149] The intermediary computer need not send any page and/or data
in response to a request determined to be based on a decoy link.
For example, in step 260, intermediary computer 130 may do nothing.
Additionally or alternatively, an administrator, through
administration interface 170 and/or administrator computer 150, may
configure intermediary computer 130 to respond with a particular
error. The error may include one or more codes, such as an HTTP
error code. The error may include text indicating there was an
error and/or text describing the error.
[0150] An administrator may configure the intermediary computer to
respond to a request based on a particular invalid link and/or a
particular decoy link. For example, an administrator, through
administration interface 170 and/or administrator computer 150, may
configure intermediary computer 130 to give a particular response
if a request is based on an invalid link and/or decoy link that
corresponds to a particular protected link and/or is associated
with a particular source page and/or target page. Additionally or
alternatively, the administrator may configure intermediary
computer to respond to an invalid link and/or decoy link by
forwarding the user to a particular web page, such as an error
page.
[0151] The intermediary computer may respond to invalid and/or
decoy links randomly. For example, in response to receiving a first
request based on an invalid link and/or a decoy link from a client
computer, intermediary computer 130 may send HTTP error code 500 to
the client computer. In response to receiving a second request
based on an invalid link and/or a decoy link from a client
computer, intermediary computer 130 may send, to the client
computer, human-readable text indicating to the user that the link
which the request is based on is no longer valid. In response to
receiving a third request based on an invalid link and/or a decoy
link from a client computer, intermediary computer 130 need not
send any data to the client computer. In response to receiving a
fourth request from a client computer based on an invalid link
and/or a decoy link, intermediary computer 130 may send a decoy
page to the client computer.
[0152] 3.6 Including Additional Decoy Links or Decoy Data
Structures
[0153] Intermediary computer 130 may embed data in a page and/or a
decoy link to determine whether to increase the number of decoy
links and/or decoy data structures in a page. For example,
intermediary computer 130 may insert a first decoy link in a first
page with the number "1" embedded in the link. If intermediary
computer 130 receives a subsequent request based on the first decoy
link, then intermediary computer 130 may insert a second decoy link
in a first decoy page with the number "2" embedded in the link. If
intermediary computer 130 receives a subsequent request based on
the second decoy link, then intermediary computer 130 may insert a
third decoy link in a second decoy page with the number "3"
embedded in the link. As intermediary computer 130 receives
requests based on decoy links with higher embedded numbers,
intermediary computer may increase the number of decoy links in the
next generated decoy page. Thus, a bot traversing decoy pages may
find more and more decoy links to follow which may cause a better
reverse denial of service attack.
[0154] Intermediary computer 130 may store features about a browser
and/or computer that makes a request based on a decoy link. For
example, intermediary computer 130 may store a one or more browser
identifiers, user identifiers, IP addresses, MAC addresses, and/or
any other data received and/or derived from a request based on a
decoy link. When intermediary computer 130 receives a request that
matches one of the stored factors, then intermediary computer 130
may respond to an apparently valid request with a valid page that
has more decoy links and/or decoy data structures that intermediary
computer 130 would otherwise include.
[0155] 3.7 Building a Site Map and Selecting Links to Protect
[0156] FIG. 5 illustrates a process for building a site map and
selecting links for an intermediary computer to protect, in an
example embodiment. In step 510, the intermediary computer receives
a plurality of source pages, wherein each source page comprises one
or more links that reference one or more targeted pages. For
example, intermediary computer 130 may receive one or more requests
for one or more target pages from one or more client computers.
Intermediary computer 130 may forward the request(s) to web
infrastructure 105, and in response, intermediary computer may
receive the page(s) from web infrastructure 105.
[0157] In step 520, the intermediary computer stores, for each link
in each source page of the plurality of source pages, a link
mapping between the link on the source page and the targeted page
that the link references. For example, in response to the one or
more requests in step 510, intermediary computer 130 may traverse
each page received. For each link in each page, intermediary
computer 130 may store a link mapping in data storage 140. Each
link mapping may include a link identifier, source page identifier,
and/or target page identifier. A link identifier may be a name,
number, alpha-numeric string, XPath in a source page, type
identifier, class identifier, division or section identifier,
source page identifier (such as a URL and/or path of the source
page), target page identifier (such as a URL and/or path of the
target page), and/or any other identifier.
[0158] A link mapping may represent a one or more links. For
example, a single link mapping may represent two links on the same
source page that both reference the same target page.
[0159] In step 530, an administrator computer may present one or
more link link mappings in an administration interface to an
administrator. For example, administrator computer 150 may query
data storage 140 for link mappings from one or more source pages to
one or more target pages. Administrator computer 150 may render the
queried link mappings through administration interface 170.
[0160] Administration interface 170 may render a graph wherein the
nodes in the graph represent source and target pages, and the edges
in the graph represent link mappings between source pages and
target pages. Additionally or alternatively, administration
interface 170 may show a list of link mappings, each of which
represent one or more links in a source page. Administration
interface 170 may also indicate the target page of each link.
Additionally or alternatively, administration interface 170 may
show a list of link mappings, each of which represent one or more
links to a target page. Administration interface 170 may also
indicate the source page of each link.
[0161] In step 540, the administrator computer receives, through
the administration interface, one or more inputs designating one or
more links to a particular target page as protected. For example,
administrator computer 150 may receive input through administration
interface 170 indicating that a user selected one or more link
mappings that should be protected. Additionally or alternatively,
administrator computer 150 may receive input through administration
interface 170 indicating that a user selected one or more target
pages, wherein each link that refers to the one or more target
pages, regardless of each link's source page, should be protected.
Additionally or alternatively, administrator computer 150 may
receive input through administration interface 170 indicating that
a user selected one or more source pages, wherein each link that is
included in the source page, regardless of each link's target page,
should be protected.
[0162] The administrator computer 150 may receive input through
administration interface 170 indicating that a user selected one or
more link mappings, source pages, and/or target pages for which the
corresponding links should be public. Additionally or
alternatively, administrator computer 150 may receive input through
administration interface 170 indicating that a user selected one or
more particular links that should be public.
[0163] In step 550, the administrator computer stores one or more
identifiers, which indicate which links were designated by the
administrator as protected. For example, administrator computer 150
may store the identifier for each selected link in configuration
132. Administrator computer 150 may remove and/or toggle
identifiers of links that are no longer selected. A link identifier
may identify one or more links, target pages, and/or source
pages.
[0164] 3.7.1 Routing a Request from a First Link to a Second
Link
[0165] An administrator computer may receive, through the
administration interface, one or more inputs routing a first a link
mapping to a second link mapping. For example, administrator
computer 150 may receive input through administration interface 170
indicating that a user selected a first link mapping and a second
link mapping. The first link mapping may correspond to a first link
in a first source page that references a first target page. The
second link mapping may correspond to a second link in a second
source page that references a second target page. The input may
include instructions to route requests based on the first link to
the second link. Administrator computer 150 may update
configuration 132 accordingly. In response to determining that a
request is based on the first link and the corresponding first link
mapping is routed to the second link mapping, intermediary computer
130 may route the client computer to the second target page by
requesting the second target page from web infrastructure 105.
[0166] Intermediary computer 130 may treat a request based on the
first link as public or protected, based on whether the second link
is designated as public or protected. For example, if the second
link mapping discussed above is protected, then a request based on
the first link may be treated as if the first link is protected,
regardless of whether the first link and/or the corresponding first
link mapping is designated as public or protected. Also for
example, if the second link references a second target page that is
protected and the first link is routed to the second link, then a
request based on the first link may be treated as if the first link
is protected, regardless of whether the first link and/or the
corresponding first link mapping is designated as public or
protected. Alternatively, intermediary computer 130 may treat a
request based on the first link as public or protected as indicated
in configuration 132, regardless whether the second link mapping,
the second link, second source page, and/or second target page is
designated as public or protected.
[0167] 3.7.2 Setting Default Behaviors
[0168] An administrator computer may receive input that defines one
or more default behaviors. For example, administrator computer 150
may receive, through administration interface 170, input indicating
that if intermediary computer 130 cannot determine whether the
request is based on a link that is defined as public or protected,
then intermediary computer 130 should respond to the request as if
the request is based on a decoy link. Administrator computer 150
may update configuration 132 accordingly.
[0169] Intermediary computer 130 may not be able to determine
whether the request is based on a link that is defined as public or
protected because the request is based on a link that does not have
a corresponding link mapping. Additionally or alternatively,
intermediary computer 130 may not be able to determine whether the
request is based on a link that is defined as public or protected
because the link identifier is not stored in configuration 132.
[0170] As another example of a user defining a default behavior,
administrator computer 150 may receive input indicating that if
intermediary computer 130 determines a request is based on a link
that has a corresponding link mapping, but is not expressly defined
as public or protected, then intermediary computer 130 should
respond to the request as if the request is based on a public link.
Administrator computer 150 may update configuration 132
accordingly.
[0171] 3.7.3 Deleting Link Mappings
[0172] An administrator computer may receive, through the
administration interface, one or more inputs selecting one or more
link mappings and instructing the administrator computer to delete
the one or more link mappings. In response, the administrator
computer may delete data related to the one or more link mappings
in data storage 140 and/or configuration 132. Additionally or
alternatively, if intermediary computer 130 receives a page and
determines that a particular link is no longer in the page, then
intermediary computer 130 may delete data related to the link in
data storage 140 and/or configuration 132. Additionally or
alternatively, if intermediary computer 130 receives a page that no
longer has one or more particular links, then intermediary computer
130 may delete the corresponding link mapping(s) in data storage
140.
[0173] 4.0 Implementation Mechanisms--Hardware Overview
[0174] According to one embodiment, the techniques described herein
are implemented by one or more special-purpose computing devices.
The special-purpose computing devices may be hard-wired to perform
the techniques, or may include digital electronic devices such as
one or more application-specific integrated circuits (ASICs) or
field programmable gate arrays (FPGAs) that are persistently
programmed to perform the techniques, or may include one or more
general purpose hardware processors programmed to perform the
techniques pursuant to program instructions in firmware, memory,
other storage, or a combination. Such special-purpose computing
devices may also combine custom hard-wired logic, ASICs, or FPGAs
with custom programming to accomplish the techniques. The
special-purpose computing devices may be desktop computer systems,
portable computer systems, handheld devices, networking devices or
any other device that incorporates hard-wired and/or program logic
to implement the techniques.
[0175] For example, FIG. 6 is a block diagram that illustrates a
computer system 600 upon which an embodiment of the invention may
be implemented. Computer system 600 includes a bus 602 or other
communication mechanism for communicating information, and a
hardware processor 604 coupled with bus 602 for processing
information. Hardware processor 604 may be, for example, a general
purpose microprocessor.
[0176] Computer system 600 also includes a main memory 606, such as
a random access memory (RAM) or other dynamic storage device,
coupled to bus 602 for storing information and instructions to be
executed by processor 604. Main memory 606 also may be used for
storing temporary variables or other intermediate information
during execution of instructions to be executed by processor 604.
Such instructions, when stored in non-transitory storage media
accessible to processor 604, render computer system 600 into a
special-purpose machine that is customized to perform the
operations specified in the instructions.
[0177] Computer system 600 further includes a read only memory
(ROM) 608 or other static storage device coupled to bus 602 for
storing static information and instructions for processor 604. A
storage device 610, such as a magnetic disk or optical disk, is
provided and coupled to bus 602 for storing information and
instructions.
[0178] Computer system 600 may be coupled via bus 602 to a display
612, such as a cathode ray tube (CRT), for displaying information
to a computer user. An input device 614, including alphanumeric and
other keys, is coupled to bus 602 for communicating information and
command selections to processor 604. Another type of user input
device is cursor control 616, such as a mouse, a trackball, or
cursor direction keys for communicating direction information and
command selections to processor 604 and for controlling cursor
movement on display 612. This input device typically has two
degrees of freedom in two axes, a first axis (e.g., x) and a second
axis (e.g., y), that allows the device to specify positions in a
plane.
[0179] Computer system 600 may implement the techniques described
herein using customized hard-wired logic, one or more ASICs or
FPGAs, firmware and/or program logic which in combination with the
computer system causes or programs computer system 600 to be a
special-purpose machine. According to one embodiment, the
techniques herein are performed by computer system 600 in response
to processor 604 executing one or more sequences of one or more
instructions contained in main memory 606. Such instructions may be
read into main memory 606 from another storage medium, such as
storage device 610. Execution of the sequences of instructions
contained in main memory 606 causes processor 604 to perform the
process steps described herein. In alternative embodiments,
hard-wired circuitry may be used in place of or in combination with
software instructions.
[0180] The term "storage media" as used herein refers to any
non-transitory media that store data and/or instructions that cause
a machine to operation in a specific fashion. Such storage media
may comprise non-volatile media and/or volatile media. Non-volatile
media includes, for example, optical or magnetic disks, such as
storage device 610. Volatile media includes dynamic memory, such as
main memory 606. Common forms of storage media include, for
example, a floppy disk, a flexible disk, hard disk, solid state
drive, magnetic tape, or any other magnetic data storage medium, a
CD-ROM, any other optical data storage medium, any physical medium
with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM,
NVRAM, any other memory chip or cartridge.
[0181] Storage media is distinct from but may be used in
conjunction with transmission media. Transmission media
participates in transferring information between storage media. For
example, transmission media includes coaxial cables, copper wire
and fiber optics, including the wires that comprise bus 602.
Transmission media can also take the form of acoustic or light
waves, such as those generated during radio-wave and infra-red data
communications.
[0182] Various forms of media may be involved in carrying one or
more sequences of one or more instructions to processor 604 for
execution. For example, the instructions may initially be carried
on a magnetic disk or solid state drive of a remote computer. The
remote computer can load the instructions into its dynamic memory
and send the instructions over a telephone line using a modem. A
modem local to computer system 600 can receive the data on the
telephone line and use an infra-red transmitter to convert the data
to an infra-red signal. An infra-red detector can receive the data
carried in the infra-red signal and appropriate circuitry can place
the data on bus 602. Bus 602 carries the data to main memory 606,
from which processor 604 retrieves and executes the instructions.
The instructions received by main memory 606 may optionally be
stored on storage device 610 either before or after execution by
processor 604.
[0183] Computer system 600 also includes a communication interface
618 coupled to bus 602. Communication interface 618 provides a
two-way data communication coupling to a network link 620 that is
connected to a local network 622. For example, communication
interface 618 may be an integrated services digital network (ISDN)
card, cable modem, satellite modem, or a modem to provide a data
communication connection to a corresponding type of telephone line.
As another example, communication interface 618 may be a local area
network (LAN) card to provide a data communication connection to a
compatible LAN. Wireless links may also be implemented. In any such
implementation, communication interface 618 sends and receives
electrical, electromagnetic or optical signals that carry digital
data streams representing various types of information.
[0184] Network link 620 typically provides data communication
through one or more networks to other data devices. For example,
network link 620 may provide a connection through local network 622
to a host computer 624 or to data equipment operated by an Internet
Service Provider (ISP) 626. ISP 626 in turn provides data
communication services through the world wide packet data
communication network now commonly referred to as the "Internet"
628. Local network 622 and Internet 628 both use electrical,
electromagnetic or optical signals that carry digital data streams.
The signals through the various networks and the signals on network
link 620 and through communication interface 618, which carry the
digital data to and from computer system 600, are example forms of
transmission media.
[0185] Computer system 600 can send messages and receive data,
including program code, through the network(s), network link 620
and communication interface 618. In the Internet example, a server
630 might transmit a requested code for an application program
through Internet 628, ISP 626, local network 622 and communication
interface 618.
[0186] The received code may be executed by processor 604 as it is
received, and/or stored in storage device 610, or other
non-volatile storage for later execution.
[0187] 5.0 Othere Aspects of Disclosure
[0188] Using the networked computer arrangements, intermediary
computer, and/or processing methods described herein, security in
client-server data processing may be significantly increased. In
particular, the use of browser programs may become significantly
more secure. Employing one or more of the techniques discussed
herein may effectively permit obfuscating data field and/or
container identifiers and DOM modification for data that is
financial, personal, or otherwise sensitive so that attackers
cannot determine which fields and/or containers in a web page
include the sensitive data. Consequently, one or more various
attacks, such as a denial of service ("DOS") attack, credential
stuffing, fake account creation, ratings or results manipulation,
man in the browser attacks, reserving rival goods or services,
scanning for vulnerabilities, and/or exploitation of
vulnerabilities, are frustrated because all fields and/or
containers appear to the attacker to be gibberish, or at least
cannot be identified as indicating credit card data, bank account
numbers, personally identifying information, confidential data,
sensitive data, proprietary data, and/or other data.
[0189] Using the networked computer arrangements, intermediary
computer, and/or processing methods described herein, valid
protected links and public links may be visible to a user using a
browser. However, decoy links need not be visible to the user. For
example, the intermediary may include one or more instructions in a
web page, which causes a browser to hide decoy links. Thus, a user
using a browser may be unable (or not as likely) to select a decoy
link. The remaining visible links from which a user may select may
be either public links or protected links that are associated with
a valid key.
[0190] In contrast, bots, which merely parse the instructions and
data structures, do not execute theses instructions. Bots are
merely looking to gather and/or submit data quickly. Bots do not
try to determine which links a user would be able to select if
using a full browser. Thus, a bot may select decoy links. Since
users using a browser cannot select decoy links, only bots are
likely select decoy links.
[0191] An invalid link may be a protected link that was, but is no
longer, associated with a valid key. Users may be unlikely to
select invalid links, but bots may be much more likely. For
purposes of illustrating a clear example, assume a protected link
is generated for a particular web page, the protected link is
associated with a key, the key is associated with a parameter
indicating a page from which the link is valid (a source page),
both a browser and a bot request the particular web page, and a
browser used by a user is configured to send HTTP requests that
indicate a source page: the web page the user last saw and/or which
the link was selected from. A user using a browser may select the
link, which causes the browser to submit a request with data
indicating the source page from which the link was selected (the
particular web page). The intermediary may validate the HTTP
request based on the data indicating that the source page was the
particular page. However, a bot may generate a request based on the
same link but not specify the source page. Accordingly, the
intermediary may determine that the request is invalid.
[0192] For purposes of illustrating another clear example, assume a
protected link is generated for a particular web page, the
protected link is associated with a key, the key is associated with
a parameter indicating a particular time at which the link is no
longer valid, the particular web page includes many other links,
and both a browser and a bot request the particular web page. A
user may select the protected link, and the browser may generate a
request based on the selected link before the particular time
period through the normal course of browsing the particular web
page. The intermediary will validate the request accordingly. In
contrast, a bot, may select many other links, and traverse many
other pages, before requesting a web page based on the protected
link. Thus, the bot may generate a request based on the protected
link after the particular time. Accordingly, the intermediary need
not validate the bot's request.
[0193] The instructions that may be rendered by the intermediary
need not force a bot to only select decoy links and/or invalid
links. Indeed, a bot may select one or more valid links. If a bot
does select a public and/or valid protected link, then the bot may
receive the same valid page as a user using a browser. However,
sooner or later, a bot may either select a decoy link or an invalid
link, or generate a request that does not have the requisite data
for the intermediary to validate the request. Accordingly, the
intermediary may send the bot a decoy page, which may include many
more decoy links that would not be visible to a user if the user
inadvertently selected a decoy link or invalid link. The bot,
however, may continue to select decoy links and receive decoy
pages, causing the bot to get lost in a never ending series of
decoy pages.
[0194] In the foregoing specification, embodiments of the invention
have been described with reference to numerous specific details
that may vary from implementation to implementation. The
specification and drawings are, accordingly, to be regarded in an
illustrative rather than a restrictive sense. The sole and
exclusive indicator of the scope of the invention, and what is
intended by the applicants to be the scope of the invention, is the
literal and equivalent scope of the set of claims that issue from
this application, in the specific form in which such claims issue,
including any subsequent correction.
* * * * *