Abstract
This paper investigates the potential causes of the vulnerabilities of free content websites to address risks and maliciousness. Assembling more than 1,500 websites with free and premium content, we identify their content management system (CMS) and malicious attributes. We use frequency analysis at both the aggregate and per category of content (books, games, movies, music, and software), utilizing the unpatched vulnerabilities, total vulnerabilities, malicious count, and percentiles to uncover trends and affinities of usage and maliciousness of CMS’s and their contribution to those websites. Moreover, we find that, despite the significant number of custom code websites, the use of CMS’s is pervasive, with varying trends across types and categories. Finally, we find that even a small number of unpatched vulnerabilities in popular CMS’s could be a potential cause for significant maliciousness.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Adepoju, S.A., Oyefolahan, I.O., Abdullahi, M.B., Mohammed, A.A., Ibiyo, M.O.: A human-centered usability evaluation of university websites using SNECAAS model. In: Handbook of Research on the Role of Human Factors in IT Project Management, pp. 173–185. IGI Global (2020)
Alabduljabbar, A., Ma, R., Alshamrani, S., Jang, R., Chen, S., Mohaisen, D.: Poster: measuring and assessing the risks of free content websites. In: Network and Distributed System Security Symposium (NDSS 2022), San Diego, California (2022)
Alabduljabbar, A., Ma, R., Choi, S., Jang, R., Chen, S., Mohaisen, D.: Understanding the security of free content websites by analyzing their SSL certificates: a comparative study. In: Proceedings of the 1st International Workshop on Cybersecurity and Social Sciences (CySSS 2022), Nagasaki, Japan (2022)
Alabduljabbar, A., Mohaisen, D.: Measuring the privacy dimension of free content websites through automated privacy policy analysis and annotation. In: Companion Proceedings of the Web Conference (2022)
Alkinoon, M., Choi, S.J., Mohaisen, D.: Measuring healthcare data breaches. In: Kim, H. (ed.) WISA 2021. LNCS, vol. 13009, pp. 265–277. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-89432-0_22
CMS detect: what CMS is that? Use CMS detector and find out (2022). https://cmsdetect.com/
CVE Details: The ultimate security vulnerability datasource (2022). https://www.cvedetails.com/
Gall, R.: Wordpress 5.9.2 security update fixes XSS and prototype pollution vulnerabilities (2022). https://www.wordfence.com/
Cybersecurity help: vulnerability database (2022). https://www.cybersecurity-help.cz/
Jayanthi, S., Sasikala, M.S.: XGraphticsCLUS: web mining hyperlinks and content of terrorism websites for homeland security. Int. J. Adv. Netw. Appl. 2(6), 941–949 (2011)
Al Kinoon, M., Omar, M., Mohaisen, M., Mohaisen, D.: Security breaches in the healthcare domain: a spatiotemporal analysis. In: Mohaisen, D., Jin, R. (eds.) CSoNet 2021. LNCS, vol. 13116, pp. 171–183. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-91434-9_16
Libert, T.: Exposing the hidden web: an analysis of third-party HTTP requests on 1 million websites. arXiv preprint arXiv:1511.00619 (2015)
openbugbounty: The complete list of bug bounty and security vulnerability disclosure programs launched and operated by open bug bounty community (2022). https://www.openbugbounty.org/
Ostroushko, A.: Restricting access to websites as an new procedure of government coercion. Financ. Law Manag. 167–173 (2015)
Pan, X., Cao, Y., Liu, S., Zhou, Y., Chen, Y., Zhou, T.: CSPAutoGen: black-box enforcement of content security policy upon real-world websites. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 653–665 (2016)
Snyk: find and automatically fix vulnerabilities in your code, open source dependencies, containers, and infrastructure as code (2022). https://snyk.io/
Verkijika, S.F., De Wet, L.: Quality assessment of e-government websites in Sub-Saharan Africa: a public values perspective. Electron. J. Inf. Syst. Dev. Ctries. 84(2), e12015 (2018)
VirusTotal: Analyze suspicious files and URLs to detect types of malware, automatically (2022). https://www.virustotal.com/
W3Techs: W3techs - world wide web technology surveys (2022). https://w3techs.com/sites
Acknowledgement
This research was supported by the Global Research Laboratory (GRL) Program through the National Research Foundation of Korea funded by the Ministry of Science and ICT (NRF-2016K1A1A2912757). Part of this work was additionally supported by CyberFlorida Seed Grant (2021–2022).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Alqadhi, M., Alabduljabbar, A., Thomas, K., Salem, S., Nyang, D., Mohaisen, D. (2023). Do Content Management Systems Impact the Security of Free Content Websites?. In: Dinh, T.N., Li, M. (eds) Computational Data and Social Networks . CSoNet 2022. Lecture Notes in Computer Science, vol 13831. Springer, Cham. https://doi.org/10.1007/978-3-031-26303-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-26303-3_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-26302-6
Online ISBN: 978-3-031-26303-3
eBook Packages: Computer ScienceComputer Science (R0)