ðĻ What is Back Button Hijacking?
Back button hijacking (also known as history hijacking or history manipulation) is a deceptive web practice where a website intentionally manipulates your browser's history to prevent you from using the "Back" button to leave their page.
ðŠĪ The Trap: Instead of taking you to the previous site you were visiting, clicking "Back" either keeps you trapped on the current page, sends you to a different unwanted page, or opens a barrage of ads. Shady websites, scammers, and aggressive marketers use this tactic to artificially inflate their traffic, force you to view ads, or trap you in a phishing scheme.
Here are the most common examples of how websites hijack the back button:
ð 1. History Flooding (History Stuffing)
This is the most common technique. Normally, as you browse, each new page is added to your browser’s "history stack" one by one.
The Exploit ðŧ: In a history flooding attack, the website uses JavaScript (specifically the
history.pushState()command) to instantly insert dozens or hundreds of dummy pages into your browser's history the moment you land on the site.The Experience ðĐ: You visit a shady streaming site or click a clickbait article. You realize it's garbage, so you click the Back button. Instead of going back to Google, the page simply reloads, or the URL changes slightly, but you are still on the same site. Because the site stuffed 50 dummy pages into your history, you would have to click the Back button 50 times in rapid succession to actually escape.
ð 2. The Instant Redirect Loop
This method traps you in an endless cycle between two pages.
The Experience ð: You are on Site A (a search engine) and click a link to Site B (the malicious site). As soon as you land on Site B, it automatically and instantly redirects you to Site C.
When you are on Site C and click "Back," the browser takes you to Site B. However, Site B is still programmed to instantly redirect you to Site C. You are essentially playing ping-pong between the two pages and can never easily get back to Site A.
ð 3. The Fake "Back" Button
This is a visual trick rather than a technical manipulation of your browser's history.
The Experience ðĪĨ: The website forces your browser into full-screen mode or hides the browser's actual interface. It then displays a fake toolbar at the top with a fake "Back" arrow. When you click this fake arrow to leave, it actually acts as a normal link, taking you deeper into the website, triggering a malicious download, or opening a pop-up ad.
⚠️ 4. Abuse of the "OnBeforeUnload" Alert
While modern browsers have cracked down on this, older iterations of hijacking abused the feature designed to stop you from accidentally losing unsaved work (like when a site asks, "You have unsaved changes, are you sure you want to leave?").
The Experience ð: You click Back, and a pop-up appears saying, "Wait! You've won a prize! Click stay to claim." If you try to close it or click Back again, another pop-up immediately triggers, trapping you on the page until you forcibly close the browser tab.
ðŠ How to Escape a Hijacked Tab
If you ever find yourself trapped by back button hijacking, do not aggressively click the Back button.
ðą️ Click and Hold: Instead, click and hold the Back button (or right-click it). This will open a dropdown menu showing your recent history. Scroll down past the dozens of spam entries and click on the legitimate website you were visiting before you got trapped.
❌ Close It Out: Alternatively, simply close the browser tab entirely.
ðĻ ā°Ž్ā°Ŋాā°్ ā°Žā°ā°Ļ్ ā°đైā°ాā°ింā°్ (Back button hijacking) ā° ంā°ే ā°ā°Ūిā°ి?
ā°Ž్ā°Ŋాā°్ ā°Žā°ā°Ļ్ ā°đైā°ాā°ింā°్ (ā°ēేā°Ķా ā°đిā°ļ్ā°ā°°ీ ā°đైā°ాā°ింā°్) ā° ā°Ļేā°Ķి ā°ā° ā°Ūోā°ļā°Šూā°°ిā°Īā°Ūైā°Ļ ā°ĩెā°Ž్ ā°ĩిā°§ాā°Ļం. ā°Ūీā°°ు ā°ూā°ļ్ā°Īుā°Ļ్ā°Ļ ā°ĩెā°Ž్ā°ļైā°్ ā°Ļుంā°Ąి ā°Žā°Ŋā°ā°ు ā°ĩెā°ģ్ā°ēā°Ąాā°Ļిā°ి ā°ĩీā°ēు ā°ēేā°ుంā°Ąా, ā°Ūీ ā°Ž్ā°°ౌā°ā°°్ ā°Ŋొā°్ā° "ā°Ž్ā°Ŋాā°్ (Back)" ā°Žā°ā°Ļ్ ā°Šā°Ļిā°ేā°Ŋā°ుంā°Ąా ā° ā°ĩెā°Ž్ā°ļైā°్ā°ēు ā°Ūీ ā°Ž్ā°°ౌā°ā°°్ ā°đిā°ļ్ā°ā°°ీā°Ļి ā°Ūాā°°ుā°ļ్ā°Īాā°Ŋి.
ðŠĪ ā°్ā°°ాā°Š్: ā°Ūీā°°ు "ā°Ž్ā°Ŋాā°్" ā°Žā°ā°Ļ్ ā°Ļొā°్ā°ిā°Ļā°Š్ā°Šుā°Ąు ā°Ūీā°°ు ā°ంā°Īā°ు ā°Ūుంā°Ķు ā°ూā°ļిā°Ļ ā°ļైā°్ā°ు ā°ĩెā°ģ్ā°ēā°Ąాā°Ļిā°ి ā°Žā°Ķుā°ēుā°ా, ā° ā°Ķే ā°Šేā°ీā°ēో ā°ంā°Ąిā°Šోā°ĩā°Ąం, ā°ĩేā°°ొā° ā° ā°ĩాంā°ిā°Ī ā°Šేā°ీā°ి ā°ĩెā°ģ్ā°ēā°Ąం ā°ēేā°Ķా ā°Šెā°Ķ్ā°Ķ ā°ļంā°్ā°Ŋā°ēో ā°Š్ā°°ā°ā°ā°Ļā°ēు (ads) ā°°ాā°ĩā°Ąం ā°ā°°ుā°ుā°Īుంā°Ķి. ā°Ļā°ిā°ēీ ā°ĩెā°Ž్ā°ļైā°్ā°ēు, ā°ļ్ā°ాā°Ūā°°్ā°ēు ā°Ūā°°ిā°Ŋు ā°Ķుā°°ాā°ķ ā°ā°ēిā°ిā°Ļ ā°Ūాā°°్ā°ెā°ā°°్ā°ēు ā°Īā°Ū ā°ĩెā°Ž్ā°ļైā°్ ā°్ā°°ాā°Ŧిā°్ā°Ļు ā°ృā°Ī్ā°°ిā°Ūంā°ా ā°Šెంā°ుā°ోā°ĩā°Ąాā°Ļిā°ి, ā°Ūీā°ు ā°Žā°ēā°ĩంā°Īంā°ా ā°Š్ā°°ā°ā°ā°Ļā°ēు ā°ూā°Šింā°ā°Ąాā°Ļిā°ి ā°ēేā°Ķా ā°Ŧిā°·ింā°్ ā°ļ్ā°ాā°Ū్ā°ēో ā°Ūిā°Ū్ā°Ūā°ē్ā°Ļి ā°ā°°ిā°ింā°ā°Ąాā°Ļిā°ి ā° ā°ĩ్ā°Ŋూā°đాā°Ļ్ā°Ļి ā°ā°Šā°Ŋోā°ిā°ļ్ā°Īాā°°ు.
ā°ĩెā°Ž్ā°ļైā°్ā°ēు ā°Ž్ā°Ŋాā°్ ā°Žā°ā°Ļ్ā°Ļు ā°ā°ēా ā°đైā°ాā°్ ā°ేā°ļ్ā°Īాā°Ŋో ā°ĩిā°ĩā°°ింā°ే ā°ొā°Ļ్ā°Ļి ā°ļాā°§ాā°°ā°Ģ ā°ā°Ķాā°đā°°ā°Ģā°ēు ā°ā°్ā°ā°Ą ā°ā°Ļ్ā°Ļాā°Ŋి:
ð 1. ā°đిā°ļ్ā°ā°°ీ ā°Ŧ్ā°ēā°Ąింā°్ ā°ēేā°Ķా ā°ļ్ā°ā°Ŧింā°్ (History Flooding)
ā°ā°Ķి ā°ాā°ēా ā°ļాā°§ాā°°ā°Ģ ā°Šā°Ķ్ā°§ā°Īి. ā°ļాā°§ాā°°ā°Ģంā°ా, ā°Ūీā°°ు ā°Ž్ā°°ౌā°్ ā°ేā°ļ్ā°Īుā°Ļ్ā°Ļā°Š్ā°Šుā°Ąు, ā°ā°్ā°ో ā°ొā°Ī్ā°Ī ā°Šేā°ీ ā°Ūీ ā°Ž్ā°°ౌā°ā°°్ "ā°đిā°ļ్ā°ā°°ీ" ā°ēోā°ి ā°ేā°°ుā°Īుంā°Ķి.
ðŧ ā°Ķాā°Ąి ā°ā°°ిā°ే ā°Īీā°°ు: ā°đిā°ļ్ā°ā°°ీ ā°Ŧ్ā°ēā°Ąింā°్ ā° ā°ాā°్ā°ēో, ā°Ūీā°°ు ā°ļైā°్ā°ēోā°ి ā°Š్ā°°ā°ĩేā°ķింā°ā°ాā°Ļే ā°ĩాā°°ు ā°ాā°ĩాā°ļ్ā°్ā°°ిā°Š్ā°్ (ā°Ūుā°్ā°Ŋంā°ా
history.pushState()ā°ā°Ūాంā°Ą్) ā°ā°Šā°Ŋోā°ింā°ి ā°Ūీ ā°Ž్ā°°ౌā°ā°°్ ā°đిā°ļ్ā°ā°°ీā°ēోā°ి ā°ā°ేā°ļాā°°ి ā°Šā°Ķుā°ē ā°ēేā°Ķా ā°ĩంā°Ķā°ē ā°ొā°Ķ్ā°Ķీ ā°Ļā°ిā°ēీ ā°Šేā°ీā°ēā°Ļు ā°ొā°Š్ā°Šిā°ļ్ā°Īాā°°ు.ðĐ ā° ā°Ļుā°ā°ĩం: ā°Ūీā°°ు ā°ā° ā°Ūోā°ļā°Šూā°°ిā°Ī ā°ļ్ā°్ā°°ీā°Ūింā°్ ā°ļైā°్ ā°ēేā°Ķా ā°్ā°ēిā°్ā°Žైā°్ ā°ā°°్ā°ిā°ā°ē్ ā°ēింā°్ ā°్ā°ēిā°్ ā°ేā°ļ్ā°Īాā°°ు. ā° ā°Ķి ā°Šā°Ļిā°ిā°°ాā°Ļి ā°ļైā°్ ā° ā°Ļి ā°్ā°°ā°đింā°ి "ā°Ž్ā°Ŋాā°్" ā°Žā°ā°Ļ్ ā°Ļొā°్ā°ుā°Īాā°°ు. ā°ాā°Ļీ ā° ā°ļైā°్ ā°Ūీ ā°đిā°ļ్ā°ā°°ీā°ēో 50 ā°Ļā°ిā°ēీ ā°Šేā°ీā°ēā°Ļు ā°Ļింā°Šā°Ąం ā°ĩā°ē్ā°ē, ā°Ūీā°°ు ā°Īిā°°ిā°ి ā°ూā°ుā°ē్ā°ి ā°ĩెā°ģ్ā°ēā°Ąాā°Ļిā°ి 50 ā°ļాā°°్ā°ēు ā°ĩేā°ంā°ా ā°Ž్ā°Ŋాā°్ ā°Žā°ā°Ļ్ ā°Ļొā°్ā°ాā°ē్ā°ļి ā°ĩā°ļ్ā°Īుంā°Ķి. ā°ēేā°ā°Šోā°Īే ā° ā°ļైā°్ ā°ēోā°Ļే ā°Šేā°ీ ā°°ీā°ēోā°Ą్ ā° ā°ĩుā°Īూ ā°ంā°ుంā°Ķి.
ð 2. ā°ā°Ļ్ā°ļ్ā°ంā°్ ā°°ీā°Ąైā°°ెā°్ā°్ ā°ēూā°Š్ (The Instant Redirect Loop)
ā° ā°Šā°Ķ్ā°§ā°Īి ā°Ūిā°Ū్ā°Ūā°ē్ā°Ļి ā°°ెంā°Ąు ā°Šేā°ీā°ē ā°Ūā°§్ā°Ŋ ā°ēూā°Š్ā°ēో ā°ā°°ిā°ిā°ļ్ā°Īుంā°Ķి.
ð ā° ā°Ļుā°ā°ĩం: ā°Ūీā°°ు ā°ļైā°్ A (ā°ā° ā°ļెā°°్ā°్ ā°ంā°ిā°Ļ్) ā°Ļుంā°Ąి ā°ļైā°్ B (ā°Š్ā°°ā°Ūాā°Ķā°ā°°ā°Ūైā°Ļ ā°ļైā°్) ā° ā°Ļే ā°ēింā°్ā°Ļి ā°్ā°ēిā°్ ā°ేā°ļ్ā°Īాā°°ు. ā°Ūీā°°ు ā°ļైā°్ B ā°ి ā°ĩెā°ģ్ā°ēā°ాā°Ļే, ā° ā°Ķి ā°ĩెంā°ā°Ļే ā°Ūిā°Ū్ā°Ūā°ē్ā°Ļి ā°ļైā°్ C ā°ి ā°Īీā°ļుā°ుā°ĩెā°ģుā°Īుంā°Ķి.
ā°Ūీā°°ు ā°ļైā°్ C ā°ēో ā°ā°Ļ్ā°Ļā°Š్ā°Šుā°Ąు ā°ĩెā°Ļā°్ā°ి ā°ĩెā°ģ్ā°ēā°Ąాā°Ļిā°ి "ā°Ž్ā°Ŋాā°్" ā°Ļొā°్ā°ిā°Īే, ā°Ž్ā°°ౌā°ā°°్ ā°Ūిā°Ū్ā°Ūā°ē్ā°Ļి ā°ļైā°్ B ā°ి ā°Īీā°ļుā°ుā°ĩెā°ģుā°Īుంā°Ķి. ā°ాā°Ļీ ā°ļైā°్ B ā°ĩెంā°ā°Ļే ā°Ūā°ģ్ā°ģీ ā°Ūిā°Ū్ā°Ūā°ē్ā°Ļి ā°ļైā°్ C ā°ి ā°Šంā°Šేā°ēా ā°Š్ā°°ోā°్ā°°ాā°Ū్ ā°ేā°Ŋā°Žā°Ąి ā°ంā°ుంā°Ķి. ā°Ķీā°Ļిā°ĩā°ē్ā°ē ā°Ūీā°°ు ā° ā°°ెంā°Ąు ā°Šేā°ీā°ē ā°Ūā°§్ā°Ŋే ā°Šā°Ķే ā°Šā°Ķే ā°Īిā°°ుā°ుā°Īూ, ā°ļుā°ēā°ంā°ా ā°ļైā°్ A ā°ి ā°ĩెā°ģ్ā°ēā°ēేā°°ు.
ð 3. ā°Ļā°ిā°ēీ "ā°Ž్ā°Ŋాā°్" ā°Žā°ā°Ļ్ (The Fake "Back" Button)
ā°ā°Ķి ā°Ūీ ā°Ž్ā°°ౌā°ā°°్ ā°đిā°ļ్ā°ā°°ీā°Ļి ā°ాā°ుంā°Ąా ā°Ūీ ā°ā°ģ్ā°ēā°Ļు ā°Ūోā°ļం ā°ేā°ļే ā°్ā°°ిā°్.
ðĪĨ ā° ā°Ļుā°ā°ĩం: ā°ĩెā°Ž్ā°ļైā°్ ā°Ūీ ā°Ž్ā°°ౌā°ā°°్ā°Ļు ā°Ŧుā°ē్-ā°ļ్ā°్ā°°ీā°Ļ్ ā°Ūోā°Ą్ā°ēోā°ి ā°Ūాā°°ుā°ļ్ā°Īుంā°Ķి ā°ēేā°Ķా ā° ā°ļā°ēు ā°Ž్ā°°ౌā°ā°°్ ā°ంā°ā°°్ā°Ŧేā°ļ్ā°Ļు ā°Ķాā°ేā°ļ్ā°Īుంā°Ķి. ā°Īā°°్ā°ĩాā°Ī ā°ļ్ā°్ā°°ీā°Ļ్ ā°Šైā°ాā°ంā°ēో ā°ā° ā°Ļā°ిā°ēీ "ā°Ž్ā°Ŋాā°్" ā°Žాā°Ģం ā°ుā°°్ā°Īుā°Ļు ā°ూā°Šిā°ļ్ā°Īుంā°Ķి. ā°Ūీā°°ు ā° ā°్ā°ā°Ąిā°Ļుంā°Ąి ā°Žā°Ŋā°ā°Šā°Ąā°ాā°Ļిā°ి ā° ā°Ļā°ిā°ēీ ā°Žాā°Ģం ā°ుā°°్ā°Īుā°Ļు ā°్ā°ēిā°్ ā°ేā°ļిā°Ļā°Š్ā°Šుā°Ąు, ā° ā°Ķి ā°Ūిā°Ū్ā°Ūā°ē్ā°Ļి ā° ā°ĩెā°Ž్ā°ļైā°్ā°ēో ā°ంā°ా ā°ēోā°Šā°ēిā°ి ā°Īీā°ļుā°ుā°ĩెā°ģుā°Īుంā°Ķి, ā°Š్ā°°ā°Ūాā°Ķā°ā°°ā°Ūైā°Ļ ā°Ūాā°ē్ā°ĩేā°°్ā°Ļు ā°Ąౌā°Ļ్ā°ēోā°Ą్ ā°ేā°ļ్ā°Īుంā°Ķి ā°ēేā°Ķా ā°Šాā°Š్-ā° ā°Š్ ā°Ŋాā°Ą్ā°ļ్ ā°Ļి ā°ā°Šెā°Ļ్ ā°ేā°ļ్ā°Īుంā°Ķి.
⚠️ 4. "OnBeforeUnload" ā° ā°ēā°°్ā°్ ā°Ķుā°°్ā°ĩిā°Ļిā°Ŋోā°ం
ā°ā°§ుā°Ļిā° ā°Ž్ā°°ౌā°ā°°్ā°ēు ā°Ķీā°Ļిā°Ļి ā° ā°°ిā°ā°్ā°ిā°Ļā°Š్ā°Šā°ిā°ీ, ā°Šాā°Ī ā°đైā°ాā°ింā°్ ā°Šā°Ķ్ā°§ā°Īుā°ēు ā° ā°Ŧీā°ā°°్ā°Ļు ā°Ķుā°°్ā°ĩిā°Ļిā°Ŋోā°ం ā°ేā°ķాā°Ŋి. ā°Ūీā°°ు ā°Šొā°°ā°Šాā°ుā°Ļ ā°ā°Ķైā°Ļా ā°ļేā°ĩ్ ā°ేā°Ŋā°Ļి ā°Šā°Ļిā°Ļి ā°ోā°ē్ā°Šోā°ుంā°Ąా ā°ā°Šేంā°Ķుā°ు (ā°ā°Ķా: "ā°ļేā°ĩ్ ā°ేā°Ŋā°Ļి ā°Ūాā°°్ā°Šుā°ēు ā°ā°Ļ్ā°Ļాā°Ŋి, ā°Ūీā°°ు ā°Ļిā°ంā°ా ā°ĩెā°ģ్ā°ēాā°ēā°Ļుā°ుంā°ుā°Ļ్ā°Ļాā°°ా?") ā°ā°Ķి ā°°ూā°Šొంā°Ķింā°ā°Žā°Ąింā°Ķి.
ð ā° ā°Ļుā°ā°ĩం: ā°Ūీā°°ు "ā°Ž్ā°Ŋాā°్" ā°Ļొā°్ā°ిā°Ļā°Š్ā°Šుā°Ąు, ā°ā° ā°Šాā°Š్-ā° ā°Š్ ā°ĩā°్ā°ి "ā°ā°ంā°Ąి! ā°Ūీā°°ు ā°Žā°đుā°Ūā°Īి ā°ెā°ēుā°ుā°ుā°Ļ్ā°Ļాā°°ు! ā°్ā°ēెā°Ŋిā°Ū్ ā°ేā°Ŋā°Ąాā°Ļిā°ి ā°ā°్ā°ā°Ąే ā°ంā°Ąంā°Ąి" ā° ā°Ļి ā°ూā°Šిā°ļ్ā°Īుంā°Ķి. ā°Ūీā°°ు ā°Ķాā°Ļ్ā°Ļి ā°్ā°ēోā°్ ā°ేā°Ŋā°Ąాā°Ļిā°ి ā°ēేā°Ķా ā°Ūā°ģ్ā°ēీ ā°Ž్ā°Ŋాā°్ ā°Ļొā°్ā°ā°Ąాā°Ļిā°ి ā°Š్ā°°ā°Ŋā°Ī్ā°Ļిā°ļ్ā°Īే, ā°ĩెంā°ā°Ļే ā°Ūā°°ో ā°Šాā°Š్-ā° ā°Š్ ā°ĩā°ļ్ā°Īుంā°Ķి. ā°Ūీā°°ు ā° ā°Ž్ā°°ౌā°ā°°్ ā°్ā°Ŋాā°Ž్ā°Ļు ā°Šూā°°్ā°Īిā°ా ā°్ā°ēోā°్ ā°ేā°ļే ā°ĩā°°ā°ు ā° ā°్ā°ā°Ąే ā°ā°°ుā°్ā°ుā°Šోā°Īాā°°ు.
ðŠ ā°đైā°ాā°్ ā°ేā°Ŋā°Žā°Ąిā°Ļ ā°్ā°Ŋాā°Ž్ ā°Ļుంā°Ąి ā°ā°ēా ā°Žā°Ŋā°ā°Šā°Ąాā°ēి
ā°Ūీā°°ు ā°ā°Š్ā°Šుā°Ąైā°Ļా ā°ā°ēాంā°ి ā°Ž్ā°Ŋాā°్ ā°Žā°ā°Ļ్ ā°đైā°ాā°ింā°్ā°ēో ā°ిā°్ā°ుā°ుంā°ే, ā°Šā°Ķే ā°Šā°Ķే ā°Ž్ā°Ŋాā°్ ā°Žā°ā°Ļ్ā°Ļు ā°Ļొā°్ā°ā°ంā°Ąి.
ðą️ ā°Ļొā°్ā°ి ā°Šā°్ā°ుā°ోంā°Ąి: ā°Ķాā°Ļిā°ి ā°Žā°Ķుā°ēుā°ా, ā°Ž్ā°Ŋాā°్ ā°Žā°ā°Ļ్ā°Ļు ā°Ļొā°్ā°ి ā°Šā°్ā°ుā°ోంā°Ąి (ā°ēేā°Ķా ā°°ైā°్-ā°్ā°ēిā°్ ā°ేā°Ŋంā°Ąి). ā°ā°Ķి ā°Ūీ ā°ā°ీā°ĩā°ēి ā°đిā°ļ్ā°ā°°ీā°Ļి ā°ూā°Šిā°ļ్ā°Īూ ā°ā° ā°Ą్ā°°ాā°Š్ā°Ąౌā°Ļ్ ā°Ūెā°Ļూā°Ļు ā°ā°Šెā°Ļ్ ā°ేā°ļ్ā°Īుంā°Ķి. ā° ంā°Ķుā°ēో ā°ā°Ļ్ā°Ļ ā°Ļā°ిā°ēీ ā°ంā°్ā°°ీā°ēā°Ļు ā°Ķాā°ి ā°ింā°Ķā°ు ā°ļ్ā°్ā°°ోā°ē్ ā°ేā°ļి, ā°Ūీā°°ు ā°đైā°ాā°్ ā° ā°ĩ్ā°ĩā°ā°Ūుంā°Ķు ā°ూā°ļ్ā°Īుā°Ļ్ā°Ļ ā° ā°ļā°ēైā°Ļ ā°ĩెā°Ž్ā°ļైā°్ā°Šై ā°్ā°ēిā°్ ā°ేā°Ŋంā°Ąి.
❌ ā°్ā°ēోā°్ ā°ేā°Ŋంā°Ąి: ā°ēేā°Ķా ā°ļుā°ēā°ంā°ా ā° ā°Ž్ā°°ౌā°ā°°్ ā°్ā°Ŋాā°Ž్ā°Ļు ā°Šూā°°్ā°Īిā°ా ā°్ā°ēోā°్ ā°ేā°Ŋంā°Ąి.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.