• About
    • History of Dallas SEO
    • SEO Expert Witness Services
  • Contact
  • Topics
    • Bing
    • Blogging
    • Branding
    • Domain Names
    • Google
    • Internet Marketing
    • Link Building
    • Local Search
    • Marketing
    • Public Relations
    • Reputation Management
    • Search Engine Marketing
    • Search Engine Optimization
    • Search Engines
    • Social Media
    • Tech
  • Advertise
  • Email Newsletter

Bill Hartzer

Bill Hartzer on Search, Marketing, Tech, and Domains.

Home » Social Media » Facebook Account Security Flaw: Sites Auto Posting on Users’ Facebook Walls Without Permission

Facebook Account Security Flaw: Sites Auto Posting on Users’ Facebook Walls Without Permission

Posted on November 29, 2011 Written by Bill Hartzer

Even after leaving Facebook.com, a serious flaw in Facebook‘s account security allows any website to post and “Like” a page without the user’s knowledge or permission.

Simple JavaScript code that is freely available, placed on any web page, will automatically “Like” a URL and post about it on Facebook Users’ walls without their permission or knowledge. A recent test of this JavaScript code revealed that the code was able to auto “Like” and successfully post on over 30 percent of the users’ Facebook walls without their knowledge or permission. This is a serious security flaw in Facebook’s account security that must be fixed.

Imagine visiting your Facebook account, viewing your Facebook Timeline, making a few posts on your Facebook wall, updating your status. Then you leave Facebook.com, without logging out of Facebook, and go to a few other websites. You know, the usual daily routine. For many, it’s easier to just leave Facebook.com and go to other websites without logging out of your Facebook account. When you go back to Facebook.com, you’re already logged in–you don’t to type your Facebook user Id and password again. You can go right to your Facebook timeline, to see all of the updates from your Facebook friends.

That is where this Facebook security flaw comes into play. Devious web site owners (some technically call them “Black Hat” webmasters) are taking advantage of Facebook users. By installing simple JavaScript code on their web site, webmasters are able to “fake” a click on a hidden Facebook “Like” button on their site. And then they post on your Facebook Wall about it, which promotes their URL or web site to all of YOUR Facebook Friends. And you never see the click or the Facebook “Like”, and you most likely will not see that you posted about their web site on your Facebook Status unless you go to Facebook.com and view your Facebook Wall. Most Facebook users will never know that they are promoting web sites that they recently visited unless someone tells them about it–because Facebook is designed in a way for us to see all of our friends’ updates on our timeline. It takes a separate click on the Facebook site to view your own Facebook Status updates.

Security Flaw Effects 31 Percent of Web Site Visitors
In a recent test during a two week period, I installed a version of some “Auto Like” and “Auto Post on Facebook Wall” JavaScript code on a web site that I own. After running the test on the web site for two weeks (the code has now been removed from the site), the results were impressive but disturbing. The average web site visitors to this web site are what I would call “very tech savvy” people. On this particular test web site where I ran the script, the Average Bounce Rate is 52.41 percent. The Average Time on Site is 7:04 minutes. 54.62 percent were New Visits. Here are some statistics about the users to this particular test web site:

52.41% Bounce Rate
7:04 minutes Avg. Time on Site
54.62% New visits
45.64% Firefox Users
34.20% Chrome Users
9.36% Internet Explorer Users

Referring Web Sites:
38.24% New Visits Direct to Site
71.27% New Visits from Google
61.90% New Visits from Facebook.com
83.33% New visits from m.Facebook.com
——————————
30.8% Users who Auto Liked and Auto Posted on their Facebook Wall

Nearly 31 Percent of these tech-savvy users who visited the test web site were still logged into Facebook–and the script caused them to automatically “Like” the page and automatically posted on their Facebook Wall that they liked the web site–promoting the web site to all of their Facebook Friends. And although the about half of the new visits were direct visits to the test web site, the 3rd and 4th most popular referring site was Facebook (I am assuming that they came because someone had promoted the web site on their Facebook status). 62 percent were from Facebook.com and a whopping 83 percent were new visits from the mobile version of Facebook.com.

What is disturbing here is the fact that when you visit a website. Not only will you “Like” a URL of the web site owner’s choosing, the web site will also automatically post on your Facebook Wall without you even knowing it. If you are logged into your Facebook account, even though you are NOT on Facebook.com, any website can automatically post on your Facebook Wall without your knowledge. This is a serious Facebook security flaw that Facebook needs to address right away.

How You can Stop Facebook Account Security Flaw
At this point, there is really only one way that you personally can stop web sites from automatically posting and auto “Liking” when you visit their web site. When you visit Facebook.com you should log in–and when you leave Facebook.com, you should log out. As long at you are technically logged out of Facebook.com, there is no way that a devious web site owner can force you to automatically “like” their web site–and they cannot automatically post to your Facebook Wall.

Facebook absolutely needs to take action right away so that this cannot continue to happen. Facebook must protect the integrity of the Facebook “Like” system, or a Facebook “Like” will be meaningless in the future. A good start would be for Facebook to implement some sort of Captcha Code as a part of the Facebook “Likes”, which would be a good step in the right direction here.

Filed Under: Social Media

About Bill Hartzer

Bill Hartzer is CEO of Hartzer Consulting, an SEO Consulting firm that includes services such as search engine optimization, technical SEO audits, domain name consulting, and online reputation management. As an SEO Expert, Mr. Hartzer frequently serves as an SEO Expert Witness and Domain Name Expert Witness in legal cases worldwide. He also oversees DNAccess.com, a company that provides brand protection and monitoring, domain name background checks, and stolen domain name recovery services.

Recent Posts

  • IP.com Launches Innovative Online Storefront October 2, 2023
  • Padma Lakshmi to Host 5th Annual .ORG Impact Awards October 2, 2023
  • Atly Unveils ‘Ask Around’ Tool, Empowering Influencers to Gather and Share Recommendations from Followers September 29, 2023
  • RedKangaroo Launches World’s First “Organic Growth” Marketing Platform Leveraging Social Media September 29, 2023
  • SmarTek21’s IntelliTek SearchAI September 29, 2023
  • ICANN Marks 25 Years September 28, 2023
  • AI Content Generation Market Projected to Reach $5.958 Billion by 2029 September 6, 2023
  • Indigo Ransomware Attack Impacted SEO, Led to Lost Revenue August 14, 2023
  • Internet Corporation Listing Service Invoice – Fake Invoice Scam August 8, 2023
  • Someone Stole My Domain Name: Here’s What You Do August 8, 2023
  • Pulsr: First AI Search Engine for NFTs Launches July 27, 2023
  • 2023 TechBehemoths Survey: SEO is Most Effective Method for Lead Gen July 13, 2023
  • Meta Launches Threads, Twitter Sends Cease and Desist Letter July 6, 2023
  • Squarespace Acquires Google Domains June 15, 2023
  • How to Submit Spammy, Deceptive, and Low Quality Web Pages to Google June 14, 2023
  • New HIPAA-Compliant Google & Facebook Campaign Tracking Available June 13, 2023
  • Google Search Engine Class Action Settlement: Google Referrer Header Privacy Litigation June 5, 2023
  • I Asked Twitter for SEO Advice. Here’s What They Said June 1, 2023
  • Web.com Launches AI Domain Name Generator and AI Writer Tools May 31, 2023
  • Artlist Launches AI-Powered Footage Search Engine May 30, 2023

Hartzer Domains

US Agency Awards Judge

DFWSEM logo

Bill Hartzer is a Brand Ambassador for:



Industry Friends

I Love SEO
WTFSEO
SEO By the Sea
Jeff Lenney
Jeff Gabriel
Scott Hendison
Dixon Jones
Brian Hartzer
Navah Hopkins
DNAccess
SEO Dallas

Connect With Bill Hartzer

Bill Hartzer on Twitter
Bill Hartzer on Instagram
Hartzer Consulting on Facebook
Bill Hartzer on Facebook
Bill Hartzer on YouTube

Categories

  • Advertising (19)
  • AI (2)
  • Bing Search Engine (6)
  • Blogging (42)
  • Branding (13)
  • Domain Names (216)
  • Google (241)
  • Internet Marketing (27)
  • Internet Usage (85)
  • Link Building (53)
  • Local Search (39)
  • Marketing (183)
  • Marketing Foo (30)
  • Pay Per Click (3)
  • Podcast (18)
  • Public Relations (8)
  • Reputation Management (9)
  • Search Engine Marketing (44)
  • Search Engine Marketing Events (48)
  • Search Engine Marketing Firms (19)
  • Search Engine Marketing Jobs (33)
  • Search Engine Optimization (166)
  • Search Engines (208)
  • Social Media (197)
  • Tech (7)
  • Web Analytics (17)
  • Webinars (1)

Note: All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only, and are mentioned only to help my readers. All other trademarks cited herein are the property of their respective owners. Use of these names, logos, and brands does not imply endorsement.




Hartzer Consulting



Website, Content, and Marketing by Hartzer Consulting, LLC.

Copyright © 2023 ·