DEMYSTIFYING THE HOSTING INFRASTRUCTURE OF THE FREE CONTENT WEB: A SECURITY PERSPECTIVE

Abstract

This dissertation delves into the security of free content websites, a crucial internet component that presents significant security challenges due to their susceptibility to exploitation by malicious actors. While prior research has highlighted the security disparities between free and premium content websites, it has not delved into the underlying causes. This study aims to address this gap by examining the security infrastructure of free content websites. The research commences with an analysis of the content management systems (CMSs) employed by these websites and their role. Data from 1,562 websites encompassing free and premium categories is collected to identify CMS usage and its association with malicious activities. Various metrics are employed, including unpatched vulnerabilities, total vulnerabilities, malicious counts, and percentiles. The findings reveal widespread CMS usage, even among websites with custom code, underscoring the potential for a small number of unpatched vulnerabilities in popular CMSs to lead to significant maliciousness. The study further explores the global distribution of free content websites, considering factors such as hosting network scale, cloud service provider utilization, and country-level distribution. Notably, free and premium content websites are predominantly hosted in medium-scale networks, known for their high concentration of malicious websites. Moreover, the research delves into the geographical distribution of these websites and their presence in different countries. It examines the occurrence of malicious websites and their correlation with the National Cyber Security Index (NCSI), a measure of a country’s cybersecurity maturity. The United States emerges as the primary host for most investigated websites, with countries exhibiting higher rates of malicious websites tending to have lower NCSI scores, primarily due to weaker privacy policy development. In conclusion, this dissertation uncovers correlations in the infrastructure, distribution, and geographical aspects of free content websites, offering valuable insights for mitigating their associated threats.