Many websites use content management or other software that is essentially free, and is known as "Open Source Software." In order to use the software, the creators sometimes ask for a link or donations. Many leave it up to the site owner as to how he or she wants to display the output from the software and if they want to credit the creator. The presence of these links, although seemingly harmless, can in fact cause a security concern.
A recent thread at Cre8asite Forums discusses this in detail. The thread started by member "manager," asks if people usually leave live links to the open source software creators' websites. He lists some possible reasons to or not to, including:
(Positive) more exposure… It’s nice too say thanks..(and) You don’t know how to remove it. (Negative)..hackers can exploit well-known un-patched weaknesses…may give your competition a leg up...(and) You want to re-brand an application...
The discussion yields some varying points of view, including describing ways to limit the placement of links to a thank you page instead of having them site wide in the footers or other areas. Softplus addresses the security concerns directly:
What I like to do is convert the link into a JavaScript link in an external script. That way I reduce the exposure in the search engines. My forums have been hacked too often...I usually also remove the version number, if I can...A "real" hacker will still be able to track signatures of my sites and the software used and they will still be able to recognize the version number and crack the script - but those 99.997% script-kiddies will go find something easier.
Learn more about this subject and join the discussion at Cre8asite Forums titled Do you remove credit links from opensource software?, powered by trev..lol .
