Q. Our convention center provides Wi-Fi access to customers for a small fee, but we found out that some patrons may be circumventing our sign-on/payment page and using our routers without paying. Is this possible, and if so, how do we stop it?
A. A little-known trick makes it easy for unscrupulous people to circumvent your sign-on/payment webpage and use your internet connection without paying the required access fee. Once they've connected to your secure Wi-Fi connection but before they purchase internet access, they simply add the phrase ?.JPG to the end of any URL they want to access, thus allowing them to bypass your account requirements.
This trick works because many public Wi-Fi routers are set to automatically kick users without an authorized account to a sign-on/payment webpage whenever they attempt to access URLs ending in HTM, HTML, or ASP. However, when the URL ends in something other than these extensions, such as ?.JPG, then the router does not kick them to the sign-on/payment webpage; instead the Wi-Fi router displays the requested URL.
Router manufacturers have recently caught on to this ploy, and many newer routers and router firmware allow owners to close this loophole to prevent this type of unauthorized internet access. I recommend you update your Wi-Fi router's firmware, and if that does not solve the problem, consider replacing your Wi-Fi routers.
About the author
J. Carlton Collins (email@example.com) is a technology consultant, a CPE instructor, and a JofA contributing editor. Note: Instructions for Microsoft Office in “Technology Q&A” refer to the 2013, 2010, and 2007 versions, unless otherwise specified.
Submit a question
Do you have technology questions for this column? Or, after reading an answer, do you have a better solution? Send them to firstname.lastname@example.org. We regret being unable to individually answer all submitted questions.