 |
|
 |
|
02.06.09 Can Spammers Take Advantage Of Redirects?  By Navneet KaushalGoogle is warning that spammers might take advantage of your site without even using your server! They do so by abusing open redirect URLs. In this case the spammers or the hackers take advantage of your website instead of exploiting any security issue or some other way of spamming. According to the Official Google Webmaster Central Blog, "We have observed spammers going after a wide range of websites, from large well-known businesses to small local government agencies." What can you do to solve this problem? • Change the redirect code to check the referer, since in most cases everyone coming to your redirect script legitimately should come from your site, not a search engine or elsewhere. You may need to be permissive, since some users' browsers may not report a referer, but if you know a user is coming from an external site you can stop or warn them. • If your script should only ever send users to an internal page or file (for example, on a page with file downloads), you should specifically disallow off-site redirects. • Consider using a whitelist of safe destinations. In this case your code would keep a record of all outgoing links, and then check to make sure the redirect is a legitimate destination before forwarding the user on.
• Consider signing your redirects. If your website needs to provide URL redirects, you can hash the destination URL and include that cryptographic signature as another parameter for the redirect. That allows your own site to do URL redirection without opening your URL redirector to the general public. Join the Mosso Hosting Cloud. Easy. Powerful. Scalable. Learn More • If your site is really not using it, disable the redirect. We have observed a number of sites where the only use of the redirect is by spammers - probably just a feature left on by default. • Use robots.txt to exclude search engines from the redirect scripts on your site. This won't solve the problem completely, as attackers could still use your domain in email spam. Your site will be less attractive to attackers, though, and users won't get tricked via web search results. If your redirect scripts reside in a subfolder with other scripts that don't need to appear in search results, excluding the entire subfolder may even make it harder for spammers to find redirect scripts in the first place. You can also use Webmaster Tools to remove URLs. Spammers may have compromised or abused other sites creating links to the spammed section of your site. If you see suspicious sites or spammed forums linking in, report those to us, preferably with the verified spam report form in Webmaster Tools. Tune in to the official blog for more information. Comments About the Author: Nav is the founder and CEO of Page Traffic, a premier search engine company known for SEO service, web design and development, copy writing and SEO professionals. Navneet has wide experience in natural search engine optimization, internet marketing and PPC. His articles can be found in the "Best Articles" section of many websites and article banks. As a search analyst, he has over 9 years of experience and his knowledge is in application here. |
|
| ||
| -- antiSPAMnews
is an iEntry, Inc.
publication -- iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 2009 iEntry, Inc. All Rights Reserved | Privacy Policy | Legal | Contact archives | advertising info | news headlines | free newsletters | comments/feedback | submit article |
antiSPAMnews is brought to you by: