Register

The Most Active and Friendliest
Affiliate Marketing Community Online!

Register
“Adavice”/  “CPA

Google warnings about Open Redirect URLs

D

djbaxter

Guest
Open redirect URLs: Is your site being abused?
by Jason Morrison, Google Search Quality Team
Friday, January 30, 2009

Redirects being abused by spammers
We have noticed spammers going after a wide range of websites, from large well-known companies to small local government agencies. The list below is a sample of the kinds of redirect we have seen used. These are all perfectly legitimate techniques, but if they're used on your site you should watch out for abuse.

  • Scripts that redirect users to a file on the server—such as a PDF document—can sometimes be vulnerable. If you use a content management system (CMS) that allows you to upload files, you might want to make sure the links go straight to the file, rather than going through a redirect. This includes any redirects you might have in the downloads section of your site.
  • Systems to track clicks for affiliate programs, ad programs, or site statistics might be open as well.
  • Proxy sites, though not always technically redirects, are designed to send users through to other sites and therefore can be vulnerable to this abuse. This includes those used by schools and libraries.
  • In some cases, login pages will redirect users back to the page they were trying to access.
  • Scripts that put up an interstitial page when users leave a site can be abused. Lots of educational, government, and large corporate web sites do this to let users know that information found on outgoing links isn't under their control.
Click to expand...

...more
 
Last edited by a moderator:
Google warning: is your site abused through redirects?

Google warning: is your site abused through redirects?
Axandra News
17 February 2009

How to find out if your website is abused
  1. Make a site search on Google
  2. Go to Google.com and search for "site:yourdomain.com". Replace yourdomain.com with your own domain name. If you see web pages that have nothing to do with your website then it's likely that someone exploits a security hole on your website.
  3. Check your web server logs for URL parameters like "=http:" or "=//". If your redirection URLs get a lot of traffic, this could also be caused by spammers.
  4. If you get user complaints about content or malware that you know cannot be found on your website then your website users might have seen your URL before they were redirected to the malware site.
What you can do to protect your website
  1. Check the referrer. Your redirect scripts should only work if they area accessed from another web page of your website. The redirect script should not work if the user accesses the script directly or from a search engine.
  2. If possible, make sure that the script can only redirect to web pages and files that are on your own websites. You could use a whitelist of allowed destination domains.
  3. Use the robots.txt file of your website to exclude search engines from the redirect scripts on your website. That will make your website less attractive for hackers.
  4. Add a signature or a checksum to your redirect links so that only you can use the script.
Click to expand...
 
Last edited by a moderator:
good stuff i just did a check on all domains and sites i have ever owned -- all good, but i will keep a better eye out for this. thanks
 

Similar threads

Graybeard
Move Over Google --OpenAI is at your gates!
2
Replies
21
Views
2K
riuskras
R
SrLudwig
Google About to Crack Down on Mass Produced Content and Other Stuff
Replies
9
Views
2K
Graybeard
Graybeard
Honeybadger
Ask Me Anything Im blocking Google search
Replies
9
Views
2K
Honeybadger
Honeybadger
Graybeard
Google slashes SEO again!
Replies
19
Views
3K
Strickland
Strickland
Graybeard
Google likes glue on pizza?
Replies
1
Views
518
azgold
azgold
MI
Back