Friday, 30 January 2009

Abuse of open redirect URLs

Google's Webmaster blog has published a detailed post on the security issues of open redirect URLs and how websites can identify if their site is being attacked by spammers using this method, and how to prevent it happening.

Some websites use open redirect URLs in situations where it's helpful to redirect users to another page. Unfortunately, such redirects that are left open to any arbitrary destination can be abused and it's becoming a more common method since spammers can take advantage of a website's functionality rather than exploiting a simple bug or security flaw. These spammers hope to use the targeted domain as a temporary "landing page" to trick email users, searchers and search engines into following links which appear to be pointing to the site, but actually redirect to their spam site.



Post a Comment

Subscribe to Post Comments [Atom]

<< Home