Check if your being abused of "open redirect URLs" - Google Webmaster Tips

Google Webmaster blog has published an article that will help webmaster keeping their site clean from spammers using open redirect URLs on their domain. Below are some legitimate techniques that spammers uses to redirect URLs: Scripts that redirect users to a file on the server: example.com/go.php?url=example.com/ie/ie40/download/? Internal site search result pages sometimes have automatic redirect […]

Google Webmaster blog has published an article that will help webmaster keeping their site clean from spammers using open redirect URLs on their domain. Below are some legitimate techniques that spammers uses to redirect URLs:

  • Scripts that redirect users to a file on the server: example.com/go.php?url=
    example.com/ie/ie40/download/?
  • Internal site search result pages sometimes have automatic redirect options that could be vulnerable. Look for patterns like: example.com/search?q=user+search+keywords&url=
  • track clicks for affiliate programs, ad programs, or site statistics: example.com/coupon.jsp?code=ABCDEF&url=
    example.com/cs.html?url=
  • Proxy sitesproxy.example.com/?url=
  • login pages will redirect users back to the page they were trying to access: example.com/login?url=
  • Scripts that put up an interstitial page when users leave a site can be abused:
    example.com/redirect/
    example.com/out?
    example.com/cgi-bin/redirect.cgi?

Full Article