I wrote a post last Friday on the Google Webmaster Central Blog about the widespread abuse of open redirects round the web. If you have some code on your site that will redirect users to an arbitrary destination based on url parameters, watch out.
“But Jason,” you say, “why would I have code that would redirect users to an arbitrary destination based on url parameters?” You might be surprised. Code that tracks clicks for ads or analytics, search results pages, and even some login pages are vulnerable.
There are actually lots of legitimate reasons to redirect users, but unfortunately spammers can use them too if you’re not careful. Read the post to find out more and learn ways to make your site less attractive to attackers.