web dev | JasonMorrison.net

Just a quick post to point out an article I wrote on the Google Webmaster Central Blog, Spam2.0: Fake user accounts and spam profiles. This is a large and growing problem but a lot of folks I’ve talked to didn’t realize they had fake user accounts on their own sites. Excerpt:

Spammers create fake profiles for a number of nefarious purposes. Sometimes they’re just a way to reach users internally on a social networking site. This is somewhat similar to the way email spam works – the point is to send your users messages or friend invites and trick them into following a link, making a purchase, or downloading malware by sending a fake or low-quality proposition.

Spammers are also using spam profiles as yet another avenue to generate webspam on otherwise good domains. They scour the web for opportunities to get their links, redirects, and malware to users. They use your site because it’s no cost to them and they hope to piggyback off your good reputation.

The article got a write up in Information Week, which is pretty cool. Any way to let more people know about the issue.

I wrote a post last Friday on the Google Webmaster Central Blog about the widespread abuse of open redirects round the web. If you have some code on your site that will redirect users to an arbitrary destination based on url parameters, watch out.

“But Jason,” you say, “why would I have code that would redirect users to an arbitrary destination based on url parameters?” You might be surprised. Code that tracks clicks for ads or analytics, search results pages, and even some login pages are vulnerable.

There are actually lots of legitimate reasons to redirect users, but unfortunately spammers can use them too if you’re not careful. Read the post to find out more and learn ways to make your site less attractive to attackers.

JasonMorrison.net

Usability, web development, and design

Tag Archives: web dev

Open Redirects Under Attack by Spammers