{"id":494,"date":"2009-02-03T02:27:57","date_gmt":"2009-02-03T07:27:57","guid":{"rendered":"http:\/\/www.jasonmorrison.net\/content\/?p=494"},"modified":"2009-02-03T02:27:57","modified_gmt":"2009-02-03T07:27:57","slug":"open-redirects-under-attack-by-spammers","status":"publish","type":"post","link":"http:\/\/www.jasonmorrison.net\/content\/2009\/open-redirects-under-attack-by-spammers\/","title":{"rendered":"Open Redirects Under Attack by Spammers"},"content":{"rendered":"<p><a class=\"tt-flickr tt-flickr-Small\" title=\"Albino alligator\" href=\"http:\/\/www.jasonmorrison.net\/content\/photos\/photo\/2962667965\/albino-alligator.html\"><img loading=\"lazy\" decoding=\"async\" class=\"alignright\" src=\"http:\/\/farm4.static.flickr.com\/3293\/2962667965_7611dd14bb_m.jpg\" alt=\"Albino alligator\" width=\"240\" height=\"161\" \/><\/a><\/p>\n<p>I wrote a post last Friday on the Google Webmaster Central Blog <a href=\"http:\/\/googlewebmastercentral.blogspot.com\/2009\/01\/open-redirect-urls-is-your-site-being.html\">about the widespread abuse of open redirects round the web<\/a>.\u00a0 If you have some code on your site that will redirect users to an arbitrary destination based on url parameters, watch out.<\/p>\n<p>&#8220;But Jason,&#8221; you say, &#8220;why would I have code that would redirect users to an arbitrary destination based on url parameters?&#8221;\u00a0 You might be surprised.\u00a0 Code that tracks clicks for ads or analytics, search results pages, and even some login pages are vulnerable.<\/p>\n<p>There are actually lots of legitimate reasons to redirect users, but unfortunately spammers can use them too if you&#8217;re not careful.\u00a0 <a href=\"http:\/\/googlewebmastercentral.blogspot.com\/2009\/01\/open-redirect-urls-is-your-site-being.html\">Read the post to find out more<\/a> and learn ways to make your site less attractive to attackers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I wrote a post last Friday on the Google Webmaster Central Blog about the widespread abuse of open redirects round the web.\u00a0 If you have some code on your site that will redirect users to an arbitrary destination based on url parameters, watch out. &#8220;But Jason,&#8221; you say, &#8220;why would I have code that would [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[19],"tags":[80,589,223,220,590,310],"class_list":["post-494","post","type-post","status-publish","format-standard","hentry","category-blog","tag-google","tag-open-redirects","tag-security","tag-spam","tag-web-dev","tag-webspam"],"aioseo_notices":[],"_links":{"self":[{"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/posts\/494","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/comments?post=494"}],"version-history":[{"count":2,"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/posts\/494\/revisions"}],"predecessor-version":[{"id":496,"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/posts\/494\/revisions\/496"}],"wp:attachment":[{"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/media?parent=494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/categories?post=494"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.jasonmorrison.net\/content\/wp-json\/wp\/v2\/tags?post=494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}