What is the purpose of (ab)using the redirect page of my website for dubious URLs?
Clash Royale CLAN TAG#URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
74
down vote
favorite
My website has a redirect page with the format https://my.site/redirect?deeplink=https://foo.bar&...
The redirect is implemented in Javascript, so when you request the site, you get a 200 and some HTML + JS, not a 30X.
I recently started to notice that someone is abusing the redirect page for dubious links (guns, viagra, ...). It was suspicious that the traffic of the page increased by a lot, especially at night, when there should be barely any traffic.
I started to log the requests including referer. The referers seem to be all kinds of different hosts (not the same one every time) but mostly redirect pages themselves. Examples are
http://foo1.bar/cgi/mt4/mt4i.cgi?cat=12&mode=redirect&ref_eid=3231&url=http://my.site/redirect...
http://foo2.bar/modules/wordpress/wp-ktai.php?view=redir&url=http://my.site/redirect...
http://www.foo3.bar/core.php?p=books&l=en&do=show&tag=2774&id=20536&backlink=http://my.site/redirect...
http://www.google.sk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=172&ved=0CCMQFjABOKoB&url=http://my.site/redirect...
I'm actually in control of the URLs that users should be legitimately redirected to, so I implemented a whitelist of valid hosts and started redirecting invalid ones to my start page.
What I'm wondering is, why should someone abuse my redirect page in the described way? And are there any risks I should be aware of?
web-application url-redirection web
asked Aug 8 at 12:38
Kirill Rakhman
473148
add a comment |Â
up vote
74
down vote
favorite
My website has a redirect page with the format https://my.site/redirect?deeplink=https://foo.bar&...
The redirect is implemented in Javascript, so when you request the site, you get a 200 and some HTML + JS, not a 30X.
I recently started to notice that someone is abusing the redirect page for dubious links (guns, viagra, ...). It was suspicious that the traffic of the page increased by a lot, especially at night, when there should be barely any traffic.
I started to log the requests including referer. The referers seem to be all kinds of different hosts (not the same one every time) but mostly redirect pages themselves. Examples are
http://foo1.bar/cgi/mt4/mt4i.cgi?cat=12&mode=redirect&ref_eid=3231&url=http://my.site/redirect...
http://foo2.bar/modules/wordpress/wp-ktai.php?view=redir&url=http://my.site/redirect...
http://www.foo3.bar/core.php?p=books&l=en&do=show&tag=2774&id=20536&backlink=http://my.site/redirect...
http://www.google.sk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=172&ved=0CCMQFjABOKoB&url=http://my.site/redirect...
I'm actually in control of the URLs that users should be legitimately redirected to, so I implemented a whitelist of valid hosts and started redirecting invalid ones to my start page.
What I'm wondering is, why should someone abuse my redirect page in the described way? And are there any risks I should be aware of?
web-application url-redirection web
asked Aug 8 at 12:38
Kirill Rakhman
473148
3
trustwave.com/Resources/SpiderLabs-Blog/…
– Conor Mancone
Aug 8 at 12:53
6
Why do you have the redirects via JS?
– Solomon Ucko
Aug 10 at 18:49
2
@SolomonUcko Why not? I have some analytics on the page as well as an information text. Besides, this is not the point of the question.
– Kirill Rakhman
Aug 13 at 9:39
add a comment |Â
up vote
74
down vote
favorite
up vote
74
down vote
favorite
My website has a redirect page with the format https://my.site/redirect?deeplink=https://foo.bar&...
The redirect is implemented in Javascript, so when you request the site, you get a 200 and some HTML + JS, not a 30X.
I recently started to notice that someone is abusing the redirect page for dubious links (guns, viagra, ...). It was suspicious that the traffic of the page increased by a lot, especially at night, when there should be barely any traffic.
I started to log the requests including referer. The referers seem to be all kinds of different hosts (not the same one every time) but mostly redirect pages themselves. Examples are
http://foo1.bar/cgi/mt4/mt4i.cgi?cat=12&mode=redirect&ref_eid=3231&url=http://my.site/redirect...
http://foo2.bar/modules/wordpress/wp-ktai.php?view=redir&url=http://my.site/redirect...
http://www.foo3.bar/core.php?p=books&l=en&do=show&tag=2774&id=20536&backlink=http://my.site/redirect...
http://www.google.sk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=172&ved=0CCMQFjABOKoB&url=http://my.site/redirect...
I'm actually in control of the URLs that users should be legitimately redirected to, so I implemented a whitelist of valid hosts and started redirecting invalid ones to my start page.
What I'm wondering is, why should someone abuse my redirect page in the described way? And are there any risks I should be aware of?
web-application url-redirection web
asked Aug 8 at 12:38
Kirill Rakhman
473148
My website has a redirect page with the format https://my.site/redirect?deeplink=https://foo.bar&...
The redirect is implemented in Javascript, so when you request the site, you get a 200 and some HTML + JS, not a 30X.
I recently started to notice that someone is abusing the redirect page for dubious links (guns, viagra, ...). It was suspicious that the traffic of the page increased by a lot, especially at night, when there should be barely any traffic.
I started to log the requests including referer. The referers seem to be all kinds of different hosts (not the same one every time) but mostly redirect pages themselves. Examples are
http://foo1.bar/cgi/mt4/mt4i.cgi?cat=12&mode=redirect&ref_eid=3231&url=http://my.site/redirect...
http://foo2.bar/modules/wordpress/wp-ktai.php?view=redir&url=http://my.site/redirect...
http://www.foo3.bar/core.php?p=books&l=en&do=show&tag=2774&id=20536&backlink=http://my.site/redirect...
http://www.google.sk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=172&ved=0CCMQFjABOKoB&url=http://my.site/redirect...
I'm actually in control of the URLs that users should be legitimately redirected to, so I implemented a whitelist of valid hosts and started redirecting invalid ones to my start page.
What I'm wondering is, why should someone abuse my redirect page in the described way? And are there any risks I should be aware of?
web-application url-redirection web
web-application url-redirection web
asked Aug 8 at 12:38
Kirill Rakhman
473148
asked Aug 8 at 12:38
Kirill Rakhman
473148
asked Aug 8 at 12:38
Kirill Rakhman
473148
asked Aug 8 at 12:38
Kirill Rakhman
473148
asked Aug 8 at 12:38
Kirill Rakhman
473148
473148
3
trustwave.com/Resources/SpiderLabs-Blog/…
– Conor Mancone
Aug 8 at 12:53
6
Why do you have the redirects via JS?
– Solomon Ucko
Aug 10 at 18:49
2
@SolomonUcko Why not? I have some analytics on the page as well as an information text. Besides, this is not the point of the question.
– Kirill Rakhman
Aug 13 at 9:39
add a comment |Â
3
trustwave.com/Resources/SpiderLabs-Blog/…
– Conor Mancone
Aug 8 at 12:53
6
Why do you have the redirects via JS?
– Solomon Ucko
Aug 10 at 18:49
2
@SolomonUcko Why not? I have some analytics on the page as well as an information text. Besides, this is not the point of the question.
– Kirill Rakhman
Aug 13 at 9:39
3
3
trustwave.com/Resources/SpiderLabs-Blog/…
– Conor Mancone
Aug 8 at 12:53
trustwave.com/Resources/SpiderLabs-Blog/…
– Conor Mancone
Aug 8 at 12:53
6
6
Why do you have the redirects via JS?
– Solomon Ucko
Aug 10 at 18:49
Why do you have the redirects via JS?
– Solomon Ucko
Aug 10 at 18:49
2
2
@SolomonUcko Why not? I have some analytics on the page as well as an information text. Besides, this is not the point of the question.
– Kirill Rakhman
Aug 13 at 9:39
@SolomonUcko Why not? I have some analytics on the page as well as an information text. Besides, this is not the point of the question.
– Kirill Rakhman
Aug 13 at 9:39
add a comment |Â
4 Answers
4
active
oldest
votes
up vote
119
down vote
accepted
Assuming that people trust your site, abusing redirections like this can help avoid spam filters or other automated filtering on forums/comment forms/etc. by appearing to link to pages on your site. Very few people will click on a link to https://evilphishingsite.example.com, but they might click on https://catphotos.example.com?redirect=https://evilphishingsite.example.com, especially if it was formatted as https://catphotos.example.com to hide the redirection from casual inspection - even if you look in the status bar while hovering over that, it starts with a reasonable looking string.
The main risks are to your site reputation (it's more likely to get black listed by filtering services if they spot dubious traffic being accessed through it) and to people following these links (who knows what is actually on the other site you're sending them to). It's unlikely to result in compromise of your server directly.
answered Aug 8 at 12:57
Matthew
24k77790
53
Additionally several Mail-Providers implement link-scanning, where they look at links in emails and even try to open them and scan the contents. They usually do follow 30X redirects, but won't execute JavaScript. So the Link-Inspection software will probably classify your domain as trustworthy and the content of the link as harmless - while the JS on your page will actually send the user to an evil page.
– Falco
Aug 8 at 14:02
2
One could argue that the blind trust the browser places on redirects (following them without asking the user by default) is a liability.
– Mindwin
Aug 9 at 16:55
10
@curiousguy Arguably any link that performs such an action via GET is fundamentally broken. A proper unsubscribe should direct to a page with a form that requires a POST submission. (Of course, in the real world, few things are proper.)
– Bob
Aug 10 at 0:40
3
@Bob exactly - GET requests should be idempotent and without side effects. Most unsubscribe links I know will show a page to you with an unsubscribe button that triggers a POST request
– Falco
Aug 10 at 10:56
1
@Falco just as an example from several emails in my inbox right nowhttps://***.list-manage.com/unsubscribesubscription services will unsubscribe with aGET
– Brad
Aug 10 at 14:40
 |Â
show 5 more comments
up vote
32
down vote
If you have a login page on your site, the bad guys could have used your open redirect to make a more successful phishing page for your users.
From https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
Unvalidated redirects and forwards are possible when a web application
accepts untrusted input that could cause the web application to
redirect the request to a URL contained within untrusted input. By
modifying untrusted URL input to a malicious site, an attacker may
successfully launch a phishing scam and steal user credentials.
Because the server name in the modified link is identical to the
original site, phishing attempts may have a more trustworthy
appearance. Unvalidated redirect and forward attacks can also be used
to maliciously craft a URL that would pass the application’s access
control check and then forward the attacker to privileged functions
that they would normally not be able to access.
answered Aug 8 at 17:49
JesseM
1,45247
add a comment |Â
up vote
9
down vote
The crux is that using your redirect leverages the good name of your business to get someone to click on the malicious link.
answered Aug 8 at 18:26
Joe M
2,7771212
add a comment |Â
up vote
6
down vote
Your website might not be blacklisted, unlike another.
Assuming they were using it to send spam links, it would look more reasonable if it came from a new domain. I would guess they would send spam from your site long enough for it to become blacklisted, at which point they might drop yours and try to find another.
answered Aug 8 at 12:51
MK_Codes
785
add a comment |Â
protected by Community♦ Aug 9 at 11:59
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
119
down vote
accepted
Assuming that people trust your site, abusing redirections like this can help avoid spam filters or other automated filtering on forums/comment forms/etc. by appearing to link to pages on your site. Very few people will click on a link to https://evilphishingsite.example.com, but they might click on https://catphotos.example.com?redirect=https://evilphishingsite.example.com, especially if it was formatted as https://catphotos.example.com to hide the redirection from casual inspection - even if you look in the status bar while hovering over that, it starts with a reasonable looking string.
The main risks are to your site reputation (it's more likely to get black listed by filtering services if they spot dubious traffic being accessed through it) and to people following these links (who knows what is actually on the other site you're sending them to). It's unlikely to result in compromise of your server directly.
answered Aug 8 at 12:57
Matthew
24k77790
53
Additionally several Mail-Providers implement link-scanning, where they look at links in emails and even try to open them and scan the contents. They usually do follow 30X redirects, but won't execute JavaScript. So the Link-Inspection software will probably classify your domain as trustworthy and the content of the link as harmless - while the JS on your page will actually send the user to an evil page.
– Falco
Aug 8 at 14:02
2
One could argue that the blind trust the browser places on redirects (following them without asking the user by default) is a liability.
– Mindwin
Aug 9 at 16:55
10
@curiousguy Arguably any link that performs such an action via GET is fundamentally broken. A proper unsubscribe should direct to a page with a form that requires a POST submission. (Of course, in the real world, few things are proper.)
– Bob
Aug 10 at 0:40
3
@Bob exactly - GET requests should be idempotent and without side effects. Most unsubscribe links I know will show a page to you with an unsubscribe button that triggers a POST request
– Falco
Aug 10 at 10:56
1
@Falco just as an example from several emails in my inbox right nowhttps://***.list-manage.com/unsubscribesubscription services will unsubscribe with aGET
– Brad
Aug 10 at 14:40
 |Â
show 5 more comments
up vote
119
down vote
accepted
Assuming that people trust your site, abusing redirections like this can help avoid spam filters or other automated filtering on forums/comment forms/etc. by appearing to link to pages on your site. Very few people will click on a link to https://evilphishingsite.example.com, but they might click on https://catphotos.example.com?redirect=https://evilphishingsite.example.com, especially if it was formatted as https://catphotos.example.com to hide the redirection from casual inspection - even if you look in the status bar while hovering over that, it starts with a reasonable looking string.
The main risks are to your site reputation (it's more likely to get black listed by filtering services if they spot dubious traffic being accessed through it) and to people following these links (who knows what is actually on the other site you're sending them to). It's unlikely to result in compromise of your server directly.
answered Aug 8 at 12:57
Matthew
24k77790
53
Additionally several Mail-Providers implement link-scanning, where they look at links in emails and even try to open them and scan the contents. They usually do follow 30X redirects, but won't execute JavaScript. So the Link-Inspection software will probably classify your domain as trustworthy and the content of the link as harmless - while the JS on your page will actually send the user to an evil page.
– Falco
Aug 8 at 14:02
2
One could argue that the blind trust the browser places on redirects (following them without asking the user by default) is a liability.
– Mindwin
Aug 9 at 16:55
10
@curiousguy Arguably any link that performs such an action via GET is fundamentally broken. A proper unsubscribe should direct to a page with a form that requires a POST submission. (Of course, in the real world, few things are proper.)
– Bob
Aug 10 at 0:40
3
@Bob exactly - GET requests should be idempotent and without side effects. Most unsubscribe links I know will show a page to you with an unsubscribe button that triggers a POST request
– Falco
Aug 10 at 10:56
1
@Falco just as an example from several emails in my inbox right nowhttps://***.list-manage.com/unsubscribesubscription services will unsubscribe with aGET
– Brad
Aug 10 at 14:40
 |Â
show 5 more comments
up vote
119
down vote
accepted
up vote
119
down vote
accepted
Assuming that people trust your site, abusing redirections like this can help avoid spam filters or other automated filtering on forums/comment forms/etc. by appearing to link to pages on your site. Very few people will click on a link to https://evilphishingsite.example.com, but they might click on https://catphotos.example.com?redirect=https://evilphishingsite.example.com, especially if it was formatted as https://catphotos.example.com to hide the redirection from casual inspection - even if you look in the status bar while hovering over that, it starts with a reasonable looking string.
The main risks are to your site reputation (it's more likely to get black listed by filtering services if they spot dubious traffic being accessed through it) and to people following these links (who knows what is actually on the other site you're sending them to). It's unlikely to result in compromise of your server directly.
answered Aug 8 at 12:57
Matthew
24k77790
Assuming that people trust your site, abusing redirections like this can help avoid spam filters or other automated filtering on forums/comment forms/etc. by appearing to link to pages on your site. Very few people will click on a link to https://evilphishingsite.example.com, but they might click on https://catphotos.example.com?redirect=https://evilphishingsite.example.com, especially if it was formatted as https://catphotos.example.com to hide the redirection from casual inspection - even if you look in the status bar while hovering over that, it starts with a reasonable looking string.
The main risks are to your site reputation (it's more likely to get black listed by filtering services if they spot dubious traffic being accessed through it) and to people following these links (who knows what is actually on the other site you're sending them to). It's unlikely to result in compromise of your server directly.
answered Aug 8 at 12:57
Matthew
24k77790
answered Aug 8 at 12:57
Matthew
24k77790
answered Aug 8 at 12:57
Matthew
24k77790
answered Aug 8 at 12:57
Matthew
24k77790
24k77790
53
Additionally several Mail-Providers implement link-scanning, where they look at links in emails and even try to open them and scan the contents. They usually do follow 30X redirects, but won't execute JavaScript. So the Link-Inspection software will probably classify your domain as trustworthy and the content of the link as harmless - while the JS on your page will actually send the user to an evil page.
– Falco
Aug 8 at 14:02
2
One could argue that the blind trust the browser places on redirects (following them without asking the user by default) is a liability.
– Mindwin
Aug 9 at 16:55
10
@curiousguy Arguably any link that performs such an action via GET is fundamentally broken. A proper unsubscribe should direct to a page with a form that requires a POST submission. (Of course, in the real world, few things are proper.)
– Bob
Aug 10 at 0:40
3
@Bob exactly - GET requests should be idempotent and without side effects. Most unsubscribe links I know will show a page to you with an unsubscribe button that triggers a POST request
– Falco
Aug 10 at 10:56
1
@Falco just as an example from several emails in my inbox right nowhttps://***.list-manage.com/unsubscribesubscription services will unsubscribe with aGET
– Brad
Aug 10 at 14:40
 |Â
show 5 more comments
53
Additionally several Mail-Providers implement link-scanning, where they look at links in emails and even try to open them and scan the contents. They usually do follow 30X redirects, but won't execute JavaScript. So the Link-Inspection software will probably classify your domain as trustworthy and the content of the link as harmless - while the JS on your page will actually send the user to an evil page.
– Falco
Aug 8 at 14:02
2
One could argue that the blind trust the browser places on redirects (following them without asking the user by default) is a liability.
– Mindwin
Aug 9 at 16:55
10
@curiousguy Arguably any link that performs such an action via GET is fundamentally broken. A proper unsubscribe should direct to a page with a form that requires a POST submission. (Of course, in the real world, few things are proper.)
– Bob
Aug 10 at 0:40
3
@Bob exactly - GET requests should be idempotent and without side effects. Most unsubscribe links I know will show a page to you with an unsubscribe button that triggers a POST request
– Falco
Aug 10 at 10:56
1
@Falco just as an example from several emails in my inbox right nowhttps://***.list-manage.com/unsubscribesubscription services will unsubscribe with aGET
– Brad
Aug 10 at 14:40
53
53
Additionally several Mail-Providers implement link-scanning, where they look at links in emails and even try to open them and scan the contents. They usually do follow 30X redirects, but won't execute JavaScript. So the Link-Inspection software will probably classify your domain as trustworthy and the content of the link as harmless - while the JS on your page will actually send the user to an evil page.
– Falco
Aug 8 at 14:02
Additionally several Mail-Providers implement link-scanning, where they look at links in emails and even try to open them and scan the contents. They usually do follow 30X redirects, but won't execute JavaScript. So the Link-Inspection software will probably classify your domain as trustworthy and the content of the link as harmless - while the JS on your page will actually send the user to an evil page.
– Falco
Aug 8 at 14:02
2
2
One could argue that the blind trust the browser places on redirects (following them without asking the user by default) is a liability.
– Mindwin
Aug 9 at 16:55
One could argue that the blind trust the browser places on redirects (following them without asking the user by default) is a liability.
– Mindwin
Aug 9 at 16:55
10
10
@curiousguy Arguably any link that performs such an action via GET is fundamentally broken. A proper unsubscribe should direct to a page with a form that requires a POST submission. (Of course, in the real world, few things are proper.)
– Bob
Aug 10 at 0:40
@curiousguy Arguably any link that performs such an action via GET is fundamentally broken. A proper unsubscribe should direct to a page with a form that requires a POST submission. (Of course, in the real world, few things are proper.)
– Bob
Aug 10 at 0:40
3
3
@Bob exactly - GET requests should be idempotent and without side effects. Most unsubscribe links I know will show a page to you with an unsubscribe button that triggers a POST request
– Falco
Aug 10 at 10:56
@Bob exactly - GET requests should be idempotent and without side effects. Most unsubscribe links I know will show a page to you with an unsubscribe button that triggers a POST request
– Falco
Aug 10 at 10:56
1
1
@Falco just as an example from several emails in my inbox right now
https://***.list-manage.com/unsubscribe subscription services will unsubscribe with a GET– Brad
Aug 10 at 14:40
@Falco just as an example from several emails in my inbox right now
https://***.list-manage.com/unsubscribe subscription services will unsubscribe with a GET– Brad
Aug 10 at 14:40
 |Â
show 5 more comments
up vote
32
down vote
If you have a login page on your site, the bad guys could have used your open redirect to make a more successful phishing page for your users.
From https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
Unvalidated redirects and forwards are possible when a web application
accepts untrusted input that could cause the web application to
redirect the request to a URL contained within untrusted input. By
modifying untrusted URL input to a malicious site, an attacker may
successfully launch a phishing scam and steal user credentials.
Because the server name in the modified link is identical to the
original site, phishing attempts may have a more trustworthy
appearance. Unvalidated redirect and forward attacks can also be used
to maliciously craft a URL that would pass the application’s access
control check and then forward the attacker to privileged functions
that they would normally not be able to access.
answered Aug 8 at 17:49
JesseM
1,45247
add a comment |Â
up vote
32
down vote
If you have a login page on your site, the bad guys could have used your open redirect to make a more successful phishing page for your users.
From https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
Unvalidated redirects and forwards are possible when a web application
accepts untrusted input that could cause the web application to
redirect the request to a URL contained within untrusted input. By
modifying untrusted URL input to a malicious site, an attacker may
successfully launch a phishing scam and steal user credentials.
Because the server name in the modified link is identical to the
original site, phishing attempts may have a more trustworthy
appearance. Unvalidated redirect and forward attacks can also be used
to maliciously craft a URL that would pass the application’s access
control check and then forward the attacker to privileged functions
that they would normally not be able to access.
answered Aug 8 at 17:49
JesseM
1,45247
add a comment |Â
up vote
32
down vote
up vote
32
down vote
If you have a login page on your site, the bad guys could have used your open redirect to make a more successful phishing page for your users.
From https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
Unvalidated redirects and forwards are possible when a web application
accepts untrusted input that could cause the web application to
redirect the request to a URL contained within untrusted input. By
modifying untrusted URL input to a malicious site, an attacker may
successfully launch a phishing scam and steal user credentials.
Because the server name in the modified link is identical to the
original site, phishing attempts may have a more trustworthy
appearance. Unvalidated redirect and forward attacks can also be used
to maliciously craft a URL that would pass the application’s access
control check and then forward the attacker to privileged functions
that they would normally not be able to access.
answered Aug 8 at 17:49
JesseM
1,45247
If you have a login page on your site, the bad guys could have used your open redirect to make a more successful phishing page for your users.
From https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
Unvalidated redirects and forwards are possible when a web application
accepts untrusted input that could cause the web application to
redirect the request to a URL contained within untrusted input. By
modifying untrusted URL input to a malicious site, an attacker may
successfully launch a phishing scam and steal user credentials.
Because the server name in the modified link is identical to the
original site, phishing attempts may have a more trustworthy
appearance. Unvalidated redirect and forward attacks can also be used
to maliciously craft a URL that would pass the application’s access
control check and then forward the attacker to privileged functions
that they would normally not be able to access.
answered Aug 8 at 17:49
JesseM
1,45247
answered Aug 8 at 17:49
JesseM
1,45247
answered Aug 8 at 17:49
JesseM
1,45247
answered Aug 8 at 17:49
JesseM
1,45247
1,45247
add a comment |Â
add a comment |Â
up vote
9
down vote
The crux is that using your redirect leverages the good name of your business to get someone to click on the malicious link.
answered Aug 8 at 18:26
Joe M
2,7771212
add a comment |Â
up vote
9
down vote
The crux is that using your redirect leverages the good name of your business to get someone to click on the malicious link.
answered Aug 8 at 18:26
Joe M
2,7771212
add a comment |Â
up vote
9
down vote
up vote
9
down vote
The crux is that using your redirect leverages the good name of your business to get someone to click on the malicious link.
answered Aug 8 at 18:26
Joe M
2,7771212
The crux is that using your redirect leverages the good name of your business to get someone to click on the malicious link.
answered Aug 8 at 18:26
Joe M
2,7771212
answered Aug 8 at 18:26
Joe M
2,7771212
answered Aug 8 at 18:26
Joe M
2,7771212
answered Aug 8 at 18:26
Joe M
2,7771212
2,7771212
add a comment |Â
add a comment |Â
up vote
6
down vote
Your website might not be blacklisted, unlike another.
Assuming they were using it to send spam links, it would look more reasonable if it came from a new domain. I would guess they would send spam from your site long enough for it to become blacklisted, at which point they might drop yours and try to find another.
answered Aug 8 at 12:51
MK_Codes
785
add a comment |Â
up vote
6
down vote
Your website might not be blacklisted, unlike another.
Assuming they were using it to send spam links, it would look more reasonable if it came from a new domain. I would guess they would send spam from your site long enough for it to become blacklisted, at which point they might drop yours and try to find another.
answered Aug 8 at 12:51
MK_Codes
785
add a comment |Â
up vote
6
down vote
up vote
6
down vote
Your website might not be blacklisted, unlike another.
Assuming they were using it to send spam links, it would look more reasonable if it came from a new domain. I would guess they would send spam from your site long enough for it to become blacklisted, at which point they might drop yours and try to find another.
answered Aug 8 at 12:51
MK_Codes
785
Your website might not be blacklisted, unlike another.
Assuming they were using it to send spam links, it would look more reasonable if it came from a new domain. I would guess they would send spam from your site long enough for it to become blacklisted, at which point they might drop yours and try to find another.
answered Aug 8 at 12:51
MK_Codes
785
answered Aug 8 at 12:51
MK_Codes
785
answered Aug 8 at 12:51
MK_Codes
785
answered Aug 8 at 12:51
MK_Codes
785
785
add a comment |Â
add a comment |Â
protected by Community♦ Aug 9 at 11:59
Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
3
trustwave.com/Resources/SpiderLabs-Blog/…
– Conor Mancone
Aug 8 at 12:53
6
Why do you have the redirects via JS?
– Solomon Ucko
Aug 10 at 18:49
2
@SolomonUcko Why not? I have some analytics on the page as well as an information text. Besides, this is not the point of the question.
– Kirill Rakhman
Aug 13 at 9:39