Your Website Is Abused By Open Redirect Spam

by beyluen on February 18, 2009

in Search Engine Optimization

Open Redirect Spam

Recently Google has warned us that it is possible for spammers to take advantage of our websites or blogs without ever setting a virtual foot in our web servers. Spammers can do this by abusing open redirects.

What Are Open Redirects

It’s a common practice that websites use links to redirect visitors to another page. Some redirects are left open to any arbitrary destination. These redirects are called open redirects and can be abused by spammers to trick your readers and search engines into following links that seems to be pointing to your website although they redirect to a spammy website.

It makes people think that they are visiting your website but actually they are redirected to a untrusted web pages that might contain virus, malware, adult content or phishing attempts.

Which Open Redirects Could Be Abused

Spammers have managed to use redirect spam to achieve their purpose on a wide range of websites, including those well-known companies according to Google. There are several redirects which will give you problems.

#1 Scripts

Scripts that redirect visitors to a file on the server could be abused by spammers. The link always looks like this:

http://www.example.com/download.php?url=http://www.example.com/a.zip

http://www.example.com/get/?http://www.example.com/b.zip

#2 Search Result Pages

Search result pages with automatic redirect options has the potential to be abused by spammers. Very often, the search result page of your internal search engine contains an URL variable which sends visitors to another page.

http://www.example.com/search?q=keyword&url=http://www.example.com/page2/

#3 Affiliate Tracking Links

Another redirection type is affiliate tracking links. These affiliate tracking links always allow website owners to redirect visitors to other pages such as affiliate product page. Spammers can easily enter untrusted URLs in the tracking links.

http://www.example.com/track.php?affid=123&url=http://www.affiliate.com

#4 Proxy Servers

The purpose of proxy servers or sites is to send visitors to their desired other websites or web pages. But this can be controlled by spammers to redirect traffic to phishing sites.

http://www.proxy.com/?url=http://www.example.com

#5 Interstitial Pages

Some websites show an interstitial page when visitors leave a website to let users know that the information found on the link is not under their control. These URLs usually look like this.

http://www.example.com/redirect/http://www.example.com

http://www.example.com/out?http://www.example.com

How To Check If Your Website Is Abused

Even you do not find any of the above on your website, you may still face open redirects issue. You can quickly do a check to find out if you have such case.

#1 Check In Google

Just go to Google and search for “site:yourdomainname.com”, remember to replace “yourdomainname” with your website domain name. If you see web pages that have nothing to do with your website, then it’s very likely that your website is being abused.

#2 Check Web Server Logs

Secondly you can check your web server logs for URL parameters like “=http:” or “=//”. If your redirection URLs get a lot of traffic, this could also be caused by spammers.

How To Protect Your Website

There is no 100% solution to shield your website but there are a number of actions you can do to protect your website and reduce the spam threats.

#1 Check For Referrer

In the redirection scripts, you can check for referrer. Your redirection scripts should only work if the referrer is your own website. You can block the visitors from redirection if they’re coming from search engines.

#2 Only Redirect To Your Own Web Pages

If possible, your redirection should only work for redirection within web pages of your website. But it’s not possible to implement if you have affiliate tracking links.

#3 Use robots.txt

You can consider to use robots.txt file in your website to exclude search engines traffic from your redirect scripts. I think it will help you to reduce the open redirect spam.

Conclusion

Open redirect spam is a big issue not only for Google, but also for all of us. As a bloggers or online entrepreneur, we should always try to make sure our scripts are safe. Even if there is a loophole, we should try to fix it once discovered. You can to implement the solution mentioned above but you need to consider case by case as every websites have their own requirement and function.

Let’s work together to create a safe environment and reduce the spam.

Related Posts:

  1. Are Broken Links Sinking Your Search Engine Rankings?
  2. How To Fake Google PageRank?

If you enjoyed this post, I would be very grateful if you leave a quick comment below or subscribe via email or RSS or follow me on Twitter. Don't miss out on new blogging tips and online business tips! - Bey Luen

{ 1 comment… read it below or add one }

1 Lesk September 9, 2009 at 11:54 pm

Hi
I’m getting visitors redirected by sites like cigarette website/s e.g. cigarettesbuyer dot com & cheap-24h dot com [obviously don’t want them to benefit further so split their addresses.

I don’t understand why they are doing this as there is nothing on my site that is of interest to them unless they count a trade directory of local shops as their ‘meat & veg’

Can you tell me what they are doing, and why?

Reply

Leave a Comment

{ 1 trackback }

Previous post:

Next post: