You are here:6S Marketing » Blog » Is Your Site Being Used by Hackers?

Is Your Site Being Used by Hackers?

Written by Kelly Robertson
on Monday, June 22nd, 2009

Is your site being easily abused by hackers? It turns out, some insecure web software allows people to freely use a website with open redirects to mask their hacking attacks.

Open redirects are one way for hackers to take advantage of your website as it allows them to manipulate the functionality of a website, rather than one tiny security-related flaw.  The hacker will use your site as a “landing page” and use links pointing to your site to redirect them to their site instead. This may have a negative effect on SEO for your website if the link the hacker uses is coming from a “bad linking neighborhood”, which you do not want your site associated with.

Some examples of redirects that are easily used by hackers are:

  • Scripts that redirect users to a file on a server. If you use a CMS that allows you to upload files, make sure links go directly to the file, and are not redirected like so:

mywebsite.com/go.php?url=
mywebsite.com/ie/ie40/download/?

  • Internal site search results pages often have redirects such as: mysite.com/search?q=user+search+keyword&url=
  • Affiliate program tracking URL’s to track clicks and other statistics like: mysite.com/coupon.jsp?code=154655&url=
  • Login pages often redirect the user back to the page they were just trying to access. URL’s such as: mysite.com/login?url= are often quite vollunerable.

How do you know your site is being abused?

  • Type into Google:  site:http://www.mysite.com to see if anything pops up that is unfamiliar.
  • Use the top search queries report in Webmaster tools to see what the top search queries that are leading traffic to your site are.
  • Check the top content report in Google Analytics for URL’s that do not belong on your site.

So, what to do if your site is being abused?

Here are a few things you can do to ensure your site is safe from hackers:

  • Ensure the redirect will check the referrer. This is done by changing the code of the redirect.
  • Disallow off-site redirects on your site
  • Create a list of all outgoing links in your code, and make sure the redirect being used is a safe destination.
  • Use the robots.txt file to exclude search engines from the redirect script.
  • Remove URL’s in Webmaster Tools or use the verified spam report to report suspicious links coming into your site.
Share and Enjoy:
  • Twitter
  • email
  • Digg
  • Reddit
  • Facebook
  • Sphinn
  • del.icio.us
  • Google Bookmarks
  • StumbleUpon
Posted in: Blog on June 22nd by Kelly Robertson

2 Comments

RSS feed for comments on this post. TrackBack URL

Leave a comment

Search

Recent Posts

Archives

Tag Cloud

Twitter Badge

    Twitter Counter

    Flickr Stream

    Chris and Rachel get the afternoon snack readyChris gets the hot dogs ready for the kidsRachel smiles for the camera before serving the hot dogsKelly hands out juice boxes to the kids6S Marketing Staff Mad Men Christmas Party6S Marketing Staff Mad Men Christmas Party