By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,161 Members | 2,002 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,161 IT Pros & Developers. It's quick & easy.

I am not hurting anyone ... am I ? (page redirects).

P: n/a
Hi,

I recently read a lot about a topic called page hijacking. It seems
that you can steal page rank from search engines while doing a
redirect.

I reminded I had a code in some pages, where someone clicks a link on
my site, I first go to a page to save the link, then I have a redirect
to the site (I want to count this clicks out).

The code looks like :

if (Request.Params["target"] != null)
{

string target = Request.Params["target"];
string source = ConfigurationSettings.AppSettings["DomainName"]
string ClientIP;
ClientIP = Request.UserHostAddress;

trafficMgmt trafficMgmt = new mydomain.trafficMgmt();
trafficMgmt.AddClick(source, ClientIP, target);

Response.Redirect(target);
}

Could this code hurt the target site ?
Which code does this Response.Redirect to the browser ? Is it 301 or
302 ? Which is the effect on each code ?

Thanks in advance.

Nov 19 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
With this setup, you actually have a much more serious problem than
potential effects on other folks' sites. Your site is currently allowing
redirection to any target URL provided in the query string. This means that
someone with malicious intent could attempt to get users who trust your site
to visit his site via use of a URL like the following:
http://www.yoursite.com/redirector.a...ww.badsite.com. Users who
trust your site are much more likely to click such a link than they would be
to click one that leads directly to the redirection target.

If you want to perform redirection tracking while avoiding this problem, you
have two main options:

1. Separate the navigation from the tracking (e.g.: by using <a> tags with
href pointing to the target URL and onclick event launching the tracking).
Since this will make it possible for at least some redirections to take
place without being tracked (e.g.: if client browser has javascript
disabled), this may not be suit your requirements particularly well.

2. Assign each target URL a unique identifier, then have your redirector
page map from the identifier to the target URL on the server prior to
redirection.

<cr************@hotmail.com> wrote in message
news:11*********************@g14g2000cwa.googlegro ups.com...
Hi,

I recently read a lot about a topic called page hijacking. It seems
that you can steal page rank from search engines while doing a
redirect.

I reminded I had a code in some pages, where someone clicks a link on
my site, I first go to a page to save the link, then I have a redirect
to the site (I want to count this clicks out).

The code looks like :

if (Request.Params["target"] != null)
{

string target = Request.Params["target"];
string source = ConfigurationSettings.AppSettings["DomainName"]
string ClientIP;
ClientIP = Request.UserHostAddress;

trafficMgmt trafficMgmt = new mydomain.trafficMgmt();
trafficMgmt.AddClick(source, ClientIP, target);

Response.Redirect(target);
}

Could this code hurt the target site ?
Which code does this Response.Redirect to the browser ? Is it 301 or
302 ? Which is the effect on each code ?

Thanks in advance.

Nov 19 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.