I am not hurting anyone ... am I ? (page redirects).

C

craigkenisston

Hi,

I recently read a lot about a topic called page hijacking. It seems
that you can steal page rank from search engines while doing a
redirect.

I reminded I had a code in some pages, where someone clicks a link on
my site, I first go to a page to save the link, then I have a redirect
to the site (I want to count this clicks out).

The code looks like :

if (Request.Params["target"] != null)
{

string target = Request.Params["target"];
string source = ConfigurationSettings.AppSettings["DomainName"]
string ClientIP;
ClientIP = Request.UserHostAddress;

trafficMgmt trafficMgmt = new mydomain.trafficMgmt();
trafficMgmt.AddClick(source, ClientIP, target);

Response.Redirect(target);
}

Could this code hurt the target site ?
Which code does this Response.Redirect to the browser ? Is it 301 or
302 ? Which is the effect on each code ?

Thanks in advance.
 
N

Nicole Calinoiu

With this setup, you actually have a much more serious problem than
potential effects on other folks' sites. Your site is currently allowing
redirection to any target URL provided in the query string. This means that
someone with malicious intent could attempt to get users who trust your site
to visit his site via use of a URL like the following:
http://www.yoursite.com/redirector.aspx?target=www.badsite.com. Users who
trust your site are much more likely to click such a link than they would be
to click one that leads directly to the redirection target.

If you want to perform redirection tracking while avoiding this problem, you
have two main options:

1. Separate the navigation from the tracking (e.g.: by using <a> tags with
href pointing to the target URL and onclick event launching the tracking).
Since this will make it possible for at least some redirections to take
place without being tracked (e.g.: if client browser has javascript
disabled), this may not be suit your requirements particularly well.

2. Assign each target URL a unique identifier, then have your redirector
page map from the identifier to the target URL on the server prior to
redirection.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top