Hackers redirect the traffic from a parked domain name to any URL destination

If you have any important domains at a domain parking service, you may want to double check they go to the right place. Symantec, a leader in online security, found a hole in the security of one of the bigger domain parking services.


Hackers have made it possible to redirect the traffic from a parked domain name to any URL destination.

“We recently noticed a large domain parking service being abused by spammers on a massive scale. Each domain hosted on the service contains an open redirect script, allowing spammers to redirect to any URL of their choice,” Symantec senior software engineer Nick Johnston explained.

Symantec said it has automatically blocked tens of thousands of these domains. “This latest abuse shows the lengths spammers are prepared to go to in attempting to conceal their spam sites.”

Symantec advised users to check the HTTP “Referer” header before redirecting to prevent the abuse. “Using cryptographic hashing can also be useful, as can restricting the set of sites which can be redirected to,” it said.

A lesson learned from this episode is to always make sure your computer has the best virus scan operational. In addition, if you have a website, especially an ecommerce site, consider buying a SSL certificate.

 

Hackers redirect the traffic from a parked domain name to any URL destination

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: