Sunday, November 23, 2008

Z-Blog URL Redirect Security Affected Spam Attacks

Z-Blog system contain a security issue that allows spam attack to Wikipedia by using url redirect.

The design of Z-Blog anti-spam encrypts the URL before redirect it. The name of the redirected file is c_urlredirect.asp. With the parameter of this page Z-Blog kann redirect to various pages. Sorrowfully the used encryption is very simple. One just need to put the odd characters together. With this methode blackhat SEO manipulates redirects from other Z-Blog websites to call its own website. Thus even if the original address is listed on the blacklist by Wikipedia, the manipulated redirect would still work and be used as spam.

The solution for this problem is not easy. The most simple way is to delete c_urlredirect.asp. But this method would also prevent the blogger himself make redirects.

Source . thanks for Wing translation

No comments:

Post a Comment