Z-Blog URL Redirect Security Affected Spam Attacks

贝贝博客 10.05.05 网站建设 1413 4 条
Foxalt工作室 T4主题

Z-Blog URL Redirect Security Affected Spam Attacks

        Z-Blog system contain a security issue that allows spam attack to Wikipedia by using url redirect.

        The design of Z-Blog anti-spam encrypts the URL before redirect it. The name of the redirected file is c_urlredirect.asp. With the parameter of this page Z-Blog kann redirect to various pages. Sorrowfully the used encryption is very simple. One just need to put the odd characters together. With this methode blackhat SEO manipulates redirects from other Z-Blog websites to call its own website. Thus even if the original address is listed on the blacklist by Wikipedia, the manipulated redirect would still work and be used as spam.

        The solution for this problem is not easy. The most simple way is to delete c_urlredirect.asp. But this method would also prevent the blogger himself make redirects.

Source . thanks for Wing translation


Foxalt工作室 T4主题

评论列表 当前共有4条评论

  • 贝贝博客回复
    发布于2010-05-05 15:22:27
  • 把汉字转成拼音还要花时间的!