Open redirects persist on government sites

Open redirects persist on government sites

Spammers are taking advantage of misconfigured dot-gov domains and link shorteners to redirect visitors to other sites.

When sites use open redirects – web apps that allow a user to specify a link and then send a user on to an external site -- a spammer can insert any URL and send the user to a malicious site, simplifying phishing attacks.

According to a recent Krebs on Security blog, some government sites are using open redirects. South Dakota’s site, Krebs said, uses this open redirect -- -- which allows spammers to send the visitor from the government site on to any other webpage.

If these open redirect URLs originating from .gov or .mil sites then get truncated by the link shortening service, the service the government uses to automatically create a URL, it can further hide the redirection. That means a government site with open redirect could be shortened to look something like this

Krebs said the open redirect vulnerability is widely acknowledged and that Symantec reported that about 15 percent of all URLs during a week in October 2012 were used to promote spam messages.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected