Your Fly Is Open

Netmenaces and other Internet Stupidity

Partly Cloudy With a Chance of a Colon Cleanse

Let’s talk about one of the lesser known dangers of running a website with an open redirect, shall we?

Apparently, the folks over at the National Weather Service have an open redirect that the Search Engine Optimization (SEO) scammers have latched onto. Either that, or the fine folks at the NWS have areas of interest that go way beyond cloud formations, humidity, and precipitation.

This Google search finds all sorts of interesting stuff that the NWS is SEO boosting…

-TL
Tom Liston
Consultant - Cyber Network Defense
DarkMatter, LLC
Twitter: @tliston
May 10, 2016

UPDATED: I’ve found a few more .gov sites with redirects that are being used by SEO scammers:

Here is one for www.weather.gov (which appears to just be the same NWS site as above)
Here is another one that continues the “weather” theme - aviationweather.gov
Here is one for the National Highway Transportation Safety Administration
Here is one for The Commodity Futures Trading Commission
Here is one for the town of Cedar Park, TX
Here is one for the town of Knightdale, NC
Here is one for the town of Costa Mesa, CA
(Is there some crappy template for “city” websites somewhere?)