Let’s talk about one of the lesser known dangers of running a website with an open redirect, shall we?
Apparently, the folks over at the National Weather Service have an open redirect that the Search Engine Optimization (SEO) scammers have latched onto. Either that, or the fine folks at the NWS have areas of interest that go way beyond cloud formations, humidity, and precipitation.
This Google search finds all sorts of interesting stuff that the NWS is SEO boosting…
Owner, Principal Consultant
Bad Wolf Security, LLC
Senior Technical Engineer
May 10, 2016
UPDATED: I’ve found a few more .gov sites with redirects that are being used by SEO scammers:
- Here is one for www.weather.gov (which appears to just be the same NWS site as above)
- Here is another one that continues the “weather” theme - aviationweather.gov
- Here is one for the National Highway Transportation Safety Administration
- Here is one for The Commodity Futures Trading Commission
- Here is one for the town of Cedar Park, TX
- Here is one for the town of Knightdale, NC
- Here is one for the town of Costa Mesa, CA
(Is there some crappy template for “city” websites somewhere?)