Posted by Marnok.com on 01/22/08 09:02

"Anze" <anzenews@volja.net> wrote in message
news:S82lj.5492$HS3.229926@news.siol.net...
>> link:http://www.nedkellypub.it/concerti/dati/olukev/orawo/Now I can't see
>> how this benefits them, am I missing something? Have I created some
>> possible way to hackers to achieve something? Is the displayed code just
>> a
>> cover for some actual php going on behind the scenes?
>
> You are helping them to hide where the visitor came from.
>
> My guess: at the moment someone is just testing to see if you are alert -
> later on, if you do nothing, the real traffic will start to come. For
> instance, your site could be used to hide the referer when doing black hat
> affiliate marketing. Since the redirect comes from your page and not from
> theirs nobody can track them without contacting you.
>
> I wouldn't provide them with the service - as always, check the input and
> only allow valid values. In your case this should do the trick:
> header("Location: http://www.mydomain.com".
> preg_replace('/[^a-z0-9_-.]/i','',$_GET['page']));
>
> (not tested, just wrote it - you get the idea)
>
> Best,
>
> Anze

Yes thanks, I'll make sure I rip out any possible nastiness!

[Back to original message]