By Nick Johnston
Domain parking, the act of registering an Internet domain name without placing any content on the website, is a common practice for a business website in the pre-launch stage.
These landing pages are familiar to us all, often reading “Coming Soon” or “Under Construction.” However, domain parking can also be used for less than noble reasons.
Cyber squatting, registering a domain and reselling it to a company who owns a trademark within the name, and monetized domain parking, where advertisements are displayed for revenue, are also prevalent.
MessageLabs Intelligence recently noticed a large domain parking service being abused by spammers on a massive scale. Domains hosted on the service contained an open redirect script, a common vulnerability, that spammers were taking advantage of to push visitors to “get rich quick” sites like the one below.
The fact that a very large domain parking operator had an open redirect script on each of its parked domains is a good reminder to businesses to protect their own domains and ensure they do not have any open redirecting scripts. Such scripts will inevitably be abused by spammers to redirect to spam sites, and possibly also malware and phishing attacks. If such abuse is not dealt with quickly, affected domains could well be added to anti-spam block lists, causing business disruption. The reason for being added to block lists in these cases might not be immediately obvious.
To help prevent this type of abuse, MessageLabs Intelligence recommends that redirecting scripts check the HTTP “Referer” header before redirecting. Cryptographic hashing (where the URL contains an additional signature parameter based on the redirect URL and a secret or other value) can also be useful, as can restricting the set of sites to which users can be redirected. Relying on secrecy or trying to hide the redirect script is a bad idea—spammers will often discover it anyway and abuse it.
Nick Johnston, is a senior software engineer for Symantec.cloud
