Google recently wrote in one of its official blogs that it is possible for spammers to take advantage of your website without ever setting a virtual foot in your server. Spammers can do this by abusing open redirects.
What are open redirects?
Many websites use links that redirect their website visitors to another page. Some redirects are left open to any arbitrary destination. These redirects can be abused by spammers to trick web surfers and search engines into following links that seem to be pointing to your website although they redirect to a spammy website.
That means that people who think that they visit your website will be redirected to highly questionable web pages that might contain adult content, viruses, malware or phishing attempts.
Which redirects on your website could be abused?
Spammers are very inventive. According to Google, they have managed to use the redirect spam on a wide range of websites, including the websites of large well-known companies and the websites of small local government agencies.
For example, the following redirection types can be abused:
1. Scripts that redirect users to a file on the server can be abused by spammers. The links on your website could look like this:
http://www.example.com/download.php?url=http://www…
http:///www.example.com/get/pdf/?http://www…