Security News How porn bots abuse government websites

[LASER_oneXM]

Content source

https://nakedsecurity.sophos.com/2018/04/20/how-porn-bots-abuse-government-websites/

Bots run by shady websites are abusing the redirection functionality found in some US government websites to create thousands of phantom “pages” linking to unsavoury content.
Gizmodo reported on Tuesday that it had discovered the flaw on the Justice Department’s AmberAlert.gov website, an emergency broadcast system for sending alerts about suspected child abductions.

A website run by the US Justice Department and used to gather information about missing and abducted children is redirecting visitors to porn sites with names such as “schoolgirl porn” …​

Naked Security can confirm that the flaw also exists on a plethora of other government websites too, including: a website operated by the US Congress, websites used to access important federal services and local government sites at the state and county level.

The government websites being abused in this way haven’t been hacked. No pages have been created – it’s just that the way the government sites handle page redirects makes it possible for an attacker to fool Google into thinking they have. They likely do this in the hope it will improve their chances of being found in a Google search – either because there are multiple URLs for one page, or because it improves the attacker’s PageRank.